论文标题:信息系统纵深防护关键技术研究
The Research of DOA Estimation Algorithm in CDMA Mobile Communication Systems
论文作者 徐志大
论文导师 南相浩,论文学位 博士,论文专业 密码学
论文单位 中国人民解放军信息工程大学,点击次数 745,论文页数 98页File Size4703k
2003-01-10论文网 http://www.lw23.com/lunwen_7229492/ 信息安全;信任逻辑;PKI;CA;目录服务;VPN;模型
Information security,logic of trust,PKI,CA,directory services,VPN,model
网络信息安全技术经过近十年的发展,在广度和深度上有了很大的进步,其中一个重要的研究趋势就是注重攻、防结合,追求动态安全。反映在信息安全技术的研究上,形成两个完全不同的角度和方向。一个角度是从正面防御方面考虑,研究加密、鉴别和抗抵赖等;另一个角度是从反面攻击的方面考虑,研究漏洞扫描评估、入侵检测、紧急响应、防病毒等。但是,信息安全技术与应用的实践证明:要保证信息系统的安全,必须综合集成两方面的技术,建立多层次、全方位的动态安全体系。 本文引用NSA的信息保障技术框架IATF(Information Assurance Technical Framework),从互联网及信息安全的角度定义信息系统的组成要素,把信息系统的安全保障技术分成四个部分:本地计算环境、区域边界、网络和基础设施、支撑基础设施,引出纵深防御的思想,清晰地界定和论述各种安全技术。 对于支撑基础设施中的PKI,详述其理论基础、信任逻辑、研究进展、体系结构的发展过程、各部分的实现方式与开发技术,设计各构件之间的安全通信协议,并进行逻辑上的安全证明。 结合PKI安全客户端的实现,剖析Windows系统的层次化加密机制及加密流程,指出Windows系统加密模块的加载、鉴别方法,给出鉴别公钥块的数据结构、加密算法与加密密钥。 针对数据传输安全,论述目前在安全市场上需求极大的VPN技术,从实现角度比较占主导地位的几种协议,介绍基于IPSec的VPN密码机实现模型。 概述用于本地计算环境安全的Bell-La Padula模型,研究保密计算机系统的高层抽象模型,证明保密系统应满足的条件,给出符合Bell-La Padula模型的形式化操作规则与保密性证明。
For the last ten years, network information security technology had made great progress in the scope and depth. An important research trend is to emphasize the integration of attack and protection, pursue dynamic security. In the information security technology research, two different points of view and directions have come into being. One is to consider the information security from the point of view of positive protection, research encryption, authentication and non-repudiation. Another is to consider the information security from the point of view of negative attack, research vulnerabilities scanning, IDS, urgent response and anti-virus. However, the pratices of information security technology and applications have proved that two sorts of technology should be integrated, multi-level and dynamic security architecture should be established to assure the security of information system. From the point of view of Internet and information security, the important elements of an information system are defined in the paper. The information assurance technology aspects of information systems are partitioned into four areas: local computing environments, enclave boundaries (around the local computing environments), networks and infrastructures, supporting infrastructures. Then, a defense-in-depth strategy is introduced, all sorts of security technology are clearly defined and discussed.For the PKI in supporting infrastructures, the theory basis, logic of trust, research envolvement, the developping of architecture, implementing methods and developing technology of elements are described in detail. Security communication protocols between elements are designed and proved.Togetcher with the implementation of PKI security clients, the encryption schema and encryption flow of Windows are analysed. The uploading and authenticaton methods of Windows CSP are pointed out. The public key structure, encryption algorithms and key are supplied..For the data transportation security, VPN technology which is very popular in the market is discussed. Several primary protocols are compared with one another from the point of view of implementation. And also, the implementing model of IPSec_based VPN enciphers is introduced. Finally, the paper introduces the Bell-La Padula model, researches the high_levelabstract model for security computer systems and proves the conditions whichsecurity computer systems should meet. The formal operating rules which accord withthe Bell-La Padula model and security proof of these rules are given.
|
