留学生MIS系统安全机制的设计与实现
|
摘要
留学生管理信息系统(留学生MIS系统)在帮助各级院校有效管理内部学生信息,提高院校内外信息流转的速度上发挥着重要的作用。作为一个基于B/S架构的MIS系统,在便捷方面拥有比传统C/S架构MIS系统不可比拟的优势,但也存在更多的安全隐患。同时,由于留学生信息管理业务的特殊性,用户对其安全性能的需求也与一般MIS系统不同。因此,留学生MIS系统的安全性已经成为需要重点研究的问题。
在访问控制方面,本文针对留学生系统的业务特征和可能面临的安全威胁,设计并实现了一种带有群组-分支属性的基于角色的访问控制模型(GB-RBAC),提高了系统的安全性,减少了授权管理的复杂性,并且有效地解决了现有GRBAC模型的资源冗余问题,提高了分配的自由度。在数据安全方面,作者给出了双向SSL认证在留学生MIS系统的实现,验证了SSL_PART实现有利于提高系统的性能,并简要介绍了系统中使用的其他数据安全技术。
作者首先介绍了MIS系统的相关安全理论,分析了主要的访问控制模型,对其发展历程进行概述,同时对MIS系统的数据安全技术进行了一定的阐述。其次,论文分析了MIS系统,特别是留学生MIS系统的安全需求。针对系统业务特征,作者从纵向、横向、多维纵横和用户体验4个切面,说明现有多种访问控制模型无法很好地适应留学生系统。
在此基础上,本文提出了适用于留学生系统的GB-RBAC模型。给出该模型的具体元素和定义,分别阐述了各元素的特征和具体操作的行为用例。该模型结合具体企业中内部机构的划分,用Group(群组)划分资源集合的功能,较好的解决了传统RBAC资源分配无法因下属机构不同而灵活处理的缺陷。同时,群组之间引入偏序关系,避免了资源存储冗余的问题。提出了分支与群组的从属关系,分支机构管理员可以享有该群组下的最大资源集合的任何资源子集合。引入黑名单的机制,在分支资源集合中排除部分权限,解决了以往GRBAC自动授权的不足。GB-RBAC也是一种基于实际应用的管理角色模型。但是GB-RBAC比ARBAC更好的贴近实际系统的需求,对授权机制和授权管理给出了实际的解决方案。
最后,论文详细阐述了GB-RBAC模型在留学生MIS系统中的实现细节。该系统采用基于Appfuse的体系架构,给出了GB-RBAC模型的访问控制流程,完成了相关数据库表概念设计和逻辑设计,同时给出了群组、角色、分支等模块及系统授权机制的详细算法和JAVA实现。此外,考虑其他安全细节,实现了双向SSL等安全机制。给出了SSL在系统中的具体配置和应用,并从性能的考虑出发,实现了SSL_PART连接等。
The Management Information System of International Students (MISIS) plays an important role in helping all universities to manage student information and it can also raise the pace in information transferring. As a B/S architecture system, it has more unparalleled advantages than those systems in traditional C/S architecture. As a result of the specificity of management business, users demand more security features than the general MIS system. Therefore, the security of MISIS has become a necessary focus of research.
In the access control context, this paper considers business characteristics and security threats may faced, designed and implemented a role-based access control model with group-branch attributes(GB-RBAC). It enhances the security of the system, and reduces the complexity of authorization management. It makes an effective solution to the redundancy existing in GRBAC model, and improves the distribution of freedom.In security context, the author gives a realization of two-way SSL authentication, and verified SSL_PART realization can improve the performance of the system, and briefly introduce other data security technologies in the system.
The security theory of the MIS system is introduced at the first. It analyzes the main access control model and makes a summarization of its phylogeny, then it takes a brief analyze of data security in MIS system. Secondly, the thesis analyzed security needs of MIS system, especially of MISIS.The authors use four sections-vertical, horizontal, multi-dimensional aspect and user experience- to introduce that access control models existed can not be well adapted to the system.
On this basis, the authors designed anapplicable model, GB-RBAC model, and gave the specific elements definitions of the model, then show each element on the characteristics and behavior of the specific use case.
And, the thesis gives a GB-RBAC model realization in MISIS, including detailed database design, key modules of the algorithm, technical details, etc.
