电子政务中公文流转系统的安全性分析与设计
|
摘要
电子政务被列为“信息高速公路”的五个应用领域之首,而公文流转系统是电子政务系统中重要的子系统之一,它对于提高行政效率,提高现代化管理水平,提高政府工作的透明度等具有重要意义。该系统的安全问题直接关系到国家利益,需要先进而可靠的信息安全保障,因此必须进行网络安全和应用安全两方面的设计。
本文以鄂州市电子政务系统的建设为背景,选用Lotus Domino/Notes作为软件开发平台,对公文流转系统进行了安全性的分析与设计,作者的主要工作包括以下内容:
1.分析目前网络安全的常用技术,重点研究了电子政务信息安全防御系统的功能组成,并对“三网一库”建设中的安全性问题特别是三网之间的物理隔离进行了仔细研究,提出了鄂州市电子政务系统的网络安全框架,该框架具有高扩展性、高可用性和良好的安全性。
2.结合Lotus Domino/Notes软件开发平台对公文流转系统应用安全性进行分析,研究了基于Lotus Domino/Notes的系统安全策略。在公文流转系统开发过程中,基于网状结构的设计思想,建立了网状安全设计模型并强化了其中的安全防范点。在系统设计中应用该模型能有效提高设计效率和质量,增强系统的安全性。
3.对安全访问控制模型进行研究,提出了一种适应公文流转系统的基于多数据库、工作流与角色的访问控制(MDWRBAC)模型。该模型具有以下特点:(1)引入工作流对象,根据工作流状态激活角色和委托授权,从而保证了在工作流程的各个阶段只有相应的角色才能在相应的权限下工作;(2)角色反馈信号给工作流,可以动态地改变系统的工作流流向,解决了复杂流程系统的动态授权问题;(3)将数据分为公用数据和系统数据,并彼此隔离,普通角色只能访问公用数据,不能修改系统数据,而管理角色只能访问系统数据,不能访问普通角色的数据,从而减少了系统数据冗余,提高了访问效率,更便于对系统的安全管理。实践证明,该模型能较好的满足系统对访问控制的要求。
4.在对鄂州市电子政务系统进行需求分析的基础上,确立了公文流转系统的功能模块,并在系统开发中对安全策略进行设计与研究,以收文管理模块和发文管理模块为例介绍了安全策略的具体应用与实现。
本文的研究工作在电子政务及其他信息系统的安全领域具有一定的理论和实用价值,可为信息系统的安全设计提供参考。
"E-government" is always considered the premier concept in the five-field application of the "Information Superhighway" throughout of the world. Document flow system is an important subsystem of E-government, which is helpful to increase the efficiency of government's work, improve the level of modern management, to enhance the transparency of official business. The security of government's system has relation to the benefit of country, so it is necessary to design the securities of network and application in system.
The research is under the background of construct E-government system of Ezhou. This paper adopted Lotus Domino/Notes through comparing kinds of existing development platform. Then the security problem and its design in government's document flow system are introduced. The author's main workings are given as follows:
Firstly, the paper analyzes the command technology of network security is, takes an emphases on researching security recovery system of E-government and studying physical insulation among three networks. Then security network frame of E-government of Ezhou is presented, which is of good expansibility and usability and security.
Secondly, the applying security of document flow system is analyzed with Lotus Domino/Notes that is a developing platform. The paper researches the security policy in document flow system. On the basis of the design idea of reticular formation, the security design of reticular formation is modeled and its points of keeping security are consolidated. When the model is applied in the system, the efficiency and quality of design are increased and the security is enhanced.
