本文關鍵詞：基于4A管控平臺的金庫管理系統(tǒng)的設計與實現　出處：《北京交通大學》2017年碩士論文　論文類型：學位論文

  更多相關文章： 4A管控平臺 金庫管理 應用場景 觸發(fā)模式 授權模式

【摘要】：隨著企業(yè)級支撐系統(tǒng)的迅速發(fā)展,各種支撐應用和用戶數量的不斷增加,網絡規(guī)模迅速擴大,信息安全問題愈見突出,對系統(tǒng)之間的整合也提出了更高的要求。4A管控平臺將賬號(Account)管理、認證(Authentication)管理、授權(Authorization)管理和安全審計(Audit)進行集中整合,為企業(yè)提供集中安全服務,提升了業(yè)務支撐系統(tǒng)的安全性和可管理能力。但是4A管控平臺缺乏對內部人員事中行為的有效監(jiān)管,存在內部人員高權限賬號被濫用的風險。為了彌補4A管控平臺在這一環(huán)節(jié)的缺失,金庫管理系統(tǒng)借鑒銀行金庫管理中開關庫房必須由兩名管庫員在場共同進行的方式,以多人制衡的手段實現了對高權限賬號的使用進行監(jiān)督和控制。在具體實現上,本系統(tǒng)充分利用4A管控平臺已有的對賬號及設備的集中管理,采用SSH框架技術,結合LDAP及PostgreSQL數據庫完成了系統(tǒng)的實現。通過對B公司業(yè)務流程的調查和分析,金庫管理系統(tǒng)按照"基于賬號登錄"和"基于特定操作"兩種觸發(fā)模式合理地設計了五種應用場景,并通過場景的"觸發(fā)—申請—授權"來管理內部人員的行為。為此,系統(tǒng)前臺部分設計了場景觸發(fā)模塊和授權審批模塊。其中場景觸發(fā)模塊用來實現場景的自動觸發(fā)。即當操作人員的行為符合某項場景觸發(fā)條件時,該場景就會被自動觸發(fā)從而限制操作人員的行為,直到其取得相應授權為止。授權審批模塊則實現了每個場景對多種授權模式的支持。這使得內部人員的行為在得到監(jiān)管的同時減少對其正常工作效率產生的影響。同時,為了方便地管理場景以適應不斷變化的業(yè)務,后臺設計了場景管理模塊、敏感數據管理模塊和策略管理模塊,以實現場景的快速搭建和修改。其中敏感數據管理模塊和策略管理模塊是為了支撐場景管理模塊而設計。在系統(tǒng)的設計與實現過程中,作者參與了所有的過程,并完成了系統(tǒng)概要設計、關系型數據庫設計、五個功能模塊的詳細設計及實現,以及系統(tǒng)測試等工作。系統(tǒng)上線后,各個功能模塊運行正常,性能表現穩(wěn)定,基本上滿足了相關要求。隨著金庫系統(tǒng)應用的不斷深入,敏感數據查詢量顯著下降,有效遏制了權限濫用的情況,降低了客戶敏感信息泄露的風險。
[Abstract]:With the rapid development of enterprise support system, the number of supporting applications and users is increasing, and the scale of network is expanding rapidly. The information security problem is more and more prominent, and the integration between systems is also put forward higher request. 4A management platform integrates centralized account management (Account) management, authentication (Authentication) management, authorization (Authorization) management and security audit (Audit) to provide centralized safety services for enterprises, and improves the security and management capabilities of business support systems. However, the 4A management control platform lacks the effective supervision of the behavior in the internal personnel, and the risk of the abuse of the high authority accounts of the internal personnel. In order to make up for the lack of 4A management and control platform in this link, the vault management system must learn from the way of two banks' Librarians in the joint management of bank vault management, and supervise and control the use of high authorized accounts by means of multiple checks and balances. On the specific implementation, the system makes full use of the centralized management of account and equipment existing in 4A management and control platform, and implements the system implementation with SSH framework technology combined with LDAP and PostgreSQL database. Based on the investigation and analysis of B business process, the gold warehouse management system designed five application scenarios reasonably according to the two triggering modes based on "account login" and "specific operation", and managed the behavior of the insiders through the trigger, application and authorization of the scene. For this reason, the front desk of the system has designed the scene trigger module and the authorization examination and approval module. The scene triggering module is used to automatically trigger the scene. That is, when the operator's behavior accords with the triggering condition of a scenario, the scene will be triggered automatically, so that the operator's behavior can be limited until the corresponding authorization is obtained. The authorization approval module implements the support of each scenario for a variety of authorization patterns. This allows insider behavior to be regulated while reducing the impact on its normal work efficiency. At the same time, in order to manage scenes conveniently to adapt to changing business, we design scene management module, sensitive data management module and policy management module to achieve rapid building and modification of scenes. The sensitive data management module and the policy management module are designed to support the scene management module. During the design and implementation of the system, the author took part in all the processes, and completed the system outline design, relational database design, detailed design and implementation of the five functional modules, and system testing. After the system is on-line, the function modules run normally, the performance is stable, and the related requirements are basically met. With the deepening of the application of the treasury system, the querying quantity of sensitive data has significantly decreased, which effectively curbed the abuse of authority and reduced the risk of sensitive information leakage.
【學位授予單位】：北京交通大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP311.52

【相似文獻】

相關期刊論文 前4條

1 季宇婷;陳啟軍;;風洞控制系統(tǒng)數據管理模塊的設計與實現[J];電氣自動化;2008年01期

2 張權范;;UML在中小型企業(yè)產品技術數據管理模塊開發(fā)中的應用——以株洲電力機車廠電器有限公司為例[J];中國管理信息化;2008年15期

3 錢憶平,盧達,陳金星;基于VB和ACESS的提花機用電磁閥電磁參數測試系統(tǒng)數據管理模塊的設計[J];常熟高專學報;2003年06期

4 田杰;胡秋霞;楊龍;;基于DRIS的養(yǎng)分診斷程序的實現[J];電腦知識與技術(學術交流);2007年20期

相關會議論文 前1條

1 洪明;張亞君;;便攜式心電檢測儀的設計與開發(fā)[A];2007'儀表，自動化及先進集成技術大會論文集（一）[C];2007年

相關重要報紙文章 前1條

1 劉書香;首都師范大學 以評促建 以建助學[N];中國計算機報;2004年

相關碩士學位論文 前7條

1 蘇東;分布式結構化存儲系統(tǒng)元數據管理模塊設計與實現[D];電子科技大學;2014年

2 朱穎;泰州市新型云便捷城管系統(tǒng)的設計與實現[D];電子科技大學;2014年

3 郭敏;基于4A管控平臺的金庫管理系統(tǒng)的設計與實現[D];北京交通大學;2017年

4 陳[，

本文編號：1339809