In this model, group attribute is applied to carve up different resource sets, and can make up the limitation of the tradition RBAC model. Meanwhile, there are hierarchies between groups; groups can have overlapping responsibilities and privileges. It would be efficient and administratively agile to specify repeatedly these general operations for each group that gets created. A subordinate relationship is processed between branches and groups; the administrator of the branch can enjoy all resources belong to its subordinated group. GB-RBAC model brings out a blacklist mechanism which can exclude some resources that cannot to assign to some exactly branch administrators. Compared to the ARBAC model, the GB-RBAC is more practical, and brings fitter authorization mechanism and authorization management.
At last, the paper elaborated realization details in MISIS on GB-RBAC model. The system is based on appfuse system architecture; the author gives a GB-RBAC model for access control flow, completed the conceptual design of relational database tables and logic design, at the same time give detailed algorithm and realize JAVA code in the group, role, branch modules and systems licensing mechanism. In addition, this thesis considers other security details, such as the realization of a two-way SSL security mechanism. It gives the SSL application and specific configuration in the system, and realizes the connection of SSL_PART to consider performance.
在访问控制方面,本文针对留学生系统的业务特征和可能面临的安全威胁,设计并实现了一种带有群组-分支属性的基于角色的访问控制模型(GB-RBAC),提高了系统的安全性,减少了授权管理的复杂性,并且有效地解决了现有GRBAC模型的资源冗余问题,提高了分配的自由度。在数据安全方面,作者给出了双向SSL认证在留学生MIS系统的实现,验证了SSL_PART实现有利于提高系统的性能,并简要介绍了系统中使用的其他数据安全技术。
作者首先介绍了MIS系统的相关安全理论,分析了主要的访问控制模型,对其发展历程进行概述,同时对MIS系统的数据安全技术进行了一定的阐述。其次,论文分析了MIS系统,特别是留学生MIS系统的安全需求。针对系统业务特征,作者从纵向、横向、多维纵横和用户体验4个切面,说明现有多种访问控制模型无法很好地适应留学生系统。
在此基础上,本文提出了适用于留学生系统的GB-RBAC模型。给出该模型的具体元素和定义,分别阐述了各元素的特征和具体操作的行为用例。该模型结合具体企业中内部机构的划分,用Group(群组)划分资源集合的功能,较好的解决了传统RBAC资源分配无法因下属机构不同而灵活处理的缺陷。同时,群组之间引入偏序关系,避免了资源存储冗余的问题。提出了分支与群组的从属关系,分支机构管理员可以享有该群组下的最大资源集合的任何资源子集合。引入黑名单的机制,在分支资源集合中排除部分权限,解决了以往GRBAC自动授权的不足。GB-RBAC也是一种基于实际应用的管理角色模型。但是GB-RBAC比ARBAC更好的贴近实际系统的需求,对授权机制和授权管理给出了实际的解决方案。
最后,论文详细阐述了GB-RBAC模型在留学生MIS系统中的实现细节。该系统采用基于Appfuse的体系架构,给出了GB-RBAC模型的访问控制流程,完成了相关数据库表概念设计和逻辑设计,同时给出了群组、角色、分支等模块及系统授权机制的详细算法和JAVA实现。此外,考虑其他安全细节,实现了双向SSL等安全机制。给出了SSL在系统中的具体配置和应用,并从性能的考虑出发,实现了SSL_PART连接等。
The Management Information System of International Students (MISIS) plays an important role in helping all universities to manage student information and it can also raise the pace in information transferring. As a B/S architecture system, it has more unparalleled advantages than those systems in traditional C/S architecture. As a result of the specificity of management business, users demand more security features than the general MIS system. Therefore, the security of MISIS has become a necessary focus of research.
In the access control context, this paper considers business characteristics and security threats may faced, designed and implemented a role-based access control model with group-branch attributes(GB-RBAC). It enhances the security of the system, and reduces the complexity of authorization management. It makes an effective solution to the redundancy existing in GRBAC model, and improves the distribution of freedom.In security context, the author gives a realization of two-way SSL authentication, and verified SSL_PART realization can improve the performance of the system, and briefly introduce other data security technologies in the system.
The security theory of the MIS system is introduced at the first. It analyzes the main access control model and makes a summarization of its phylogeny, then it takes a brief analyze of data security in MIS system. Secondly, the thesis analyzed security needs of MIS system, especially of MISIS.The authors use four sections-vertical, horizontal, multi-dimensional aspect and user experience- to introduce that access control models existed can not be well adapted to the system.
