本文關(guān)鍵詞：基于4A管控平臺(tái)的金庫(kù)管理系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)　出處：《北京交通大學(xué)》2017年碩士論文　論文類(lèi)型：學(xué)位論文

  更多相關(guān)文章： 4A管控平臺(tái) 金庫(kù)管理 應(yīng)用場(chǎng)景 觸發(fā)模式 授權(quán)模式

【摘要】：隨著企業(yè)級(jí)支撐系統(tǒng)的迅速發(fā)展,各種支撐應(yīng)用和用戶(hù)數(shù)量的不斷增加,網(wǎng)絡(luò)規(guī)模迅速擴(kuò)大,信息安全問(wèn)題愈見(jiàn)突出,對(duì)系統(tǒng)之間的整合也提出了更高的要求。4A管控平臺(tái)將賬號(hào)(Account)管理、認(rèn)證(Authentication)管理、授權(quán)(Authorization)管理和安全審計(jì)(Audit)進(jìn)行集中整合,為企業(yè)提供集中安全服務(wù),提升了業(yè)務(wù)支撐系統(tǒng)的安全性和可管理能力。但是4A管控平臺(tái)缺乏對(duì)內(nèi)部人員事中行為的有效監(jiān)管,存在內(nèi)部人員高權(quán)限賬號(hào)被濫用的風(fēng)險(xiǎn)。為了彌補(bǔ)4A管控平臺(tái)在這一環(huán)節(jié)的缺失,金庫(kù)管理系統(tǒng)借鑒銀行金庫(kù)管理中開(kāi)關(guān)庫(kù)房必須由兩名管庫(kù)員在場(chǎng)共同進(jìn)行的方式,以多人制衡的手段實(shí)現(xiàn)了對(duì)高權(quán)限賬號(hào)的使用進(jìn)行監(jiān)督和控制。在具體實(shí)現(xiàn)上,本系統(tǒng)充分利用4A管控平臺(tái)已有的對(duì)賬號(hào)及設(shè)備的集中管理,采用SSH框架技術(shù),結(jié)合LDAP及PostgreSQL數(shù)據(jù)庫(kù)完成了系統(tǒng)的實(shí)現(xiàn)。通過(guò)對(duì)B公司業(yè)務(wù)流程的調(diào)查和分析,金庫(kù)管理系統(tǒng)按照"基于賬號(hào)登錄"和"基于特定操作"兩種觸發(fā)模式合理地設(shè)計(jì)了五種應(yīng)用場(chǎng)景,并通過(guò)場(chǎng)景的"觸發(fā)—申請(qǐng)—授權(quán)"來(lái)管理內(nèi)部人員的行為。為此,系統(tǒng)前臺(tái)部分設(shè)計(jì)了場(chǎng)景觸發(fā)模塊和授權(quán)審批模塊。其中場(chǎng)景觸發(fā)模塊用來(lái)實(shí)現(xiàn)場(chǎng)景的自動(dòng)觸發(fā)。即當(dāng)操作人員的行為符合某項(xiàng)場(chǎng)景觸發(fā)條件時(shí),該場(chǎng)景就會(huì)被自動(dòng)觸發(fā)從而限制操作人員的行為,直到其取得相應(yīng)授權(quán)為止。授權(quán)審批模塊則實(shí)現(xiàn)了每個(gè)場(chǎng)景對(duì)多種授權(quán)模式的支持。這使得內(nèi)部人員的行為在得到監(jiān)管的同時(shí)減少對(duì)其正常工作效率產(chǎn)生的影響。同時(shí),為了方便地管理場(chǎng)景以適應(yīng)不斷變化的業(yè)務(wù),后臺(tái)設(shè)計(jì)了場(chǎng)景管理模塊、敏感數(shù)據(jù)管理模塊和策略管理模塊,以實(shí)現(xiàn)場(chǎng)景的快速搭建和修改。其中敏感數(shù)據(jù)管理模塊和策略管理模塊是為了支撐場(chǎng)景管理模塊而設(shè)計(jì)。在系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)過(guò)程中,作者參與了所有的過(guò)程,并完成了系統(tǒng)概要設(shè)計(jì)、關(guān)系型數(shù)據(jù)庫(kù)設(shè)計(jì)、五個(gè)功能模塊的詳細(xì)設(shè)計(jì)及實(shí)現(xiàn),以及系統(tǒng)測(cè)試等工作。系統(tǒng)上線(xiàn)后,各個(gè)功能模塊運(yùn)行正常,性能表現(xiàn)穩(wěn)定,基本上滿(mǎn)足了相關(guān)要求。隨著金庫(kù)系統(tǒng)應(yīng)用的不斷深入,敏感數(shù)據(jù)查詢(xún)量顯著下降,有效遏制了權(quán)限濫用的情況,降低了客戶(hù)敏感信息泄露的風(fēng)險(xiǎn)。
[Abstract]:With the rapid development of enterprise support system, the number of supporting applications and users is increasing, and the scale of network is expanding rapidly. The information security problem is more and more prominent, and the integration between systems is also put forward higher request. 4A management platform integrates centralized account management (Account) management, authentication (Authentication) management, authorization (Authorization) management and security audit (Audit) to provide centralized safety services for enterprises, and improves the security and management capabilities of business support systems. However, the 4A management control platform lacks the effective supervision of the behavior in the internal personnel, and the risk of the abuse of the high authority accounts of the internal personnel. In order to make up for the lack of 4A management and control platform in this link, the vault management system must learn from the way of two banks' Librarians in the joint management of bank vault management, and supervise and control the use of high authorized accounts by means of multiple checks and balances. On the specific implementation, the system makes full use of the centralized management of account and equipment existing in 4A management and control platform, and implements the system implementation with SSH framework technology combined with LDAP and PostgreSQL database. Based on the investigation and analysis of B business process, the gold warehouse management system designed five application scenarios reasonably according to the two triggering modes based on "account login" and "specific operation", and managed the behavior of the insiders through the trigger, application and authorization of the scene. For this reason, the front desk of the system has designed the scene trigger module and the authorization examination and approval module. The scene triggering module is used to automatically trigger the scene. That is, when the operator's behavior accords with the triggering condition of a scenario, the scene will be triggered automatically, so that the operator's behavior can be limited until the corresponding authorization is obtained. The authorization approval module implements the support of each scenario for a variety of authorization patterns. This allows insider behavior to be regulated while reducing the impact on its normal work efficiency. At the same time, in order to manage scenes conveniently to adapt to changing business, we design scene management module, sensitive data management module and policy management module to achieve rapid building and modification of scenes. The sensitive data management module and the policy management module are designed to support the scene management module. During the design and implementation of the system, the author took part in all the processes, and completed the system outline design, relational database design, detailed design and implementation of the five functional modules, and system testing. After the system is on-line, the function modules run normally, the performance is stable, and the related requirements are basically met. With the deepening of the application of the treasury system, the querying quantity of sensitive data has significantly decreased, which effectively curbed the abuse of authority and reduced the risk of sensitive information leakage.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP311.52