Thirdly, this paper presents a new model called Multi-Database , workflow and role-based access control (MDWRBAC) , on the basis of full analyzing role-based access control models. The characters of MDWRBAC model are as follows. 1. The workflow object is presented. It activates the role and commissions the authorization according to the workflow state, which ensures that only the corresponding role can work with the permission in each periods of the workflow. 2. The role's feedback signal to workflow can alter the system workflow dynamically and solve the dynamical authorization in the complex flow system. 3. Data is divided into two insulated parts: public data and system data. The common role can only access public data, moreover, the administrative role can only access system data . That ensures the system data security , lessens data redundancy and increases access efficiency. The fulfillment indicates MDWRBAC model can meet the security requirements of access control.
Finally, through analyzing the demands of E-government of Ezhou. the
paper establishes the function module of document flow system. Take sending and receiving file administration systems for example, security policies are applied and realized in the system after they are researched.
The research in the paper has definite theoretic and practical value in the field of security of information system. It is a useful reference for designing the security of information system.
本文以鄂州市电子政务系统的建设为背景,选用Lotus Domino/Notes作为软件开发平台,对公文流转系统进行了安全性的分析与设计,作者的主要工作包括以下内容:
1.分析目前网络安全的常用技术,重点研究了电子政务信息安全防御系统的功能组成,并对“三网一库”建设中的安全性问题特别是三网之间的物理隔离进行了仔细研究,提出了鄂州市电子政务系统的网络安全框架,该框架具有高扩展性、高可用性和良好的安全性。
2.结合Lotus Domino/Notes软件开发平台对公文流转系统应用安全性进行分析,研究了基于Lotus Domino/Notes的系统安全策略。在公文流转系统开发过程中,基于网状结构的设计思想,建立了网状安全设计模型并强化了其中的安全防范点。在系统设计中应用该模型能有效提高设计效率和质量,增强系统的安全性。
3.对安全访问控制模型进行研究,提出了一种适应公文流转系统的基于多数据库、工作流与角色的访问控制(MDWRBAC)模型。该模型具有以下特点:(1)引入工作流对象,根据工作流状态激活角色和委托授权,从而保证了在工作流程的各个阶段只有相应的角色才能在相应的权限下工作;(2)角色反馈信号给工作流,可以动态地改变系统的工作流流向,解决了复杂流程系统的动态授权问题;(3)将数据分为公用数据和系统数据,并彼此隔离,普通角色只能访问公用数据,不能修改系统数据,而管理角色只能访问系统数据,不能访问普通角色的数据,从而减少了系统数据冗余,提高了访问效率,更便于对系统的安全管理。实践证明,该模型能较好的满足系统对访问控制的要求。
4.在对鄂州市电子政务系统进行需求分析的基础上,确立了公文流转系统的功能模块,并在系统开发中对安全策略进行设计与研究,以收文管理模块和发文管理模块为例介绍了安全策略的具体应用与实现。
本文的研究工作在电子政务及其他信息系统的安全领域具有一定的理论和实用价值,可为信息系统的安全设计提供参考。
"E-government" is always considered the premier concept in the five-field application of the "Information Superhighway" throughout of the world. Document flow system is an important subsystem of E-government, which is helpful to increase the efficiency of government's work, improve the level of modern management, to enhance the transparency of official business. The security of government's system has relation to the benefit of country, so it is necessary to design the securities of network and application in system.
The research is under the background of construct E-government system of Ezhou. This paper adopted Lotus Domino/Notes through comparing kinds of existing development platform. Then the security problem and its design in government's document flow system are introduced. The author's main workings are given as follows:
Firstly, the paper analyzes the command technology of network security is, takes an emphases on researching security recovery system of E-government and studying physical insulation among three networks. Then security network frame of E-government of Ezhou is presented, which is of good expansibility and usability and security.
Secondly, the applying security of document flow system is analyzed with Lotus Domino/Notes that is a developing platform. The paper researches the security policy in document flow system. On the basis of the design idea of reticular formation, the security design of reticular formation is modeled and its points of keeping security are consolidated. When the model is applied in the system, the efficiency and quality of design are increased and the security is enhanced.
