协同商务平台数据交换系统安全性应用研究
|
摘要
协同商务平台是一个大型复杂的集成应用系统,它以Internet为媒介,通过浏览器与分布在不同地域的用户及企业进行交互,并借助Web服务技术,实现了协同商务平台与其他应用系统的数据交换。但是,如何保证用户信息的安全,如何保证信息在网络上传输的安全,如何保证Web服务调用的安全,如何开发出健壮的代码不给黑客留任何漏洞等一系列问题都是系统开发和部署的时候应该考虑的问题。
本文根据协同商务平台的物理结构和逻辑结构,深入分析了平台数据交换系统存在的安全隐患和安全威胁,结合WS-Security规范、数字签名、数据加密,时间戳等安全技术,从开发者的角度提出了针对协同商务平台的安全模型,并给出了该安全模型的总体设计和实现。本论文的组织结构为:
第1章作为论文的绪论,介绍了协同商务平台与数据交换的基本概念,分析了研究平台数据交换安全问题的重要意义,介绍了论文的选题和主要工作
第2章给出了协同商务平台的总体需求分析,总体模式以及平台数据交换的需求分析,分析了协同商务平台数据交换存在的各种安全隐患,提出了数据交换系统应该实现的安全目标。
第3章分析并比较了各种数据交换的安全技术,结合平台自身的特点为协同商务平台数据交换系统建立了一个方便、实用、高效、可行的安全模型。
第4章主要介绍了基于该安全模型的协同商务平台数据交换系统的设计。
第5章介绍协同商务平台安全数据交换系统的实现,安全结果分析和异常分析。
最后的结束语对本文的研究内容和结论进行了总结,并展望了本文核心技术的应用前景和进一步的研究工作。
The Collaborative Commerce Platform is a large and complex integrated application system. It uses Internet as its media, enables interaction of customers from different regions through browser, and especially relies on the Web Services technology, which realizes data exchange between Collaborative Commerce Platform and other application system. However, how to guarantee the security of customer information, how to guarantee the security of information transfer in Internet, how to guarantee the security of Web Services invocation and how to develop robust code to prevent any backdoor from hackers, etc.. The abovementioned problems should be considered during the development and deployment of the system.Based on the physical structure and logical structure of Collaborative Commerce Platform, the potential danger and security threat of data exchange system of the platform are analyzed thoroughly, combined with the security technologies like WS-Security Specification, digital signature, data encryption and time stamp, a security model of Collaborative Commerce Platform is put forward from the developer's view, and the overall design and realization of the security model is given. The structure of the paper is as follows:Chapter 1 is the prolegomenon, conceptions of Collaborative Commerce Platform and data exchange are introduced, significance of research on data exchange security of platform is analyzed, and choice of the thesis subject and main work of the thesis are introduced.In Chapter 2, the overall requirements analysis, overall mode of Collaborative Commerce Platform and requirements analysis of platform data exchange are pointed out, the potential danger of the security of Collaborative Commerce Platform is analyzed, and the security goal of data exchange system is put forward.In Chapter 3, various security technologies of data exchange are analyzed and compared. Based on intrinsic characteristics of platform, a convenient, practical, efficient and feasible security model is established for data exchange system of
Collaborative Commerce Platform.In Chapter 4, the design of the data exchange system of Collaborative Commerce Platform based on the security model is discussed.In Chapter 5, the realization of secure data exchange system of Collaborative Commerce Platform, the secure result analysis and exception analysis are described.Finally, in conclusion section, the research content and conclusion are summarized, and core technologies, application prospect as well as the further research work are looked forward.
