基于电子商务平台的安全研究及防火墙系统的设计
摘要
电子商务是互连网应用发展中的一个重要领域,也是国际金融贸易中越来越重要的经营模式。电子商务的核心问题是安全问题。
本文首先对电子商务中的安全问题及其安全策略进行了分析,并在此基础上总结出了电子商务数据安全模型。该模型从系统的角度对电子商务中的安全措施进行了有机的结合,使各项安全措施之间发挥最佳互补作用,从而有效地提高了电子商务系统的整体安全性。
防火墙技术是解决电子商务安全问题的关键技术,本文对防火墙技术进行了深入的研究,提出了防火墙技术参考模型。根据该模型,本文设计了一个防火墙原型系统,该系统提供了一个适合用户安全策略的网络安全访问机制,它由以下三个部分组成:包过滤路由器,用来提供网络层一级的安全访问机制;代理服务器,用来提供应用层一级的访问控制机制;认证服务器,用来提供用户身份认证。其中,本文将智能机制与包过滤机制相结合,通过推理机和知识库对包过滤规则进行智能化控制,实现了智能型包过滤路由器;在代理服务器部分,本文引入Petri网模型对FTP代理服务器功能进行形式化描述并给出其具体设计方案;最后,本文将一次性口令系统运用于认证服务器,并对其进行了详细的设计。
Electronic commerce is a famous application on the network today. It becomes more and more important in the international trading. Security is the key problem in the electronic commerce.
hi this paper, we firstly analyze some security problems and the security methods in electronic commerce, and then we present a secure data model in electronic commerce. In this model we made the security measure combined organically. Consequently the whole security in electronic commerce system can be improved.
The firewall technology is a key technology to solve the security problems in electronic commerce. In this paper, we give a deeply study in the firewall technology and present a reference model of firewall technology based on witch; we develop a firewall prototype system. The system makes a network security access mechanism suitable for user's security policy, including three parts: package filtering router: offering security access control in network layer; proxy server: used for security access on application layer; authentication server: used for authentication of user's identity. In this system the packet filtering rules are controlled intelligently by combining the intelligent mechanism with the package filtering mechanism; to the proxy server, we develop a FTP proxy server decrypting witch with petri net model; lastly, OTP authentication are applied in authentication server.
本文首先对电子商务中的安全问题及其安全策略进行了分析,并在此基础上总结出了电子商务数据安全模型。该模型从系统的角度对电子商务中的安全措施进行了有机的结合,使各项安全措施之间发挥最佳互补作用,从而有效地提高了电子商务系统的整体安全性。
防火墙技术是解决电子商务安全问题的关键技术,本文对防火墙技术进行了深入的研究,提出了防火墙技术参考模型。根据该模型,本文设计了一个防火墙原型系统,该系统提供了一个适合用户安全策略的网络安全访问机制,它由以下三个部分组成:包过滤路由器,用来提供网络层一级的安全访问机制;代理服务器,用来提供应用层一级的访问控制机制;认证服务器,用来提供用户身份认证。其中,本文将智能机制与包过滤机制相结合,通过推理机和知识库对包过滤规则进行智能化控制,实现了智能型包过滤路由器;在代理服务器部分,本文引入Petri网模型对FTP代理服务器功能进行形式化描述并给出其具体设计方案;最后,本文将一次性口令系统运用于认证服务器,并对其进行了详细的设计。
Electronic commerce is a famous application on the network today. It becomes more and more important in the international trading. Security is the key problem in the electronic commerce.
hi this paper, we firstly analyze some security problems and the security methods in electronic commerce, and then we present a secure data model in electronic commerce. In this model we made the security measure combined organically. Consequently the whole security in electronic commerce system can be improved.
The firewall technology is a key technology to solve the security problems in electronic commerce. In this paper, we give a deeply study in the firewall technology and present a reference model of firewall technology based on witch; we develop a firewall prototype system. The system makes a network security access mechanism suitable for user's security policy, including three parts: package filtering router: offering security access control in network layer; proxy server: used for security access on application layer; authentication server: used for authentication of user's identity. In this system the packet filtering rules are controlled intelligently by combining the intelligent mechanism with the package filtering mechanism; to the proxy server, we develop a FTP proxy server decrypting witch with petri net model; lastly, OTP authentication are applied in authentication server.
引文
[1]钟伟春,郑燕华等编著.电子商务安全与社会环境[M]上海:上海财经大学出版社,2000.
[2]周景学主编.商务网站安全与控制[M].北京:中国商业出版社,2001.
[3]赵立平.电子商务概论[M].上海:复旦大学出版社,2001.
[4]杨千里,王育民等编著.电子商务技术实务[M]北京:电子工业出版社,2001.
[5]唐礼勇,陈钟.电子商务技术及其安全问题[J].计算机工程与应用,No.7,2000:18~22.
[6]赵莉,李可用.电子商务的安全协议SSL和SET协汰[J].辽宁工学院学报,No.5,2001:33~35.
[7]李书校.计算机网络通信安全的研究[J].无线电通信技术,No.5,1995:12~17.
[8]Robin.L.Sherman.Distibuted Systems Securiy[J].Computers&Security,No.11,1992:24~28.
