摘要
电子军务信息系统虽然运行于相对安全的军队内联网中,但仍面临多种不安全因素。针对其中破坏认证、破坏访问控制两种主要的威胁,提出结合部队编制、人员职务、角色分工和业务工作流,以任务为中心进行认证与访问控制,从而保护业务系统操作和数据安全的思想。利用公开密钥基础设施(PKI)和轻量级目录访问协议(LADP)设施实现了基于数字证书的统一认证以及任务与角色结合的T-RBAC访问控制组件。在司政后多种业务系统中的实际应用结果显示,该安全组件能够对用户访问和操作权限进行严格、规范和灵活地控制,有效保证系统、工作流和数据的安全。
Although running on a relatively safe environment of military Intranet, electronic military systems still face various security threats. To relieve two main typical security threats, i.e., broken authentication and broken access control, this paper proposes an idea of conducting task - centered authentication and access control to ensure operation and data safety in mission- critical systems by combining department organization order, army man's position, duty and role with workflow management. An authorization component based on PKI(Public Key Infrastructure) and LDAP(Lightweight Directory Access Protocol) and an access control component based on T - RBAC(Task- Role Based Access Control) are designed. The implemented security components are embedded in practical military, political and logistics applications, and results show they can effectively guarantee the security and reliability of the system, worldlow and business data.
出处
《电讯技术》
北大核心
2012年第5期790-795,共6页
Telecommunication Engineering
基金
武警工程大学基础研究基金资助项目(WJY-201107)~~