【相似文獻(xiàn)】

相關(guān)期刊論文 前4條

1 季宇婷;陳啟軍;;風(fēng)洞控制系統(tǒng)數(shù)據(jù)管理模塊的設(shè)計(jì)與實(shí)現(xiàn)[J];電氣自動(dòng)化;2008年01期

2 張權(quán)范;;UML在中小型企業(yè)產(chǎn)品技術(shù)數(shù)據(jù)管理模塊開(kāi)發(fā)中的應(yīng)用——以株洲電力機(jī)車(chē)廠電器有限公司為例[J];中國(guó)管理信息化;2008年15期

3 錢(qián)憶平,盧達(dá),陳金星;基于VB和ACESS的提花機(jī)用電磁閥電磁參數(shù)測(cè)試系統(tǒng)數(shù)據(jù)管理模塊的設(shè)計(jì)[J];常熟高專(zhuān)學(xué)報(bào);2003年06期

4 田杰;胡秋霞;楊龍;;基于DRIS的養(yǎng)分診斷程序的實(shí)現(xiàn)[J];電腦知識(shí)與技術(shù)(學(xué)術(shù)交流);2007年20期

相關(guān)會(huì)議論文 前1條

1 洪明;張亞君;;便攜式心電檢測(cè)儀的設(shè)計(jì)與開(kāi)發(fā)[A];2007'儀表，自動(dòng)化及先進(jìn)集成技術(shù)大會(huì)論文集（一）[C];2007年

相關(guān)重要報(bào)紙文章 前1條

1 劉書(shū)香;首都師范大學(xué) 以評(píng)促建 以建助學(xué)[N];中國(guó)計(jì)算機(jī)報(bào);2004年

相關(guān)碩士學(xué)位論文 前7條

1 蘇東;分布式結(jié)構(gòu)化存儲(chǔ)系統(tǒng)元數(shù)據(jù)管理模塊設(shè)計(jì)與實(shí)現(xiàn)[D];電子科技大學(xué);2014年

2 朱穎;泰州市新型云便捷城管系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];電子科技大學(xué);2014年

3 郭敏;基于4A管控平臺(tái)的金庫(kù)管理系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];北京交通大學(xué);2017年

4 陳[，

本文編號(hào)：1339809