文档权限管理系统的研究与应用
|
摘要
随着越来越多的文档以数字的形式存储在电脑中,加上传统的电子文档具有易拷贝,使用不可控,泄密行为难以追踪等等一系列特性,企业的信息安全遭受到了严峻的考验。对于企业来说,仅仅依靠管理制度的完善不能从根本上解决内部文档泄密的问题,所以需要相关技术手段来防止文档泄密。数据加密技术能够保护企业重要文档数据,减少企业损失,但是传统的加解密需要手动进行,影响办公效率,而且对于文档使用的控制力度上显得不够。
本课题的研究目的就是为了防止未经授权的用户查看和流转电子文档,因此提出了一种文档保护方案,即应用透明加解密对文档进行加密保护,同时应用office插件技术来实现对office文档权限的控制,将这两种方式结合起来,达到保护和控制电子文档的目的。
本课题在对目前已知文档权限管理系统研究的基础上,实现了一个C/S架构的文档权限管理系统,在客户端实现了文档的透明加解密,即保护了重要文档,又不影响正常办公效率,另外还实现了插件对office文档权限的控制;在服务器端采用GSOAP工具搭建了一个WebService来实现和客户端的安全通信,并且采用SQL Server数据库来存储和管理数据。
本文采用的这种透明加解密和office插件相结合的办法,使得控制力度更强,控制细度更精细,解决了目前一些主流的文档权限管理系统不能解决的问题,包括控制文档流转,控制文档具体使用,记录使用痕迹等等。
With the trend that more and more documents are saved as digital style in computers, the information security is becoming more and more serious because that digital documents are not easily controlled and hard to trace. Improving management system is not enough for solving the problem totally. As we know, the encrypting technology can make documents safe and protect the important documents, however, the traditional encrypting technology is not efficient and cannot be finished automatically, also it cannot control its using in details.
This topic is to prevent the unauthorized users use and deliver the documents. According to the above analysis, this topic put forward a kind of solution to use the transparent encryption and decryption to protect documents while we use Office plug-in to control the right of usage, these two kinds of technology are all automatic and without users' notification. So it can not only protect documents but also can guarantee the users' working efficiency.
This system are Client/Server Structure, the client uses the transparent encryption and decryption technology while the server uses GSOAP to realize the communication and build the Web Service, the server uses SQL Server database.
The combination of transparent encryption and office plug-in can strengthen the controlling and solve some problems exist in some common DRM systems such as the control of documents'circulation and record the trace of documents'using.
本课题的研究目的就是为了防止未经授权的用户查看和流转电子文档,因此提出了一种文档保护方案,即应用透明加解密对文档进行加密保护,同时应用office插件技术来实现对office文档权限的控制,将这两种方式结合起来,达到保护和控制电子文档的目的。
本课题在对目前已知文档权限管理系统研究的基础上,实现了一个C/S架构的文档权限管理系统,在客户端实现了文档的透明加解密,即保护了重要文档,又不影响正常办公效率,另外还实现了插件对office文档权限的控制;在服务器端采用GSOAP工具搭建了一个WebService来实现和客户端的安全通信,并且采用SQL Server数据库来存储和管理数据。
本文采用的这种透明加解密和office插件相结合的办法,使得控制力度更强,控制细度更精细,解决了目前一些主流的文档权限管理系统不能解决的问题,包括控制文档流转,控制文档具体使用,记录使用痕迹等等。
With the trend that more and more documents are saved as digital style in computers, the information security is becoming more and more serious because that digital documents are not easily controlled and hard to trace. Improving management system is not enough for solving the problem totally. As we know, the encrypting technology can make documents safe and protect the important documents, however, the traditional encrypting technology is not efficient and cannot be finished automatically, also it cannot control its using in details.
This topic is to prevent the unauthorized users use and deliver the documents. According to the above analysis, this topic put forward a kind of solution to use the transparent encryption and decryption to protect documents while we use Office plug-in to control the right of usage, these two kinds of technology are all automatic and without users' notification. So it can not only protect documents but also can guarantee the users' working efficiency.
This system are Client/Server Structure, the client uses the transparent encryption and decryption technology while the server uses GSOAP to realize the communication and build the Web Service, the server uses SQL Server database.
The combination of transparent encryption and office plug-in can strengthen the controlling and solve some problems exist in some common DRM systems such as the control of documents'circulation and record the trace of documents'using.