Thirdly, this paper presents a new model called Multi-Database , workflow and role-based access control (MDWRBAC) , on the basis of full analyzing role-based access control models. The characters of MDWRBAC model are as follows. 1. The workflow object is presented. It activates the role and commissions the authorization according to the workflow state, which ensures that only the corresponding role can work with the permission in each periods of the workflow. 2. The role's feedback signal to workflow can alter the system workflow dynamically and solve the dynamical authorization in the complex flow system. 3. Data is divided into two insulated parts: public data and system data. The common role can only access public data, moreover, the administrative role can only access system data . That ensures the system data security , lessens data redundancy and increases access efficiency. The fulfillment indicates MDWRBAC model can meet the security requirements of access control.
Finally, through analyzing the demands of E-government of Ezhou. the
paper establishes the function module of document flow system. Take sending and receiving file administration systems for example, security policies are applied and realized in the system after they are researched.
The research in the paper has definite theoretic and practical value in the field of security of information system. It is a useful reference for designing the security of information system.
引文
(1) Gertner.Y, Kannan.S, Malkin.T, Reingold.O, Viswanathan. The relationship between public key encryption and oblivious transfer. Proceedings of the 41st Annual Symposium on Foundations of Computer Science, 2000
(2) Ahn Gail-Joon, Hong Seung-Phil, Shin Michael E. Reconstructing a formal security model. Information and Software Technology, 2002. 8(11) : 649-657
(3) Tuomas Aura, Dieter Gollmann. Communications security on the internet.software focus, 2001. 2(3) : 104-111
(4) Ryon Packer. Protecting the Network: NIDS: the logical first step in intrusion detection deployment. Network security, 2001(12) : 10-11
(5) H. S. Venter, J. H. P. Eloff. Network Security: Important Issues.Network security, 2000(6) : 12-16
(6) Andrea Kirkby. Cryptography And E-Commerce: A Wiley Tech Brief. Network security, 2001(4) : 9-9
(7) Marie A. Wright. The Advanced Encryption Standard, Network security, 2001(10) : 11-13
(8) T. Ohata, T. Fukui, M. Ishii. Secure network, for beamline control. Nuclear instruments and methods in physics research. Section A, 2001. 467-468(1) : 825-828
(9) Johnny Papa. SSL: Protect Your E-Commerce Web Site with SSL and Digital Certificates. Msdn magazine, 2001. 16(4)
(10) Ginsburg.Mark, Duliba.Katherine. Enterprise-level groupware choices: Evaluating Lotus Notes and Intranet-based solutions, Computer Supported Cooperative Work: CSCW: An International Journal, 1997. 6(2-3) : 20-225
(11) Fiona.Collins. Lotus Notes and Domino R5. 0 Security Infrastructure Revealed [M]. IBM, 1999
(12) Kurt Gutzmann. Access Control and Session Management in the HTTP Environment. IEEE internet computing, 2001. 5(1) : 26-35
(13) http://www.dominosecuritv.org/
(14) Tzong-Chen Wu, Chin-Chen Chang. Cryptographic key assignment scheme for hierarchical access control, Computer Systems Science and Engineering, 2001. 16(1) : 25-28
[15] Rajeev Joshi, K. Rustan M. Leino. A semantic approach to secure information flow. Science of computer programming, 2000.37(1-3):13~138
[16] Leonhardt. Ulf, Magee.Jeff. Security considerations for a distributed location service. Journal of Network and Systems Management, 1998.6(1): 51~70
[17] Jacob Richard. E. Recovering User Ids and Passwords [J]. Group Computing Magazine, 2001 (4)
[18] Schneider EB. Enforceable Security Policies [J]. Technical Report. Department of Computer Science, Cornell University, 1999-07
[19] Kille. S, M. Wahl, A. Grimstad, R. Huber, S. Sataluri. Using Domains in LDAP/X.500 Distinguished Names. RFC 2247, January 1998
[20] Bassham. L, Polk. W, R. Housley. Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation Lists (CRL) Profile. RFC 3279, April 2002.
