信息安全评估标准的研究与信息安全系统的设计
|
摘要
信息安全是一门融合现代密码学、计算机网络安全和保密通
信理论的综合交叉性新兴学科。它具有艰深的理论课题和广泛的
应用需求。本文从理论探讨和实际应用两个方面对其进行了研
究。论文第一部分(1-4章)较系统完整地搭建了信息安全的理
论基础框架;本文首先应用Simmons认证理论对信息系统的相
对安全性做了理论推证。通过分析研究信息安全的基本要素,引
入了Parker的信息安全新构架。系统分析了安全模型的基本原
理与方法,推广了面向对象系统安全模型的定义,提出了一种基
于零知识证明的安全模型构想。在较全面地研读了CC标准和
CEM后,从安全评估方法、评估原理、评估保证、评估过程和
评估结论等方面对通用信息安全评估标准做了综合介绍。第二部
分(第5章)从应用层文件加密签名、终端保护和Web加密传
输等方面综合考虑,给出了一个实用的信息安全保密工程的系统
设计方案;其中包括网络文件加密与签名系统NF_E&D、微机
保护与计费系统PC_P&C和Web网页保密系统Web_SPP,每个
都可作为独立的应用安全系统,综合起来可以构成功能较齐全、
安全机制较完善的安全保密工程系统,此外文中还提出了针对最
新数据加密标准AES的高速加密卡设计方案和一种公开公钥的
密钥管理体系建议。
Information
Security is a new integrative intersectional subject inosculate with modem cryptograph, computer network Security and secrecy communicate theory. It has abstruse theoretic topics and widely applied requirement. I study it from two sides: discussing in theoretic and application in factual. Part 1 (Chapter 1 - 4) establishes theoretic basic framework of Information Security in systematically and integrally. I make a demonstration in theory for comparative security of information system with Simmons authentication theory. We introduce new information security framework of Parker through analyzing and studying basic elements. Systematically analyzed basic principle and method of security models, extend the definition of the security model which toward object, give a assumption of security model base on the proof of zero-knowledge. After read CC and CEM roundly, synthetically introduced the Common Criteria for IT security evaluation from the Common Evaluation Methodology, evaluation principle, evaluation assurance, evaluation process and evaluate conclusion. In Part 2 (Chapter
5) I give a design of security information system, which synthetically considered files encryption and digital signature on application layer, terminal protection and web secret transformation, the scheme contains the Net files Encryption and Digital signature system (NP_E&D), Personal Computer Protect and Counter system (PC P&C) and the Web Web Secure Proxy to Proxy system (Web SPP), each of them can used as independence security application system, It also can compose an security secrecy engineering system with more security functions and more security mechanism when use them synthetically. And there give a design of high speed encrypt card for the Advanced Encryption Standard
?AES and a key management system proposal of public public-key system.
信理论的综合交叉性新兴学科。它具有艰深的理论课题和广泛的
应用需求。本文从理论探讨和实际应用两个方面对其进行了研
究。论文第一部分(1-4章)较系统完整地搭建了信息安全的理
论基础框架;本文首先应用Simmons认证理论对信息系统的相
对安全性做了理论推证。通过分析研究信息安全的基本要素,引
入了Parker的信息安全新构架。系统分析了安全模型的基本原
理与方法,推广了面向对象系统安全模型的定义,提出了一种基
于零知识证明的安全模型构想。在较全面地研读了CC标准和
CEM后,从安全评估方法、评估原理、评估保证、评估过程和
评估结论等方面对通用信息安全评估标准做了综合介绍。第二部
分(第5章)从应用层文件加密签名、终端保护和Web加密传
输等方面综合考虑,给出了一个实用的信息安全保密工程的系统
设计方案;其中包括网络文件加密与签名系统NF_E&D、微机
保护与计费系统PC_P&C和Web网页保密系统Web_SPP,每个
都可作为独立的应用安全系统,综合起来可以构成功能较齐全、
安全机制较完善的安全保密工程系统,此外文中还提出了针对最
新数据加密标准AES的高速加密卡设计方案和一种公开公钥的
密钥管理体系建议。
Information
Security is a new integrative intersectional subject inosculate with modem cryptograph, computer network Security and secrecy communicate theory. It has abstruse theoretic topics and widely applied requirement. I study it from two sides: discussing in theoretic and application in factual. Part 1 (Chapter 1 - 4) establishes theoretic basic framework of Information Security in systematically and integrally. I make a demonstration in theory for comparative security of information system with Simmons authentication theory. We introduce new information security framework of Parker through analyzing and studying basic elements. Systematically analyzed basic principle and method of security models, extend the definition of the security model which toward object, give a assumption of security model base on the proof of zero-knowledge. After read CC and CEM roundly, synthetically introduced the Common Criteria for IT security evaluation from the Common Evaluation Methodology, evaluation principle, evaluation assurance, evaluation process and evaluate conclusion. In Part 2 (Chapter
5) I give a design of security information system, which synthetically considered files encryption and digital signature on application layer, terminal protection and web secret transformation, the scheme contains the Net files Encryption and Digital signature system (NP_E&D), Personal Computer Protect and Counter system (PC P&C) and the Web Web Secure Proxy to Proxy system (Web SPP), each of them can used as independence security application system, It also can compose an security secrecy engineering system with more security functions and more security mechanism when use them synthetically. And there give a design of high speed encrypt card for the Advanced Encryption Standard
?AES and a key management system proposal of public public-key system.