本文根据协同商务平台的物理结构和逻辑结构,深入分析了平台数据交换系统存在的安全隐患和安全威胁,结合WS-Security规范、数字签名、数据加密,时间戳等安全技术,从开发者的角度提出了针对协同商务平台的安全模型,并给出了该安全模型的总体设计和实现。本论文的组织结构为:
第1章作为论文的绪论,介绍了协同商务平台与数据交换的基本概念,分析了研究平台数据交换安全问题的重要意义,介绍了论文的选题和主要工作
第2章给出了协同商务平台的总体需求分析,总体模式以及平台数据交换的需求分析,分析了协同商务平台数据交换存在的各种安全隐患,提出了数据交换系统应该实现的安全目标。
第3章分析并比较了各种数据交换的安全技术,结合平台自身的特点为协同商务平台数据交换系统建立了一个方便、实用、高效、可行的安全模型。
第4章主要介绍了基于该安全模型的协同商务平台数据交换系统的设计。
第5章介绍协同商务平台安全数据交换系统的实现,安全结果分析和异常分析。
最后的结束语对本文的研究内容和结论进行了总结,并展望了本文核心技术的应用前景和进一步的研究工作。
The Collaborative Commerce Platform is a large and complex integrated application system. It uses Internet as its media, enables interaction of customers from different regions through browser, and especially relies on the Web Services technology, which realizes data exchange between Collaborative Commerce Platform and other application system. However, how to guarantee the security of customer information, how to guarantee the security of information transfer in Internet, how to guarantee the security of Web Services invocation and how to develop robust code to prevent any backdoor from hackers, etc.. The abovementioned problems should be considered during the development and deployment of the system.Based on the physical structure and logical structure of Collaborative Commerce Platform, the potential danger and security threat of data exchange system of the platform are analyzed thoroughly, combined with the security technologies like WS-Security Specification, digital signature, data encryption and time stamp, a security model of Collaborative Commerce Platform is put forward from the developer's view, and the overall design and realization of the security model is given. The structure of the paper is as follows:Chapter 1 is the prolegomenon, conceptions of Collaborative Commerce Platform and data exchange are introduced, significance of research on data exchange security of platform is analyzed, and choice of the thesis subject and main work of the thesis are introduced.In Chapter 2, the overall requirements analysis, overall mode of Collaborative Commerce Platform and requirements analysis of platform data exchange are pointed out, the potential danger of the security of Collaborative Commerce Platform is analyzed, and the security goal of data exchange system is put forward.In Chapter 3, various security technologies of data exchange are analyzed and compared. Based on intrinsic characteristics of platform, a convenient, practical, efficient and feasible security model is established for data exchange system of
Collaborative Commerce Platform.In Chapter 4, the design of the data exchange system of Collaborative Commerce Platform based on the security model is discussed.In Chapter 5, the realization of secure data exchange system of Collaborative Commerce Platform, the secure result analysis and exception analysis are described.Finally, in conclusion section, the research content and conclusion are summarized, and core technologies, application prospect as well as the further research work are looked forward.
引文
[1] 李宗安.论协同电子商务系统建设.商务时代.2004,3
[2] 俞立平.企业信息化与电子商务.东南大学出版社,2002
[3] 安德鲁.坎贝尔,凯瑟琳.萨姆斯□ 卢克斯编著,任通海、龙大伟译.战略协同
[4] Efraim Turban(美),王理平等译,电子商务管理新视角(第二版),电子工业出版社,2003.1.
[5] 周志萍,徐宏海.基于供应链管理的分销型企业信息系统.电子商务世界.2004.7
[6] 柴晓路.XML数据环境下基于关系模式的数据交换方法.http://www-900.ibm.com.2001.6
[7] 王胜银.通用数据交换技术的研究与应用.西南交通大学硕士学位论文.2004:2-3
[8] 蒲慷.可扩展通用数据交换框架.电子科技大学硕士学位论文.2002:1-2
[9] 张不同.电子商务数据交换技术.东北财经大学出版社,2002:9-16