[21] Qiao Ying, Xu De, Dai Guo-Zhong. A new control for collaborative environments[C].Proceedings of the ACM CSCW'92 Conference on Computer research & development,2000.37(1):37~44
[22] Schneider F B. Enforceable Security Policies [J]. Technical Report. Depart of Computer Science, 1999-07
[23] John Barkley, Konstantin Beznosov, Jinny Uppal. Supporting Relation-ships in Access Control Using Role Based Access Control[C]. In: ACM Role-based Access Control Workshop. Fairfax. Virginia, USA, 1999:55~56
[24] Ben Malezaden. All-in-one Lotus Notes and Domino R5 Exam Guide. Libby Ingrassia Schwarz. 机械工业出版社, 2002.2
[25] Ahn, Gail-Joon and Kim, Kwangjo. CONUGA: Constrained User-Group Assignment. Journal of Network and Computer Applications, 2001(24): 87-100
[26] 谭晓,聂承启.简论“三网”环境下电子政务系统的安全性.计算机与现代化,2002年,第11期
[27] 唐望生,王越西,邓院昌.电子政务国际经验研究.信息化建设,2002年09期
[28] 董晶,董桂林.用Lotus R5构建Internet Intranet应用[M].北京:电子工业出版社.2000
[29] 杨小平,谢红,聂慧静.Lotus Domino/Notes项目案例导航.北京:科学技术出版社,2002
[30] 武坤等.Lotus Domino/Notes R5应用开发指南.机械工业出版社.2001
[31] 张亚玲,王尚平,张毅坤.基于群件的办公系统中安全性研究.计算机应用,2001,Vol.21,No.4,
[32] 陈彦学.信息安全理论与实务.中国铁道出版社.2001
[33] 张蒲生.政府机关网络系统的设计与研究[J].计算机工程,2001,27(8):188-190
[34] 陈传波,金旭军,刘广宇.群件安全结构分析与设计[J].计算机应用研究,2000,17(1):50~52
[35] 赵荣山,洪帆.办公自动化系统中基于角色的访问控制机制,通信技术,2002.9
[36] 莲花软件(中国)有限公司.Lotus Domino安全技术[M].北京:海洋出版社,2000
[37] 沈野樵,陈利民,李一宁,郭伟.Domino体系研究及其安全功能增强的实现.系统工程与电子技术,2002,Vol.24.No.7:109~112
[38] 余乐,吕强.第三代OA系统的安全性设计.计算机与现代化 2002年,第6期:18~23
[39] 尹恒,卢苇.Lotus Domino/Notes的公开密钥加密机制.计算机研究与开发,2002年,第2期:84~87
[40] 王庆林,顾晓虎.应用Lotus Domino/Notes开发行政办公系统的安全设计.扬州大学学报(自然科学版),2002,Vol.5 No.3
[41] 张艳.基于Lotus Domino/Notes的电子政务系统的研制与开发.