引文
[1] J.Simmons ed.[美],Contemporary Cryptology ,The Science of Information Integrity : IEEE Press,New york, 1992
[2] L.J.Hughes, Actually Useful Internet Security Techniques, New Riders, 1995
[3] A Koetsier.The ISI-protocol.v3. 0. 1997, http://www.iscit.surfnet.n1/team/Arjan/homepage/doc7. htm
[4] AES home page: http://www.nist.gov/encryption/aes
[5] Joan Daemen, Vincent Rijnmen, AES Proposal: Rijndael , dated September 3 1999
[6] Joan Daemen, V. Rijnmen, " Answer to ' new observations on Rijndael' ", August 11 , 2000
[7] Brian Gladman, "AES Second Round Implementation Experience", January 30~(th), 2000
[8] Brian Gladman, "The AES Algorithm (Rijndael) in C and C++", October 10~(th), 2000
[9] XILINX Data Book 2000, 《 The Progranmable Logic 》
[10] Michael jenkin and Patrick Dymond,A Plugin-based Privacy Scheme for World-wide Web File Distribution, ,1998 IEEE Proc.31~(st) Annual Hawaii International Conference on System Sciences.
[11] Freier, Karlton, Kocher,.The,SSL,Protocol,Version3. 0. Internet draft draft freier ssl version3-02. txt, 1996.
[12] Simson Web Security & Commerce, Garfinked with Gene Spafford,June 1997.
[15] William Stallings[美]著 Network and Internetwork Security-Principles and Praitice IEEE Press 1995
[16] W.Kou[美]著, Networking Security and Standards , Kluwer 1997
[17] "Proposed Federal information Processing Standard for Digital Signature Standard (DSS)" Federal Register, v.56,n.169,30 Aug 1991,pp.42980-42982
[18] "Proposed Federal information Processing Standard for Secure Hash Standard " Federal Register, v.57,n.21,31 Jan 1992,pp.3747-3749
[19] National Institute of Standards and Technology, NIST FIPS PUB 186, "Digital Signature standards," U.S.Department of Commerce,May 1994
[20] X.Lai and J.Massey, "A Proposal for a New block Encryption Standard," Advnces in Crytology-EUROCRYPT ' 90 Proceeding$,Springer-Verlag,1991,pp.389-404
[21] X.Lai, J.Massey, and S.murphy "Markov Ciphers and Differential Cryptanalysis," Advnces in Crytology-EUROCRYPT'91 Proceedings,Springer-Verlag,1991,pp.17-38
[22] X.Lai, Detailed Description and a software Implementation of the IPES Cipher, unpublished manuscript, 8 NOv 1991
[23] Abdali S.K.,Cherry G.W. and Soiffer N.. A Smalltalk system for algebraic manipulation. In Proc. ACM Conf. On Object-Oriented Programming Systems, Languages,and Applications(OOPSL A),Portland,September( 1986)
[24] Ahad R.et al. Supporting access control in an object-oriented database language. In Proc. 3~(rd) Int. Conf. On Extending Database Technology(EDBT), Yienna,Springer-verlag Lecture Notes in Computer Science, vol.580( 1992) .
[25] Atkinson M. Et al. The object-oriecnted database system manifesto. In Proc. First Int. Conf. Deductive and Object-Oriented Databases, Elsevier Science Publishers(1989)
[26] Banerjee J. Et al. Data model issues for object-oriented applications. ACM Trans. Information Systems,5(1) , April( 1987) .
[27] Barghouti N.S. and Kaiser G.E Concurrency control in advanced database applications.ACM Computer surveys,23(3),September(1991).
[28] Bertino E. Data hiding and security in an object-oriented database system. In Proc. 8th IEEE International Conf. On Data Engineering, Phoenix, Arizona, February(1992a).