On this basis, the authors designed anapplicable model, GB-RBAC model, and gave the specific elements definitions of the model, then show each element on the characteristics and behavior of the specific use case.
And, the thesis gives a GB-RBAC model realization in MISIS, including detailed database design, key modules of the algorithm, technical details, etc.
In this model, group attribute is applied to carve up different resource sets, and can make up the limitation of the tradition RBAC model. Meanwhile, there are hierarchies between groups; groups can have overlapping responsibilities and privileges. It would be efficient and administratively agile to specify repeatedly these general operations for each group that gets created. A subordinate relationship is processed between branches and groups; the administrator of the branch can enjoy all resources belong to its subordinated group. GB-RBAC model brings out a blacklist mechanism which can exclude some resources that cannot to assign to some exactly branch administrators. Compared to the ARBAC model, the GB-RBAC is more practical, and brings fitter authorization mechanism and authorization management.
At last, the paper elaborated realization details in MISIS on GB-RBAC model. The system is based on appfuse system architecture; the author gives a GB-RBAC model for access control flow, completed the conceptual design of relational database tables and logic design, at the same time give detailed algorithm and realize JAVA code in the group, role, branch modules and systems licensing mechanism. In addition, this thesis considers other security details, such as the realization of a two-way SSL security mechanism. It gives the SSL application and specific configuration in the system, and realizes the connection of SSL_PART to consider performance.
引文
[1]教育部办公厅关于启用全国来华留学生管理信息系统的通知.http://www.moe.edu.cn/edoas/website18/36/inf05136.htm,教外厅函(2004)13号,2004-06-10
[2]郭清华.企业MIS由CIS模式升级为BIS模式的方法.福建电力与电工,2000,3,20(1),pp:28-29
[3]丁晓东.企业管理应向标准化发展.标准化报道,2000,21(4),pp:28-31
[4]王建平,饶若楠.一种基于角色的访问控制模型.计算机工程.2004,30(14),pp:193-195
[5]P.SAMARATI,S.VIMERCATI,Access Control:Policies,Models,and Mechanisms,In Foundations of Security Analysis and Design(Tutorial Lectures).R.Focardi and R.Gorrierieds,Springer-Berlag.September 2000,pp:137-196.
[6]Department of Defense,Trusted Computer System Evaluation Criteria,DoD 5200.28-STD,1985
[7]D.Ferraiolo,R.Kuhn,Role-Based Access Controls,In Proceedings of 15th NIST-NCSC National Computer Security Conference,1992,pp:554-563
[8]R.K.Thomas,R.S.Sandhu,Towards a Task-Based Paradigm for Flexible and Adaptable Access Control in Distributed Applications,Proceedings on the 1992-1993 Workshop on New Security Paradigms,1993,pp:138-142
[9]R.K.Thomas,R.S.Sandhu,Conceptual Foundations for a Model of Task-Based Authorizations,Proceedings of the 7th IEEE Computer Security Foundations Workshop,1994,pp:66-79
[10]R.K.Thomas,R.S.Sandhu,Task-Based Authentication Controls(TBAC):A Family of Models for Active and Enterprise-Oriented Authentication Management,Proceedings of the IFIP WG11.3 Workshop on Database Security,1997,pp:166-181
[11]G.Coulouris,J.Dollimore,M.Roberts,Role and Task-Based Access Control in the PerDiS Project,Proceedings of the 3rdACM Workshop on Role-Based Access Control,1998,pp:115-121
[12]S.Oh,S.Park,Task-Role Based Access Control(T-RBAC):An Improved Access Control Method for Enterprise Environment,LNCS,Proceedings of the 11th International Conference on Database and Expert Systems Applications,2000a,1873,pp:264-273
[13]S.Oh,S.Park,An Integration Model of Role-Based Access Control and Activity-Based Access Control Using Task,Proceedings of the IFIP TC11/WG11.3 Fourteenth Annual Working Conference on Database Security:Data and Application Security,Development and Directions,2000b,pp:355-360
[14]S.Oh,S.Park,Task-Role Based Access Control Model,Journal of Information Systems,2003,28(6),pp:533-562
[15]B.Steinmuller,J.Safarik,Extending Role-Based Access Control Model with States,International Conference on Trends in Communications,2001,2,pp:398-399
[16]J.Wainer,P.Barthelmess,A.Kumar,W-RBAC-A Workflow Security Model Incorporating Controlled Overriding of Constraints,International Journal of Cooperative Information Systems,2003,12(4),pp:455-485
[17]徐仁佐,郑红军,陈斌,马若锋,高俊鹏.基于角色和上下文的访问控制模型.计算机应用研究.2004,12,pp:140-142
[18]姚寒冰,胡和平,卢正鼎等.基于角色和上下文的动态网格访问控制研究.计算机科学.2006,01,pp:41-44
[19]范绍坤,窦万春,刘茜萍.科学工作流中基于上下文感知的资源访问控制.计算机工程设计,2008,02,pp:463-465
[20]Jaehong Park,Ravi Sandhu.Originator Control in Usage Control.3rd International Workshop on Policies for Distributed Systems and Networks(Policy 02).June 05-07 2002.