[42] 北京:OA’2000办公自动化国际学术研讨会,2000.11.21
[43] 刘传平,路璐,吴信才.办公自动化系统中公文修改痕迹的跟踪方法.现代计算机,2002年,第01期
[44] 谢波,姜贤塔,陈根才.公文流转中复杂工作流程的通用设计.计算机工程与应用,2000年,第11期
[45] 国外电子政务发展概况.软件世界,2002年,第06期
[46] 尹存燕,刘祎,李振东,谢俊元.公文流转系统的授权机制.计算机工程与应用,2002年,第09期
[47] 忻尚芝,桂海峰,陈世平.基层政府电子政务系统的开发与应用.上海电力学院学报,2002年,第03期
[48] 王友发.Lotus Domino/Notes在网络办公自动化中的应用.兵工自动化,2002年,第02期
[49] 赵任方,曹瑞森.一个基于LotusNotes平台的现代办公系统.华北电力技术,2002年,第01期
[50] 栾虹,王刚.办公自动化网络系统的安全性.山东交通科技,2002年,第03期
[51] 张光庭,陆倜,李桂芝.基于角色的OA系统访问控制模型及其实现.小型微型计算机系统,2002年,第08期
[52] 周一玲.基于Domino/Notes的公文审批系统的设计与实现.长沙电力学院学报(自然科学版),2001年,第04期
[53] 夏定元,张顺岚,张德琨.基于Lotus Notes的公文处理系统设计与实现.桂林电子工业学院学报,2001年,第04期
(2) Ahn Gail-Joon, Hong Seung-Phil, Shin Michael E. Reconstructing a formal security model. Information and Software Technology, 2002. 8(11) : 649-657
(3) Tuomas Aura, Dieter Gollmann. Communications security on the internet.software focus, 2001. 2(3) : 104-111
(4) Ryon Packer. Protecting the Network: NIDS: the logical first step in intrusion detection deployment. Network security, 2001(12) : 10-11
(5) H. S. Venter, J. H. P. Eloff. Network Security: Important Issues.Network security, 2000(6) : 12-16
(6) Andrea Kirkby. Cryptography And E-Commerce: A Wiley Tech Brief. Network security, 2001(4) : 9-9
(7) Marie A. Wright. The Advanced Encryption Standard, Network security, 2001(10) : 11-13
(8) T. Ohata, T. Fukui, M. Ishii. Secure network, for beamline control. Nuclear instruments and methods in physics research. Section A, 2001. 467-468(1) : 825-828
(9) Johnny Papa. SSL: Protect Your E-Commerce Web Site with SSL and Digital Certificates. Msdn magazine, 2001. 16(4)
(10) Ginsburg.Mark, Duliba.Katherine. Enterprise-level groupware choices: Evaluating Lotus Notes and Intranet-based solutions, Computer Supported Cooperative Work: CSCW: An International Journal, 1997. 6(2-3) : 20-225
(11) Fiona.Collins. Lotus Notes and Domino R5. 0 Security Infrastructure Revealed [M]. IBM, 1999
(12) Kurt Gutzmann. Access Control and Session Management in the HTTP Environment. IEEE internet computing, 2001. 5(1) : 26-35
(13) http://www.dominosecuritv.org/
(14) Tzong-Chen Wu, Chin-Chen Chang. Cryptographic key assignment scheme for hierarchical access control, Computer Systems Science and Engineering, 2001. 16(1) : 25-28
[15] Rajeev Joshi, K. Rustan M. Leino. A semantic approach to secure information flow. Science of computer programming, 2000.37(1-3):13~138
[16] Leonhardt. Ulf, Magee.Jeff. Security considerations for a distributed location service. Journal of Network and Systems Management, 1998.6(1): 51~70
[17] Jacob Richard. E. Recovering User Ids and Passwords [J]. Group Computing Magazine, 2001 (4)
[18] Schneider EB. Enforceable Security Policies [J]. Technical Report. Department of Computer Science, Cornell University, 1999-07
[19] Kille. S, M. Wahl, A. Grimstad, R. Huber, S. Sataluri. Using Domains in LDAP/X.500 Distinguished Names. RFC 2247, January 1998
[20] Bassham. L, Polk. W, R. Housley. Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation Lists (CRL) Profile. RFC 3279, April 2002.