[9]方文.第四代防火墙新技术[J].计算机周刊,No.10,2001:21.
[10]林丹明.电子商务的发展、应用和影响[J]汕头大学学报,No.2,1997:1~7.
[11]林枫.电子商务安全技术及应用[M].北京:北京航空航天大学出版社,2001.
[12]卿斯汉著.密码学与计算机网络安全[M].北京:清华大学出版社,广西科学技术出版社,2001.
[13]杨义先等编著.网络信息安全与保密[M]北京:北京邮电出版社,1999.
[14]Martin W.Murhammer,etal.著.孔雷,刘云新译.虚拟私用网络技术[M].北京:清华大学出版社,2000.
[15]陈如刚,杨小虎编著.电子商务安全协议[M].杭州:浙江大学出版社,2000.
[16]罗军舟.电子商务安全技术及防火墙系统开发[J].中国金融电脑,No.1,2000:5~14.
[17]李朔京.SSL原理利应用[J].微型机与应用,No.11,2000:34~36.
[18]余伟建,严忠军等编著.防守反击——黑客攻击手段分析与防范[M].北京:人民邮电出版社,2001.
[19]杨槟.网络安全与防火墙[J].计算机系统应用,No.3,1997:18~19.
[20]Chris Hare,Karanjit Siyan.刘成勇等译.Internet防火墙与网络安全[M].北京:工业出版社,1998.
[21]D.Brent Chapman,Elizabeth D.Zwicky 著.舒若平等译.构筑因特网防火墙[M].北京:电子工业出版社,1998.
[22]续敏,方洁.防火墙技术与Internet网络安全[J].计算机应用,No.5,1997:63~65.
[23]D.Brent Chapman. Network Security Through IP Packet Filtering[A]. In Procedings of the 3rd USENIX UNIX Security Symposium. Baltimore,Maryland. September 1992.
[24]William R.Cheswick. The Design of Secure Internet Gateway[A]. In Procedings of the 3rd USENIX UNIX Security Symposium. Baltimore,Maryland. September 1992,
[25]王锐,周刚等译.网络最高安全技术指南[M].北京:机械工业出版社,1998.
[26]李海泉.计算机网络防火墙的体系结构[J].微型机与应用,No.1,2000:4~8.
[27]Ann in Liebl.Authertication in Distributed System: A Bibliography[J]. ACM Operating Systems Review, pages 31~34, February 1989.
[28]Thomas Y.C. Woo and Simon S.LAM. Authorization in Distributed Systems: A New Approach[J]. Journal of Computer Security. 1995.
[29]Farrow, R. How to Pick a Firewall with the Right Stuff[J]. Computer security journal. 1996.
[30]Banes,D. Security and the Enterprise Network[J]. International journal of network management. 1995.
[31]Teresa F. Lunt. Access Control Polocies: Some Unanswered Questions[J]. Computers&Security. pages 43~54, February 1991.
[32]Dawson, J. Build a Firewall[M]. Byte. 1995.
[33]Morfissey, Peter. Fortifying Your Firewall[J]. Network computing. 1997.
[34]王家业,朱森存.包过滤防火墙的安全研究[J].计算机科学,No.8,1999:34.
[35]黄可鸣.专家系统导论[M].南京:东南大学出版社,1988.
[36]邵军力,张景,魏长华编著.人工智能基础[M].北京:电子工业出版社,2000.
[37]蒋立源.编译原理[M].西安:西北工业大学出版社,1996.
[38]龚正虎、季宏涛.FTP协议分析及其客户程序的实现[J].小型微型计算机系统,No.5,1997:26~29.
[39]W,Richard Stevens著.TCP/IPⅢustration[M].北京:机械工业出版社,2001.
[40]王晓春,赵艳标等编著.计算机网络与Internet教程[M].北京:清华大学出版社,1999.
[41]龚正虎.计算机网络协议工程.北京:人民教育出版社,1994.
[42]叶锡君,吴国新等.一次性口令认证技术的分析与改进[J].计算机工程,No.9,2000:27~29.
[43]Hailer N, Metz C, Nesser P, etc. A One-Time Password System. http://rfc.net/rfc2289.html.
[44]Rivest R. The MD5 Message-Digest Algorithm. RFC http://rfc.net/rfc1321.html.
[45]Haller N. The S/KEY One-Time Password System(OTP). http://ffc.net/ffc1760.html.
[46]毕保祥,肖德宝.网络信息交换的OTP认证技术.华中师范大学学报,No.2,2001:154~156.
[47]Schneier B 著,吴世忠等译.应用密码学[M].北京:机械工业出版社,2000.
[48]EL.Bauer著,吴世忠等译.密码编码和密码分析[M].北京:机械工业出版社,2001.
[2]周景学主编.商务网站安全与控制[M].北京:中国商业出版社,2001.
[3]赵立平.电子商务概论[M].上海:复旦大学出版社,2001.
[4]杨千里,王育民等编著.电子商务技术实务[M]北京:电子工业出版社,2001.
[5]唐礼勇,陈钟.电子商务技术及其安全问题[J].计算机工程与应用,No.7,2000:18~22.