[21]Ravi Sandhu,Jaehong Park.Usage Control:A Vision for Next Generation Access Control.In Proceedings of The 2nd International Workshop on Mathematical Methods and Architectures for Computer Networks Security,2003,pp:17-31.
[22]OASIS.eXtensible Access Control Markup Language Version1.1,http://www.oasis-open.org/eonunittees/xacml/repository/cs-xacml-speci fieation-1.1,pdf.
[23]OASIS.SAML 2.0 profile of XACML,Committee draft 01.16 September 2004.http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-sa ml-profile-spec.os.pdf
[24]OASIS.eXtensible Aeeess Control Markup Language(XACML) Version2.0,2005.http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-co re-spec-os.pdf
[25]R.S.Sandhu,E.J.Coyne,H.L.Feinstein,C.E.Youman,Role-Based Access Control Models,IEEE Computer,1996,29(2),pp:38-47
[26]R.S.Sandhu,D.Ferraiolo,D.R.Kuhn.The NIST Model for Role-Based Access Control:Towards a Unified Standard.Proc.SthACM Workshop on Role-Based Access Control,2000,pp:26-27
[27]D.Ferraiolo,R.S.Sandhu,S.Gavrila,etc,Proposed NIST Standard for Role-Based Access Control,ACM Transactions on Information and System Security,2001,4(3),pp:224-274
[28]Ravi Sandu,Venkata BhamidiPati,Qamar Munawer.The ARBAC97 Model for Role- Based Administration of Roles.ACM Transaetions on Information and System Seeurity,Vol.2,No.1,February1999,pp:105-135
[29]Sejong Oh,Ravi Sandu.A Model for Role Administration Using Organization Structure.SACMAT' 02,June 3-4,2002,Monterey,California,pp:155-162
[30]Jason Cramption,George Loizou.SARBAC:A New Model for Role-based Administration.Technical report BBKCS-02-09,2002
[31]邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1),pp:76-82.
[32]信息产业部国家信息化工程师认证考试管理中心,《国家信息化系列-企业信息化工程师技术水平认证培训教材》,中国企业联合会出版社,2004-2-10
[33]林闯,封富君,李俊山.新型网络环境下的访问控制技术.软件学报.2007,4(18),pp:955-966
[34]尹明理.采用B/S模式构建MIS的安全策略.信息安全技术及应用,2006年第一期
[35]什么是双机热备?.http://www.ha999.com/
[36]吴飞.了解企业数据安全的相关概念. http://storage.it168.com/g/2007-03-30/200703301700917_2.shtml
[37]2004年11万人来华留学 留学生数量创历史新高.新华网.http://news.xinhuanet.com/newscenter/2005-05/20/content_2981613.htm
[38]教育部:2005来华留学生数量创历史新高.国际教育在线.http://ieol.chsi.com.cn/chuguo/zxzx/ixdt/200606/20060620/517223.html
[39]2006年我国接待来华留学生人数再创历史新高.新华网.http://news.xinhuanet.com/edu/2007-05/28/content_6164709.htm
[40]教育部:2007年来华留学生数量保持快速增长势头.中华人民共和国中央人民政府.http://www.gov.cn/jrzg/2008-03/13/content_919387.htm
[41]周煌.基于角色的动态访问控制模型的应用研究.电子科技大学.2005优秀毕业论文
[42]吕锋,闵朋,周晓东.基于用户群组RBAC模型的一种实现方法.武汉理工大学学报,2004-10,26(10),pp:70-73
[43]Kook.Appfuse学习笔记-控制层.http://www.blogjava.net/kook/archive /2008/08/19/114144.html.2007-04-27
[44]张六成,王帅.SSL在Web安全访问中的应用与实践.计算机安全,2007.08
[45]如何用Tomcat和Openssl构建HTTPS双向认证环境(HTTPS客户端认证).http://blog.csdn.net/jasonhwang/archive/2008/04/29/2344768.aspx
[46]利用openssl创建一个简单的CA.http://blog.csdn.net/jasonhwang/archive/2008/04/26/2329589.aspx
[47]阂文.利用ssl安全协议实现web服务器的安全性.科技经济市场,2006,2