[10] 杨小曼.基于协同电子商务平台的分销管理系统研究与实现.四川大学硕士学位论文.2005:6-11
[11] 黄加庆.协同电子商务应用系统的研究及开发.西南交通大学硕士论文.2003:5-13
[12] 韩敏,孙林夫,唐慧佳.基于ASP的中小型企业协同商务解决方案研究.计算机应用研究.2006,3
[13] 协同商务平台系统设计报告.四川省制造业信息化生产力促进中心,2005:4-9
[14] 李安渝.Web Services技术与实现.国防工业出版社,2003
[15] 柴晓路.Web服务架构与开放互操作技术.清华大学出版社.2002:1-20
[16] Scott Short. Building XML Web Services For The Microsoft.NET Platform. Microsoft Press. 2002: 1-8
[17] 李涛.网络安全概论.电子工业出版社,2004
[18] 冯元,兰少华,杨余旺.计算机网络安全基础.科学出版社.2003年10月
[19] Peter. Thorsteinson, G. Gnana Arun Ganesh, NET Security And Cryptography, Pearson education, 2004:70-96
[20] Mark M.Burnett. Hacking the Code: ASP.NET Web Application Security. Syngress Publishing,2004
[21] 张玉清,陈建奇.公钥基础设施(PKI)实现和管理电子安全.清华大学出版社,2002:10-56,182-185
[22] Bruce Schneier.应用密码学.北京:机械工业出版社,2002,20-30
[23] Dor Box, David Ehnebuske, Simple Object Access Protocol (SOAP) 1.1, W3C Note 08 May 2000, http://www.w3.org/TR/SOAP/
[24] Nilo Mitra, SOAP Version 1.2 Part 0: Primer, W3C Working Draft 26 June 2002, http://www.w3.org/TR/soap12-part0/
[25] Takeshi Imamura, Blair Dillaway, XML Encryption Syntax and Processing,
[26] Mark Bartel John Boyer, XML-Signature Syntax and Processing, http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/
[27] Toshiro Takase, Naohiko Uramoto, XML Digital Signature System Independent of Existing Applications, IEEE, 2002
[28] Anthony.Nadalin,Chris.Kaler.Web Services Security: SOAP Message Security 1.0(WS-Security 2004). OASIS Open, 2004
[29] Russ Basiura, Richard Conway, Professional ASP.NET Security, Wrox Press,2002,399-421
[30] Microsoft, Security in a Web Services World: A Proposed Architecture and Roadmap,http://www-900.ibm.com/developerWorks/cn/webservices/ws-secm ap/index_eng.shtml
[31] Mark O'Neill. Web Services Security.McGraw-Hill Osborne Media,2003
[32] Bret Hartman,Donald J.Flinn. Mastering Web Services Security. John Wiley & sons,Inc. 2003
[33] Chris McNab. Network Security Assessment: Know Your Network. O'Reilly Media, Inc, 2004
[34] Eric Rescorla. SSL and TLS Designing and Building Secure Systems. Addison Wesley, 2002
[35] 彭新光,吴兴兴.计算机网络安全技术与应用.科学出版社,2005:235-238
[36] 石伟鹏,杨小虎.基于SOAP协议的WebService安全基础规范 WS Security.计算机应用研究,2003,2
[37] 肖道举,杨剑,陈晓苏.Web服务安全保障机制研究.华中科技大学学报(自然科学版).2004,4.
[38] 黄波,唐慧佳.用WSE实现SOAP消息签名.电脑知识与技术.2006,8
[39] 李卫.计算机网络安全与管理.清华大学出版社.2004.11
[40] 范晓平.UML建模实例详解.清华大学出版社,2005:6
[41] 汽车产业链协作平台设计报告.四川省制造业信息化生产力促进中心,2005:5-10
[42] Wendy Boggs, Michael Boggs. Mastering UML with Rational Rose 2002. SYBEX Inc, 2001
[43] 白尚旺.PowerDesigner软件分析设计技术.电子工业出版社,2002
[44] 张宇.网络化制造ASP服务平台安全性应用研究.西南交通大学硕士学位论文.2005:2-5
[45] 销售系统设计报告.四川省制造业信息化生产力促进中心,2005:5-10
[46] Web Services Enhancements 2.0 Online Help. Microsoft Corporation.2004
[47] OASIS Standard 200401.Web Services Security X.509 Certificate Token Profile.2004
[48] 倪丽萍.基于WS-Security规范的Web服务安全性研究.合肥工业大学硕士学位论文.2005
[49] 杨剑.基于XML的异构数据交换系统的研究与实现.西南交通大学硕士学位论文.2005
[50] Jaideep Roy, Anupama Ramanujan. Understanding Web Services, IEEE, Dec 2001 IT Pro: 68-72.
[51] Steven Splaine. Testing Web Security:Assessing the Security of Web Sites and Applications. John Wiley & Sons, Inc., 2003
[52] 谢铉洋,谢荣传.XML数字签名.计算机应用研究.2002,7
[53] Ben Galbraith, Whitney Hankison. Professional Web Services Security. Wrox Press, 2002
[54] Mark O'Neill. Web服务安全技术与原理.冉晓曼,郭文伟.清华大学出社,2003
[2] 俞立平.企业信息化与电子商务.东南大学出版社,2002
[3] 安德鲁.坎贝尔,凯瑟琳.萨姆斯□ 卢克斯编著,任通海、龙大伟译.战略协同
[4] Efraim Turban(美),王理平等译,电子商务管理新视角(第二版),电子工业出版社,2003.1.