[29] Bertino, E. A view mehcanism for object-oriented databases. In Proc. Int. Conf. on Extending Database Technology(EDBT), Vienna, Springer-Verlag Lecture Notes in Computer Science, vol.580(1992b).
[30] Bertino E. And Jajodia S. Modeling multilevel entities using single-level objects. In Proc. 3rd Int. Conf. on Deductive and Object-Oriented Databases(DOOD'93) (1993).
[31] Bertino E. And Martino L. Object-oriented database management systems:concepts and issues. IEEE Computer, 24(4), April(1991).
[32] Bertino E. And Samarati, P. Research issues in discretionary authorization for object bases. In Proc OOPSLA'93 Worskshop on Security for Object-Oriented Systems, October(1993).
[33] Bell, D.E. and Lapadula, L.J., Secure Computer System: Unified Exposition and MULTICS Interpretation, Revision 1, US Air Force ESD-TR 75-306, MITRE Corporation MTR2997, Bedford MA, March 1976.
[34] Biba, K.J., Integrity Consideration for Secure Computer System, ESD-TR-372, ESD/AFSC, Hanscom AFB, Bedford MA, April 1997.
[35] Goguen, J.A. and Meseguer, J., "Security Policies and Security Models', 1982 Symposium on Security and Privacy, pp. 11-20, IEEE, April 1982.
[36] Goguen, J.A. and Meseguer, J., "Security Policies and Security Models", 1984 Symposium on Security and Privacy, pp. 75-85, IEEE, April 1984.
[37] Silvana Castano etad 《Database Security》 acm Press 1995
[38] Peter.Neumann[美] 《与计算机有关的风险》 ACM press.1995
[39] SIEMENS, CardOS Use's Manual, Version 2.1 01.08. 1995
[40] 卡尔.H.迈耶,斯蒂芬.M.马特斯,《计算机保密系统设计与实现指南》,1985
[41] R.P.费希尔[美]著 《信息系统的安全保密》 科学出版社 1991
[42] D.B.Parker[美]著 《反计算机犯罪》 电子工业出版社 1999.10
[43] J.Shum[美]主编 《Netscape认证管理系统管理员指南》 北京希望电子出版社 2000.3
[44] W.Stallings[美]著 《网络安全要素—应用与标准》 人民邮电出版社 2000.11
[45] Anonymous[美]著 《网络安全最高安全技术指南》 机械工业出版社 1998.5
[46] D.Stang、S.Moon[美]著 《计算机网络安全奥秘》 电子工业出版社 1994.9
[47] B.Schneier[美]著 《应用密码学》 机械工业出版社 2000.1
[48] Kahn.D[美]著 《破译者》 军事出版社 1985.5
[49] Merike Kaeo[美]著 《网络安全性设计》 人民邮电出版社 2000.11
[50] Rolf Oppliger[美]著 《WWW安全技术》 人民邮电出版社 2001.1
[51] Derek Atkins[美]等著 《Internet网络安全专业参考手册》 机械工业出版社 1998.8
[52] C.Hare,K.Siyan[美]著 《Internet防火墙与网络安全》 机械工业出版社 1998.5
[53] 王锡林 郭庆平 程胜利,《计算机安全》,1995
[54] 李大兴,公钥密码分析的理论研究,山东大学博士学位论文,1994
[55] 车生兵著 硬盘启动前口令检查的实现 计算机应用研究1998年第2期
[56] 于宏军,赵冬艳著 IC卡技术全书 电子工业出版社
[57] 王换招等著 PC系列微机总线 西安交通大学出版社
[58] 王爱英 《智能卡技术》 清华大学出版社 1996年1月版
[59] 陆浪如编著 《现代密码学》 信息工程学院专业教材 1995.11
[60] 周效坤、米立根主编《对现代科学技术的哲学思考》 军事科学出版社 2000.8
[61] 赖溪松、韩亮、张真诚著 《近代密码学及其应用》 松岗电脑图书资料 1995
[62] 周广生、李新月、杨丽萍编著《信息系统工程原理、方法与应用》清华大学出版社1991
[63] 总参军训部 《外军高技术武器装备介绍》 解放军出版社 1997.3
[64] 陈彦军编著 《信息安全理论与实务》 中国铁道出版社 2001.4
[65] 王育民、刘建伟编著《通信网的安全—理论与技术》 西安电子科技大学出版 2000.5
[66] 杨义先等编著 《网络信息安全与保密》 北京邮电大学出版社 1999.11
[67] 胡昌振、李贵涛等编著《面向21世纪网络安全与防护》 北京希望电子出版社 1999.10
[68] 李海泉、李健编著 《计算机网络安全与加密技术》 科学出版社 2001.3
[69] 陈爱民、于康友、管海民编著 《计算机的安全与保密》 电子工业出版社 1992.9
[70] 冯登国、裴定一著 《密码学导引》 科学出版社 1999
[71] 冯登国《密码分析学》 清华大学出版社 2000
[72] 王育民、何大可著 《保密学—基础与应用》 西安电子科技大学出版社 1999
[73] 赵战生 冯登国等编著,《信息安全技术浅谈》,科学出版社 1999
[2] L.J.Hughes, Actually Useful Internet Security Techniques, New Riders, 1995
[3] A Koetsier.The ISI-protocol.v3. 0. 1997, http://www.iscit.surfnet.n1/team/Arjan/homepage/doc7. htm
[4] AES home page: http://www.nist.gov/encryption/aes
[5] Joan Daemen, Vincent Rijnmen, AES Proposal: Rijndael , dated September 3 1999