[48]优化程序之前,可用Jamon来监测你的Spring应用.http://www.javaeye.com/post/354575
[49]用jamon来监控你的sq1执行效率.http://www.javaeye.com/topic/164758
[2]郭清华.企业MIS由CIS模式升级为BIS模式的方法.福建电力与电工,2000,3,20(1),pp:28-29
[3]丁晓东.企业管理应向标准化发展.标准化报道,2000,21(4),pp:28-31
[4]王建平,饶若楠.一种基于角色的访问控制模型.计算机工程.2004,30(14),pp:193-195
[5]P.SAMARATI,S.VIMERCATI,Access Control:Policies,Models,and Mechanisms,In Foundations of Security Analysis and Design(Tutorial Lectures).R.Focardi and R.Gorrierieds,Springer-Berlag.September 2000,pp:137-196.
[6]Department of Defense,Trusted Computer System Evaluation Criteria,DoD 5200.28-STD,1985
[7]D.Ferraiolo,R.Kuhn,Role-Based Access Controls,In Proceedings of 15th NIST-NCSC National Computer Security Conference,1992,pp:554-563
[8]R.K.Thomas,R.S.Sandhu,Towards a Task-Based Paradigm for Flexible and Adaptable Access Control in Distributed Applications,Proceedings on the 1992-1993 Workshop on New Security Paradigms,1993,pp:138-142
[9]R.K.Thomas,R.S.Sandhu,Conceptual Foundations for a Model of Task-Based Authorizations,Proceedings of the 7th IEEE Computer Security Foundations Workshop,1994,pp:66-79
[10]R.K.Thomas,R.S.Sandhu,Task-Based Authentication Controls(TBAC):A Family of Models for Active and Enterprise-Oriented Authentication Management,Proceedings of the IFIP WG11.3 Workshop on Database Security,1997,pp:166-181
[11]G.Coulouris,J.Dollimore,M.Roberts,Role and Task-Based Access Control in the PerDiS Project,Proceedings of the 3rdACM Workshop on Role-Based Access Control,1998,pp:115-121
[12]S.Oh,S.Park,Task-Role Based Access Control(T-RBAC):An Improved Access Control Method for Enterprise Environment,LNCS,Proceedings of the 11th International Conference on Database and Expert Systems Applications,2000a,1873,pp:264-273
[13]S.Oh,S.Park,An Integration Model of Role-Based Access Control and Activity-Based Access Control Using Task,Proceedings of the IFIP TC11/WG11.3 Fourteenth Annual Working Conference on Database Security:Data and Application Security,Development and Directions,2000b,pp:355-360
[14]S.Oh,S.Park,Task-Role Based Access Control Model,Journal of Information Systems,2003,28(6),pp:533-562
[15]B.Steinmuller,J.Safarik,Extending Role-Based Access Control Model with States,International Conference on Trends in Communications,2001,2,pp:398-399
[16]J.Wainer,P.Barthelmess,A.Kumar,W-RBAC-A Workflow Security Model Incorporating Controlled Overriding of Constraints,International Journal of Cooperative Information Systems,2003,12(4),pp:455-485
[17]徐仁佐,郑红军,陈斌,马若锋,高俊鹏.基于角色和上下文的访问控制模型.计算机应用研究.2004,12,pp:140-142
[18]姚寒冰,胡和平,卢正鼎等.基于角色和上下文的动态网格访问控制研究.计算机科学.2006,01,pp:41-44
[19]范绍坤,窦万春,刘茜萍.科学工作流中基于上下文感知的资源访问控制.计算机工程设计,2008,02,pp:463-465
[20]Jaehong Park,Ravi Sandhu.Originator Control in Usage Control.3rd International Workshop on Policies for Distributed Systems and Networks(Policy 02).June 05-07 2002.