引文
[1]吴灏等,网络攻防技术[M],北京:机械工业出版社,2009,235-287
[2]中国国家质量技术监督局,GB/T 18336中华人民共和国国家标准[J],信息技术-安全技术-安全技术安全性评估准则-第一部分,2001,12(3):7-11
[3]王达,管理员必读(网络安全),北京:电子工业出版社,2005:11
[4]Michael E.Whitman, Herbert J.Mattord,信息安全原理(第二版),北京:清华工业出版社,2006.3
[5]洪献文,DRM技术助力电子文档安全应用,计算机世界报,2005.11
[6]Rosenblatt W, Trippe W, Mooney S, Digital Rights Management:Business and Technology, New York:M&T Books,2002
[7]Garnett N, Digital Right Management, copy right and Napster, ACM SIGecom Exchanges,2001
[8]俞银燕,汤帜,数字版权保护技术研究综述,计算机学报,2005.12
[9]邓柯,数字权限管理中e-book安全机制的研究与应用,清华大学硕士学位论文,2004.6
[10]邓尧伟,数字版权管理(DRM)及研究热点[J],图书情报工作,2003.06
[11]Rump N, Definitions, aspects and overview, Digital Rights Management: Technological, Economic, Legal and Political Aspects, Lecture Notes in Computer Science 2770, Berlin:Springer-Verlag,2003,3-6
[12]Microsoft Office XP Developer开发指南,北京:北京大学出版社,2001.12
[13]Microsoft Office Developer Center, http://msdn.microsoft.com/office,2006.02
[14]张帆,史彩成,Windows开发技术详解[M],北京:电子工业出版社,2008
[15]陈鲁生,沈世镒,现代密码学[M],北京:科学出版社,2002
[16]陈尚义,透明文件加解密技术及其应用[J],信息安全与通信保密,2007(11)
[17]锻钢,加密与解密(第三版)[M],北京:电子工业出版社,2008
[18]William Stallings, Lawrie Brown,计算机安全原理与实践[M],贾春福,刘春波,高敏芬译,北京:机械工业出版社,2008,4-22
[19]吴世忠,祝世雄,张文政,应用密码学[M],北京:机械工业出版社,2000:215~264
[20]卢开澄,计算机密码学[M],北京:清华大学出版社,1998:127-135
[21]Stinson D R著,冯登国译,密码学原理与实践(第二版)[M],北京:电子工业出版社,2002:337~352
[22]姚兰,姜利群,李明,基于双秘钥的对称加密算法研究[J],微计算机信息,2008,24(7):72-75
[23]宋耀文,ADO开发技术在VC++中的实现,哈尔滨师范大学自然科学学报,2003
[24]闪四清,Microsoft SQL Server 2000实用教程[M],北京:人民邮电出版社,2000
[25]Stallings W,网络安全要素-应用与标准[M],北京:人民邮电出版社,2009
[26]王建军等,国内外模块化实践研究现状——基于文献综述,经济师,2011年3期
[27]Berners-Lee T, Fielding R, Masinter L, Uniform Resource Identifiers(URI), Generic Syntax,1998
[28]W3C.SOAP,Simple Object Access Protocol Specification 1.1,2000
[29]柴晓路,梁宇奇;Web Servicess技术、架构、和应用[M],北京:电子工业出版社,2003
[30]余晓峰,SOAP安全性模型的设计与实现[D],杭州:浙江大学,2003
[2]中国国家质量技术监督局,GB/T 18336中华人民共和国国家标准[J],信息技术-安全技术-安全技术安全性评估准则-第一部分,2001,12(3):7-11
[3]王达,管理员必读(网络安全),北京:电子工业出版社,2005:11
[4]Michael E.Whitman, Herbert J.Mattord,信息安全原理(第二版),北京:清华工业出版社,2006.3
[5]洪献文,DRM技术助力电子文档安全应用,计算机世界报,2005.11
[6]Rosenblatt W, Trippe W, Mooney S, Digital Rights Management:Business and Technology, New York:M&T Books,2002
[7]Garnett N, Digital Right Management, copy right and Napster, ACM SIGecom Exchanges,2001
[8]俞银燕,汤帜,数字版权保护技术研究综述,计算机学报,2005.12
[9]邓柯,数字权限管理中e-book安全机制的研究与应用,清华大学硕士学位论文,2004.6
[10]邓尧伟,数字版权管理(DRM)及研究热点[J],图书情报工作,2003.06
[11]Rump N, Definitions, aspects and overview, Digital Rights Management: Technological, Economic, Legal and Political Aspects, Lecture Notes in Computer Science 2770, Berlin:Springer-Verlag,2003,3-6
[12]Microsoft Office XP Developer开发指南,北京:北京大学出版社,2001.12
[13]Microsoft Office Developer Center, http://msdn.microsoft.com/office,2006.02
[14]张帆,史彩成,Windows开发技术详解[M],北京:电子工业出版社,2008
[15]陈鲁生,沈世镒,现代密码学[M],北京:科学出版社,2002
[16]陈尚义,透明文件加解密技术及其应用[J],信息安全与通信保密,2007(11)
[17]锻钢,加密与解密(第三版)[M],北京:电子工业出版社,2008
[18]William Stallings, Lawrie Brown,计算机安全原理与实践[M],贾春福,刘春波,高敏芬译,北京:机械工业出版社,2008,4-22
[19]吴世忠,祝世雄,张文政,应用密码学[M],北京:机械工业出版社,2000:215~264
[20]卢开澄,计算机密码学[M],北京:清华大学出版社,1998:127-135
[21]Stinson D R著,冯登国译,密码学原理与实践(第二版)[M],北京:电子工业出版社,2002:337~352
[22]姚兰,姜利群,李明,基于双秘钥的对称加密算法研究[J],微计算机信息,2008,24(7):72-75
[23]宋耀文,ADO开发技术在VC++中的实现,哈尔滨师范大学自然科学学报,2003
[24]闪四清,Microsoft SQL Server 2000实用教程[M],北京:人民邮电出版社,2000
[25]Stallings W,网络安全要素-应用与标准[M],北京:人民邮电出版社,2009
[26]王建军等,国内外模块化实践研究现状——基于文献综述,经济师,2011年3期
[27]Berners-Lee T, Fielding R, Masinter L, Uniform Resource Identifiers(URI), Generic Syntax,1998
[28]W3C.SOAP,Simple Object Access Protocol Specification 1.1,2000
[29]柴晓路,梁宇奇;Web Servicess技术、架构、和应用[M],北京:电子工业出版社,2003
[30]余晓峰,SOAP安全性模型的设计与实现[D],杭州:浙江大学,2003