[6] Joan Daemen, V. Rijnmen, " Answer to ' new observations on Rijndael' ", August 11 , 2000
[7] Brian Gladman, "AES Second Round Implementation Experience", January 30~(th), 2000
[8] Brian Gladman, "The AES Algorithm (Rijndael) in C and C++", October 10~(th), 2000
[9] XILINX Data Book 2000, 《 The Progranmable Logic 》
[10] Michael jenkin and Patrick Dymond,A Plugin-based Privacy Scheme for World-wide Web File Distribution, ,1998 IEEE Proc.31~(st) Annual Hawaii International Conference on System Sciences.
[11] Freier, Karlton, Kocher,.The,SSL,Protocol,Version3. 0. Internet draft draft freier ssl version3-02. txt, 1996.
[12] Simson Web Security & Commerce, Garfinked with Gene Spafford,June 1997.
[15] William Stallings[美]著 Network and Internetwork Security-Principles and Praitice IEEE Press 1995
[16] W.Kou[美]著, Networking Security and Standards , Kluwer 1997
[17] "Proposed Federal information Processing Standard for Digital Signature Standard (DSS)" Federal Register, v.56,n.169,30 Aug 1991,pp.42980-42982
[18] "Proposed Federal information Processing Standard for Secure Hash Standard " Federal Register, v.57,n.21,31 Jan 1992,pp.3747-3749
[19] National Institute of Standards and Technology, NIST FIPS PUB 186, "Digital Signature standards," U.S.Department of Commerce,May 1994
[20] X.Lai and J.Massey, "A Proposal for a New block Encryption Standard," Advnces in Crytology-EUROCRYPT ' 90 Proceeding$,Springer-Verlag,1991,pp.389-404
[21] X.Lai, J.Massey, and S.murphy "Markov Ciphers and Differential Cryptanalysis," Advnces in Crytology-EUROCRYPT'91 Proceedings,Springer-Verlag,1991,pp.17-38
[22] X.Lai, Detailed Description and a software Implementation of the IPES Cipher, unpublished manuscript, 8 NOv 1991
[23] Abdali S.K.,Cherry G.W. and Soiffer N.. A Smalltalk system for algebraic manipulation. In Proc. ACM Conf. On Object-Oriented Programming Systems, Languages,and Applications(OOPSL A),Portland,September( 1986)
[24] Ahad R.et al. Supporting access control in an object-oriented database language. In Proc. 3~(rd) Int. Conf. On Extending Database Technology(EDBT), Yienna,Springer-verlag Lecture Notes in Computer Science, vol.580( 1992) .
[25] Atkinson M. Et al. The object-oriecnted database system manifesto. In Proc. First Int. Conf. Deductive and Object-Oriented Databases, Elsevier Science Publishers(1989)
[26] Banerjee J. Et al. Data model issues for object-oriented applications. ACM Trans. Information Systems,5(1) , April( 1987) .
[27] Barghouti N.S. and Kaiser G.E Concurrency control in advanced database applications.ACM Computer surveys,23(3),September(1991).
[28] Bertino E. Data hiding and security in an object-oriented database system. In Proc. 8th IEEE International Conf. On Data Engineering, Phoenix, Arizona, February(1992a).
[29] Bertino, E. A view mehcanism for object-oriented databases. In Proc. Int. Conf. on Extending Database Technology(EDBT), Vienna, Springer-Verlag Lecture Notes in Computer Science, vol.580(1992b).
[30] Bertino E. And Jajodia S. Modeling multilevel entities using single-level objects. In Proc. 3rd Int. Conf. on Deductive and Object-Oriented Databases(DOOD'93) (1993).
[31] Bertino E. And Martino L. Object-oriented database management systems:concepts and issues. IEEE Computer, 24(4), April(1991).