[21]Ravi Sandhu,Jaehong Park.Usage Control:A Vision for Next Generation Access Control.In Proceedings of The 2nd International Workshop on Mathematical Methods and Architectures for Computer Networks Security,2003,pp:17-31.
[22]OASIS.eXtensible Access Control Markup Language Version1.1,http://www.oasis-open.org/eonunittees/xacml/repository/cs-xacml-speci fieation-1.1,pdf.
[23]OASIS.SAML 2.0 profile of XACML,Committee draft 01.16 September 2004.http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-sa ml-profile-spec.os.pdf
[24]OASIS.eXtensible Aeeess Control Markup Language(XACML) Version2.0,2005.http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-co re-spec-os.pdf
[25]R.S.Sandhu,E.J.Coyne,H.L.Feinstein,C.E.Youman,Role-Based Access Control Models,IEEE Computer,1996,29(2),pp:38-47
[26]R.S.Sandhu,D.Ferraiolo,D.R.Kuhn.The NIST Model for Role-Based Access Control:Towards a Unified Standard.Proc.SthACM Workshop on Role-Based Access Control,2000,pp:26-27
[27]D.Ferraiolo,R.S.Sandhu,S.Gavrila,etc,Proposed NIST Standard for Role-Based Access Control,ACM Transactions on Information and System Security,2001,4(3),pp:224-274
[28]Ravi Sandu,Venkata BhamidiPati,Qamar Munawer.The ARBAC97 Model for Role- Based Administration of Roles.ACM Transaetions on Information and System Seeurity,Vol.2,No.1,February1999,pp:105-135
[29]Sejong Oh,Ravi Sandu.A Model for Role Administration Using Organization Structure.SACMAT' 02,June 3-4,2002,Monterey,California,pp:155-162
[30]Jason Cramption,George Loizou.SARBAC:A New Model for Role-based Administration.Technical report BBKCS-02-09,2002
[31]邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1),pp:76-82.
[32]信息产业部国家信息化工程师认证考试管理中心,《国家信息化系列-企业信息化工程师技术水平认证培训教材》,中国企业联合会出版社,2004-2-10
[33]林闯,封富君,李俊山.新型网络环境下的访问控制技术.软件学报.2007,4(18),pp:955-966
[34]尹明理.采用B/S模式构建MIS的安全策略.信息安全技术及应用,2006年第一期
[35]什么是双机热备?.http://www.ha999.com/
[36]吴飞.了解企业数据安全的相关概念. http://storage.it168.com/g/2007-03-30/200703301700917_2.shtml
[37]2004年11万人来华留学 留学生数量创历史新高.新华网.http://news.xinhuanet.com/newscenter/2005-05/20/content_2981613.htm
[38]教育部:2005来华留学生数量创历史新高.国际教育在线.http://ieol.chsi.com.cn/chuguo/zxzx/ixdt/200606/20060620/517223.html
[39]2006年我国接待来华留学生人数再创历史新高.新华网.http://news.xinhuanet.com/edu/2007-05/28/content_6164709.htm
[40]教育部:2007年来华留学生数量保持快速增长势头.中华人民共和国中央人民政府.http://www.gov.cn/jrzg/2008-03/13/content_919387.htm
[41]周煌.基于角色的动态访问控制模型的应用研究.电子科技大学.2005优秀毕业论文
[42]吕锋,闵朋,周晓东.基于用户群组RBAC模型的一种实现方法.武汉理工大学学报,2004-10,26(10),pp:70-73
[43]Kook.Appfuse学习笔记-控制层.http://www.blogjava.net/kook/archive /2008/08/19/114144.html.2007-04-27
[44]张六成,王帅.SSL在Web安全访问中的应用与实践.计算机安全,2007.08
[45]如何用Tomcat和Openssl构建HTTPS双向认证环境(HTTPS客户端认证).http://blog.csdn.net/jasonhwang/archive/2008/04/29/2344768.aspx
[46]利用openssl创建一个简单的CA.http://blog.csdn.net/jasonhwang/archive/2008/04/26/2329589.aspx
[47]阂文.利用ssl安全协议实现web服务器的安全性.科技经济市场,2006,2
[48]优化程序之前,可用Jamon来监测你的Spring应用.http://www.javaeye.com/post/354575
[49]用jamon来监控你的sq1执行效率.http://www.javaeye.com/topic/164758