[6]赵莉,李可用.电子商务的安全协议SSL和SET协汰[J].辽宁工学院学报,No.5,2001:33~35.
[7]李书校.计算机网络通信安全的研究[J].无线电通信技术,No.5,1995:12~17.
[8]Robin.L.Sherman.Distibuted Systems Securiy[J].Computers&Security,No.11,1992:24~28.
[9]方文.第四代防火墙新技术[J].计算机周刊,No.10,2001:21.
[10]林丹明.电子商务的发展、应用和影响[J]汕头大学学报,No.2,1997:1~7.
[11]林枫.电子商务安全技术及应用[M].北京:北京航空航天大学出版社,2001.
[12]卿斯汉著.密码学与计算机网络安全[M].北京:清华大学出版社,广西科学技术出版社,2001.
[13]杨义先等编著.网络信息安全与保密[M]北京:北京邮电出版社,1999.
[14]Martin W.Murhammer,etal.著.孔雷,刘云新译.虚拟私用网络技术[M].北京:清华大学出版社,2000.
[15]陈如刚,杨小虎编著.电子商务安全协议[M].杭州:浙江大学出版社,2000.
[16]罗军舟.电子商务安全技术及防火墙系统开发[J].中国金融电脑,No.1,2000:5~14.
[17]李朔京.SSL原理利应用[J].微型机与应用,No.11,2000:34~36.
[18]余伟建,严忠军等编著.防守反击——黑客攻击手段分析与防范[M].北京:人民邮电出版社,2001.
[19]杨槟.网络安全与防火墙[J].计算机系统应用,No.3,1997:18~19.
[20]Chris Hare,Karanjit Siyan.刘成勇等译.Internet防火墙与网络安全[M].北京:工业出版社,1998.
[21]D.Brent Chapman,Elizabeth D.Zwicky 著.舒若平等译.构筑因特网防火墙[M].北京:电子工业出版社,1998.
[22]续敏,方洁.防火墙技术与Internet网络安全[J].计算机应用,No.5,1997:63~65.
[23]D.Brent Chapman. Network Security Through IP Packet Filtering[A]. In Procedings of the 3rd USENIX UNIX Security Symposium. Baltimore,Maryland. September 1992.
[24]William R.Cheswick. The Design of Secure Internet Gateway[A]. In Procedings of the 3rd USENIX UNIX Security Symposium. Baltimore,Maryland. September 1992,
[25]王锐,周刚等译.网络最高安全技术指南[M].北京:机械工业出版社,1998.
[26]李海泉.计算机网络防火墙的体系结构[J].微型机与应用,No.1,2000:4~8.
[27]Ann in Liebl.Authertication in Distributed System: A Bibliography[J]. ACM Operating Systems Review, pages 31~34, February 1989.
[28]Thomas Y.C. Woo and Simon S.LAM. Authorization in Distributed Systems: A New Approach[J]. Journal of Computer Security. 1995.
[29]Farrow, R. How to Pick a Firewall with the Right Stuff[J]. Computer security journal. 1996.
[30]Banes,D. Security and the Enterprise Network[J]. International journal of network management. 1995.
[31]Teresa F. Lunt. Access Control Polocies: Some Unanswered Questions[J]. Computers&Security. pages 43~54, February 1991.
[32]Dawson, J. Build a Firewall[M]. Byte. 1995.
[33]Morfissey, Peter. Fortifying Your Firewall[J]. Network computing. 1997.
[34]王家业,朱森存.包过滤防火墙的安全研究[J].计算机科学,No.8,1999:34.
[35]黄可鸣.专家系统导论[M].南京:东南大学出版社,1988.
[36]邵军力,张景,魏长华编著.人工智能基础[M].北京:电子工业出版社,2000.
[37]蒋立源.编译原理[M].西安:西北工业大学出版社,1996.
[38]龚正虎、季宏涛.FTP协议分析及其客户程序的实现[J].小型微型计算机系统,No.5,1997:26~29.
[39]W,Richard Stevens著.TCP/IPⅢustration[M].北京:机械工业出版社,2001.
[40]王晓春,赵艳标等编著.计算机网络与Internet教程[M].北京:清华大学出版社,1999.
[41]龚正虎.计算机网络协议工程.北京:人民教育出版社,1994.
[42]叶锡君,吴国新等.一次性口令认证技术的分析与改进[J].计算机工程,No.9,2000:27~29.
[43]Hailer N, Metz C, Nesser P, etc. A One-Time Password System. http://rfc.net/rfc2289.html.
[44]Rivest R. The MD5 Message-Digest Algorithm. RFC http://rfc.net/rfc1321.html.
[45]Haller N. The S/KEY One-Time Password System(OTP). http://ffc.net/ffc1760.html.
[46]毕保祥,肖德宝.网络信息交换的OTP认证技术.华中师范大学学报,No.2,2001:154~156.
[47]Schneier B 著,吴世忠等译.应用密码学[M].北京:机械工业出版社,2000.
[48]EL.Bauer著,吴世忠等译.密码编码和密码分析[M].北京:机械工业出版社,2001.