[32] Bertino E. And Samarati, P. Research issues in discretionary authorization for object bases. In Proc OOPSLA'93 Worskshop on Security for Object-Oriented Systems, October(1993).
[33] Bell, D.E. and Lapadula, L.J., Secure Computer System: Unified Exposition and MULTICS Interpretation, Revision 1, US Air Force ESD-TR 75-306, MITRE Corporation MTR2997, Bedford MA, March 1976.
[34] Biba, K.J., Integrity Consideration for Secure Computer System, ESD-TR-372, ESD/AFSC, Hanscom AFB, Bedford MA, April 1997.
[35] Goguen, J.A. and Meseguer, J., "Security Policies and Security Models', 1982 Symposium on Security and Privacy, pp. 11-20, IEEE, April 1982.
[36] Goguen, J.A. and Meseguer, J., "Security Policies and Security Models", 1984 Symposium on Security and Privacy, pp. 75-85, IEEE, April 1984.
[37] Silvana Castano etad 《Database Security》 acm Press 1995
[38] Peter.Neumann[美] 《与计算机有关的风险》 ACM press.1995
[39] SIEMENS, CardOS Use's Manual, Version 2.1 01.08. 1995
[40] 卡尔.H.迈耶,斯蒂芬.M.马特斯,《计算机保密系统设计与实现指南》,1985
[41] R.P.费希尔[美]著 《信息系统的安全保密》 科学出版社 1991
[42] D.B.Parker[美]著 《反计算机犯罪》 电子工业出版社 1999.10
[43] J.Shum[美]主编 《Netscape认证管理系统管理员指南》 北京希望电子出版社 2000.3
[44] W.Stallings[美]著 《网络安全要素—应用与标准》 人民邮电出版社 2000.11
[45] Anonymous[美]著 《网络安全最高安全技术指南》 机械工业出版社 1998.5
[46] D.Stang、S.Moon[美]著 《计算机网络安全奥秘》 电子工业出版社 1994.9
[47] B.Schneier[美]著 《应用密码学》 机械工业出版社 2000.1
[48] Kahn.D[美]著 《破译者》 军事出版社 1985.5
[49] Merike Kaeo[美]著 《网络安全性设计》 人民邮电出版社 2000.11
[50] Rolf Oppliger[美]著 《WWW安全技术》 人民邮电出版社 2001.1
[51] Derek Atkins[美]等著 《Internet网络安全专业参考手册》 机械工业出版社 1998.8
[52] C.Hare,K.Siyan[美]著 《Internet防火墙与网络安全》 机械工业出版社 1998.5
[53] 王锡林 郭庆平 程胜利,《计算机安全》,1995
[54] 李大兴,公钥密码分析的理论研究,山东大学博士学位论文,1994
[55] 车生兵著 硬盘启动前口令检查的实现 计算机应用研究1998年第2期
[56] 于宏军,赵冬艳著 IC卡技术全书 电子工业出版社
[57] 王换招等著 PC系列微机总线 西安交通大学出版社
[58] 王爱英 《智能卡技术》 清华大学出版社 1996年1月版
[59] 陆浪如编著 《现代密码学》 信息工程学院专业教材 1995.11
[60] 周效坤、米立根主编《对现代科学技术的哲学思考》 军事科学出版社 2000.8
[61] 赖溪松、韩亮、张真诚著 《近代密码学及其应用》 松岗电脑图书资料 1995
[62] 周广生、李新月、杨丽萍编著《信息系统工程原理、方法与应用》清华大学出版社1991
[63] 总参军训部 《外军高技术武器装备介绍》 解放军出版社 1997.3
[64] 陈彦军编著 《信息安全理论与实务》 中国铁道出版社 2001.4
[65] 王育民、刘建伟编著《通信网的安全—理论与技术》 西安电子科技大学出版 2000.5
[66] 杨义先等编著 《网络信息安全与保密》 北京邮电大学出版社 1999.11
[67] 胡昌振、李贵涛等编著《面向21世纪网络安全与防护》 北京希望电子出版社 1999.10
[68] 李海泉、李健编著 《计算机网络安全与加密技术》 科学出版社 2001.3
[69] 陈爱民、于康友、管海民编著 《计算机的安全与保密》 电子工业出版社 1992.9
[70] 冯登国、裴定一著 《密码学导引》 科学出版社 1999
[71] 冯登国《密码分析学》 清华大学出版社 2000
[72] 王育民、何大可著 《保密学—基础与应用》 西安电子科技大学出版社 1999
[73] 赵战生 冯登国等编著,《信息安全技术浅谈》,科学出版社 1999