摘要
对业务安全的概念进行了深入分析与研究,提出了广义和狭义业务安全的概念。广义业务安全将业务安全系统分为五大层次并定义各层网络安全要素和安全要求,狭义业务安全则聚焦于业务系统应用层的安全,是研究重点,主要包括应用层通用安全漏洞和业务逻辑漏洞两方面,并对这两方面进行定义和深入分析。针对狭义业务安全,首次提出了面向业务系统全生命安全周期的安全架构,该安全架构对业务系统的设计和实现具有很好的指导意义。
The concept of service security was thoroughly analyzed, and the generalized and narrow business security was proposed. The generalized business safety system was divided into five layers, and network security and safety requirements were defined, meanwhile the narrow business security was focused on the security of application layer, which was the concentration of the research. The security of application layer mainly includes two aspects: common vulnerabilities and loopholes in the service logic, which are defined and researched intensively. A security architecture against the security problem of the business-oriented system, and the security architecture taken as a better guideline for the design and implementation of business systems were proposed.
出处
《电信科学》
北大核心
2013年第8期49-55,共7页
Telecommunications Science
关键词
电信系统业务安全
狭义业务安全
安全架构
telecom system business security, narrow business security, security architecture