[5] 周志萍,徐宏海.基于供应链管理的分销型企业信息系统.电子商务世界.2004.7
[6] 柴晓路.XML数据环境下基于关系模式的数据交换方法.http://www-900.ibm.com.2001.6
[7] 王胜银.通用数据交换技术的研究与应用.西南交通大学硕士学位论文.2004:2-3
[8] 蒲慷.可扩展通用数据交换框架.电子科技大学硕士学位论文.2002:1-2
[9] 张不同.电子商务数据交换技术.东北财经大学出版社,2002:9-16
[10] 杨小曼.基于协同电子商务平台的分销管理系统研究与实现.四川大学硕士学位论文.2005:6-11
[11] 黄加庆.协同电子商务应用系统的研究及开发.西南交通大学硕士论文.2003:5-13
[12] 韩敏,孙林夫,唐慧佳.基于ASP的中小型企业协同商务解决方案研究.计算机应用研究.2006,3
[13] 协同商务平台系统设计报告.四川省制造业信息化生产力促进中心,2005:4-9
[14] 李安渝.Web Services技术与实现.国防工业出版社,2003
[15] 柴晓路.Web服务架构与开放互操作技术.清华大学出版社.2002:1-20
[16] Scott Short. Building XML Web Services For The Microsoft.NET Platform. Microsoft Press. 2002: 1-8
[17] 李涛.网络安全概论.电子工业出版社,2004
[18] 冯元,兰少华,杨余旺.计算机网络安全基础.科学出版社.2003年10月
[19] Peter. Thorsteinson, G. Gnana Arun Ganesh, NET Security And Cryptography, Pearson education, 2004:70-96
[20] Mark M.Burnett. Hacking the Code: ASP.NET Web Application Security. Syngress Publishing,2004
[21] 张玉清,陈建奇.公钥基础设施(PKI)实现和管理电子安全.清华大学出版社,2002:10-56,182-185
[22] Bruce Schneier.应用密码学.北京:机械工业出版社,2002,20-30
[23] Dor Box, David Ehnebuske, Simple Object Access Protocol (SOAP) 1.1, W3C Note 08 May 2000, http://www.w3.org/TR/SOAP/
[24] Nilo Mitra, SOAP Version 1.2 Part 0: Primer, W3C Working Draft 26 June 2002, http://www.w3.org/TR/soap12-part0/
[25] Takeshi Imamura, Blair Dillaway, XML Encryption Syntax and Processing,
[26] Mark Bartel John Boyer, XML-Signature Syntax and Processing, http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/
[27] Toshiro Takase, Naohiko Uramoto, XML Digital Signature System Independent of Existing Applications, IEEE, 2002
[28] Anthony.Nadalin,Chris.Kaler.Web Services Security: SOAP Message Security 1.0(WS-Security 2004). OASIS Open, 2004
[29] Russ Basiura, Richard Conway, Professional ASP.NET Security, Wrox Press,2002,399-421
[30] Microsoft, Security in a Web Services World: A Proposed Architecture and Roadmap,http://www-900.ibm.com/developerWorks/cn/webservices/ws-secm ap/index_eng.shtml
[31] Mark O'Neill. Web Services Security.McGraw-Hill Osborne Media,2003
[32] Bret Hartman,Donald J.Flinn. Mastering Web Services Security. John Wiley & sons,Inc. 2003
[33] Chris McNab. Network Security Assessment: Know Your Network. O'Reilly Media, Inc, 2004
[34] Eric Rescorla. SSL and TLS Designing and Building Secure Systems. Addison Wesley, 2002
[35] 彭新光,吴兴兴.计算机网络安全技术与应用.科学出版社,2005:235-238
[36] 石伟鹏,杨小虎.基于SOAP协议的WebService安全基础规范 WS Security.计算机应用研究,2003,2
[37] 肖道举,杨剑,陈晓苏.Web服务安全保障机制研究.华中科技大学学报(自然科学版).2004,4.
[38] 黄波,唐慧佳.用WSE实现SOAP消息签名.电脑知识与技术.2006,8
[39] 李卫.计算机网络安全与管理.清华大学出版社.2004.11
[40] 范晓平.UML建模实例详解.清华大学出版社,2005:6
[41] 汽车产业链协作平台设计报告.四川省制造业信息化生产力促进中心,2005:5-10
[42] Wendy Boggs, Michael Boggs. Mastering UML with Rational Rose 2002. SYBEX Inc, 2001
[43] 白尚旺.PowerDesigner软件分析设计技术.电子工业出版社,2002
[44] 张宇.网络化制造ASP服务平台安全性应用研究.西南交通大学硕士学位论文.2005:2-5
[45] 销售系统设计报告.四川省制造业信息化生产力促进中心,2005:5-10
[46] Web Services Enhancements 2.0 Online Help. Microsoft Corporation.2004
[47] OASIS Standard 200401.Web Services Security X.509 Certificate Token Profile.2004
[48] 倪丽萍.基于WS-Security规范的Web服务安全性研究.合肥工业大学硕士学位论文.2005
[49] 杨剑.基于XML的异构数据交换系统的研究与实现.西南交通大学硕士学位论文.2005
[50] Jaideep Roy, Anupama Ramanujan. Understanding Web Services, IEEE, Dec 2001 IT Pro: 68-72.
[51] Steven Splaine. Testing Web Security:Assessing the Security of Web Sites and Applications. John Wiley & Sons, Inc., 2003
[52] 谢铉洋,谢荣传.XML数字签名.计算机应用研究.2002,7
[53] Ben Galbraith, Whitney Hankison. Professional Web Services Security. Wrox Press, 2002
[54] Mark O'Neill. Web服务安全技术与原理.冉晓曼,郭文伟.清华大学出社,2003