[21] Qiao Ying, Xu De, Dai Guo-Zhong. A new control for collaborative environments[C].Proceedings of the ACM CSCW'92 Conference on Computer research & development,2000.37(1):37~44
[22] Schneider F B. Enforceable Security Policies [J]. Technical Report. Depart of Computer Science, 1999-07
[23] John Barkley, Konstantin Beznosov, Jinny Uppal. Supporting Relation-ships in Access Control Using Role Based Access Control[C]. In: ACM Role-based Access Control Workshop. Fairfax. Virginia, USA, 1999:55~56
[24] Ben Malezaden. All-in-one Lotus Notes and Domino R5 Exam Guide. Libby Ingrassia Schwarz. 机械工业出版社, 2002.2
[25] Ahn, Gail-Joon and Kim, Kwangjo. CONUGA: Constrained User-Group Assignment. Journal of Network and Computer Applications, 2001(24): 87-100
[26] 谭晓,聂承启.简论“三网”环境下电子政务系统的安全性.计算机与现代化,2002年,第11期
[27] 唐望生,王越西,邓院昌.电子政务国际经验研究.信息化建设,2002年09期
[28] 董晶,董桂林.用Lotus R5构建Internet Intranet应用[M].北京:电子工业出版社.2000
[29] 杨小平,谢红,聂慧静.Lotus Domino/Notes项目案例导航.北京:科学技术出版社,2002
[30] 武坤等.Lotus Domino/Notes R5应用开发指南.机械工业出版社.2001
[31] 张亚玲,王尚平,张毅坤.基于群件的办公系统中安全性研究.计算机应用,2001,Vol.21,No.4,
[32] 陈彦学.信息安全理论与实务.中国铁道出版社.2001
[33] 张蒲生.政府机关网络系统的设计与研究[J].计算机工程,2001,27(8):188-190
[34] 陈传波,金旭军,刘广宇.群件安全结构分析与设计[J].计算机应用研究,2000,17(1):50~52
[35] 赵荣山,洪帆.办公自动化系统中基于角色的访问控制机制,通信技术,2002.9
[36] 莲花软件(中国)有限公司.Lotus Domino安全技术[M].北京:海洋出版社,2000
[37] 沈野樵,陈利民,李一宁,郭伟.Domino体系研究及其安全功能增强的实现.系统工程与电子技术,2002,Vol.24.No.7:109~112
[38] 余乐,吕强.第三代OA系统的安全性设计.计算机与现代化 2002年,第6期:18~23
[39] 尹恒,卢苇.Lotus Domino/Notes的公开密钥加密机制.计算机研究与开发,2002年,第2期:84~87
[40] 王庆林,顾晓虎.应用Lotus Domino/Notes开发行政办公系统的安全设计.扬州大学学报(自然科学版),2002,Vol.5 No.3
[41] 张艳.基于Lotus Domino/Notes的电子政务系统的研制与开发.
[42] 北京:OA’2000办公自动化国际学术研讨会,2000.11.21
[43] 刘传平,路璐,吴信才.办公自动化系统中公文修改痕迹的跟踪方法.现代计算机,2002年,第01期
[44] 谢波,姜贤塔,陈根才.公文流转中复杂工作流程的通用设计.计算机工程与应用,2000年,第11期
[45] 国外电子政务发展概况.软件世界,2002年,第06期
[46] 尹存燕,刘祎,李振东,谢俊元.公文流转系统的授权机制.计算机工程与应用,2002年,第09期
[47] 忻尚芝,桂海峰,陈世平.基层政府电子政务系统的开发与应用.上海电力学院学报,2002年,第03期
[48] 王友发.Lotus Domino/Notes在网络办公自动化中的应用.兵工自动化,2002年,第02期
[49] 赵任方,曹瑞森.一个基于LotusNotes平台的现代办公系统.华北电力技术,2002年,第01期
[50] 栾虹,王刚.办公自动化网络系统的安全性.山东交通科技,2002年,第03期
[51] 张光庭,陆倜,李桂芝.基于角色的OA系统访问控制模型及其实现.小型微型计算机系统,2002年,第08期
[52] 周一玲.基于Domino/Notes的公文审批系统的设计与实现.长沙电力学院学报(自然科学版),2001年,第04期
[53] 夏定元,张顺岚,张德琨.基于Lotus Notes的公文处理系统设计与实现.桂林电子工业学院学报,2001年,第04期