天津考试院信息系统安全管理的分析与实现

发布时间：2018-05-09 10:44

本文选题：天津考试院 + 网络安全　；参考：《天津大学》2014年硕士论文

【摘要】：随着计算机技术的发展和普及，计算机网络给人们提供了很大的便利，同时也改变着人们的学习和生活方式并且已经渗透到了非常重要的领域，一个小小的差错都有可能引起重大的社会问题。尤其面对当今互联网安全问题日益突出的形势，网络信息的安全已经变得越来越重要。高等教育自学考试又称高自考，是对自学者进行的以学历考试为主的高等教育国家考试。天津考试院的主要任务为招生和考试，业务范围覆盖全天津市几十万考生的各类考试，对信息安全有很高的要求，一个很简单的数据错误可能会给考生造成很大的不便和影响。本文主要以天津考试院高自考信息项目为例，对其进行了安全分析和程序改进，包括数据加密，Session安全，数据库安全等方面内容的重新设计，进一步增强该信息系统的安全系数，为考生的利益保驾护航。对于数据安全方面，重新设计了身份认证环节。对于考生系统而言，通过数据库读取“盐”值，与考生输入的密码进行“搅拌”，然后通过MD5加密进行密文传输，服务器获得数据后进行第二次MD5加密再寻找匹配项，以保证登录的安全性；同时，，设计了忘记密码功能，方便考生在忘记密码的情况下重置密码。对于区县系统而言，统一利用USB Key进行身份认证，只有在密码和key值统一时才能登录系统。在数据库安全方面，设计了数据库的自动备份和防止SQL注入的解决方案。合理的安全设计可以保障信息系统安全稳定的运行，同时保障广大考生的切身利益。
[Abstract]:With the development and popularization of computer technology, the computer network has provided great convenience to people, at the same time, it has changed people's learning and life style and has penetrated into very important fields. A small error can cause major social problems. Especially in the face of the increasingly prominent problem of Internet security, the security of network information has become more and more important. Higher education self-study examination, also known as high self-examination, is a national examination of higher education. The main task of Tianjin examination Institute is to recruit students and examinations. The scope of business covers hundreds of thousands of examinees in Tianjin, which has high requirements for information security. A very simple data error may cause great inconvenience and influence to candidates. This paper mainly takes the information item of Tianjin examination Institute as an example, carries on the security analysis and the program improvement to it, including the data encryption session security, the database security and so on the content redesign, further enhances this information system the safety coefficient. Protect the interests of candidates. For the data security aspect, the identity authentication link is redesigned. For the examinee system, the "salt" value is read through the database, "stirred" with the password entered by the examinee, and then encrypted through MD5 to transmit the ciphertext. After the server obtains the data, it encrypts the data a second time and then searches for a match. At the same time, the function of forgetting password is designed to make it convenient for examinee to reset password if he forgot his password. For the district and county system, USB Key is used to authenticate identity. Only when the password and key value are unified, can the system be logged in. In the aspect of database security, a solution to automatically backup database and prevent SQL injection is designed. Reasonable security design can ensure the safe and stable operation of the information system, and ensure the vital interests of the candidates.
【学位授予单位】：天津大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】