SaaS平台数据安全问题的研究
发布时间:2018-12-24 11:19
【摘要】:随着互联网和软件行业的迅猛发展,,企业的信息化需求不断增加,软件的购买和运营费用越来越高,SaaS应运而生,它通过Internet将软件以服务的形式提供给客户,客户只要按需租用即可。SaaS模式可以降低企业运行成本,提高管理效率,为企业信息化提供了高品质,低价位的新选择。然而,随着SaaS平台的广泛应用,安全问题也随之而来。由于近年来数据泄露事件频发,给企业带来巨大的损失,因此,企业在选择SaaS时,首先考虑的就是安全问题能否得到保证,这也是SaaS运营商面临的主要问题。 本文首先对SaaS平台存在的安全问题进行了简单的介绍,并对数据安全的相关技术:HTTPS、SSL、数字证书、数字签名等进行了简单的阐述。然后,主要分析了SaaS平台数据传输和数据存储存在的安全问题。对于数据传输问题,主要分析了HTTP传输协议存在的安全隐患,对于数据存储问题,主要分析了由于SaaS多租户引发的数据隔离问题以及数据明文存储所存在的安全问题。 通过对SaaS平台数据传输和存储问题的分析和研究,提出了SaaS平台数据传输安全和存储安全问题的解决方案。对于数据传输安全问题,采用基于HTTPS的传输方案,使用SSL来确保数据的传输安全。然后,采用重定向的方案实现HTTPS安全传输。对于数据存储安全问题,首先分析了三种数据隔离方案,最后选择了共享数据库,共享架构的方案,并在其基础上提出了对核心字段分割的方案。然后选择了以字段为加密粒度,对DBMS外层进行加密的方案,基于MD5和DES加密技术,对敏感数据进行加密,在数据库中以密文保存,从而保证数据存储安全。最后,通过应用实例验证了方案的可行性。
[Abstract]:With the rapid development of the Internet and software industry, the information demand of enterprises is increasing, and the purchase and operation costs of software are increasing. SaaS emerges as the times require, and it provides software to customers through Internet. The SaaS model can reduce the operation cost, improve the management efficiency, and provide a new choice of high quality and low price for enterprise informatization. However, with the wide application of SaaS platform, security problems also follow. Because of the frequent data leakage events in recent years, it brings huge losses to enterprises, so when enterprises choose SaaS, the first consideration is whether the security can be guaranteed, which is also the main problem faced by SaaS operators. In this paper, the security problems of SaaS platform are introduced briefly, and the related technologies of data security, such as HTTPS,SSL, digital certificate, digital signature, etc., are briefly described. Then, the security problems of data transmission and data storage in SaaS platform are analyzed. For the problem of data transmission, this paper mainly analyzes the hidden security problems of HTTP transport protocol, and the problem of data isolation caused by SaaS multi-tenancy and the security problem of data plaintext storage for data storage. Based on the analysis and research of data transmission and storage in SaaS platform, the solution of data transmission security and storage security in SaaS platform is put forward. For the security of data transmission, the transmission scheme based on HTTPS is adopted, and SSL is used to ensure the security of data transmission. Then, the redirect scheme is used to realize HTTPS secure transmission. For the problem of data storage security, three kinds of data isolation schemes are analyzed firstly. Finally, a scheme of sharing database and shared architecture is selected, and a scheme of core field segmentation is put forward on the basis of this scheme. Then we choose the scheme of encrypting the outer layer of DBMS with field as encryption granularity. Based on MD5 and DES encryption technology, we encrypt sensitive data and save it in database with ciphertext, so as to ensure the security of data storage. Finally, the feasibility of the scheme is verified by an application example.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP309.2;TP393.09
本文编号:2390554
[Abstract]:With the rapid development of the Internet and software industry, the information demand of enterprises is increasing, and the purchase and operation costs of software are increasing. SaaS emerges as the times require, and it provides software to customers through Internet. The SaaS model can reduce the operation cost, improve the management efficiency, and provide a new choice of high quality and low price for enterprise informatization. However, with the wide application of SaaS platform, security problems also follow. Because of the frequent data leakage events in recent years, it brings huge losses to enterprises, so when enterprises choose SaaS, the first consideration is whether the security can be guaranteed, which is also the main problem faced by SaaS operators. In this paper, the security problems of SaaS platform are introduced briefly, and the related technologies of data security, such as HTTPS,SSL, digital certificate, digital signature, etc., are briefly described. Then, the security problems of data transmission and data storage in SaaS platform are analyzed. For the problem of data transmission, this paper mainly analyzes the hidden security problems of HTTP transport protocol, and the problem of data isolation caused by SaaS multi-tenancy and the security problem of data plaintext storage for data storage. Based on the analysis and research of data transmission and storage in SaaS platform, the solution of data transmission security and storage security in SaaS platform is put forward. For the security of data transmission, the transmission scheme based on HTTPS is adopted, and SSL is used to ensure the security of data transmission. Then, the redirect scheme is used to realize HTTPS secure transmission. For the problem of data storage security, three kinds of data isolation schemes are analyzed firstly. Finally, a scheme of sharing database and shared architecture is selected, and a scheme of core field segmentation is put forward on the basis of this scheme. Then we choose the scheme of encrypting the outer layer of DBMS with field as encryption granularity. Based on MD5 and DES encryption technology, we encrypt sensitive data and save it in database with ciphertext, so as to ensure the security of data storage. Finally, the feasibility of the scheme is verified by an application example.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP309.2;TP393.09
【参考文献】
相关期刊论文 前10条
1 秦晓霞;李文华;罗剑芬;;探讨数据库加密技术[J];电脑知识与技术;2008年18期
2 温静;任铄;;SaaS模式下的信息安全探讨[J];电脑知识与技术;2009年18期
3 刘国萍;刘建峰;谭国权;;多租户SaaS服务安全技术研究[J];电信科学;2011年S1期
4 储晨曦;王纯;李炜;;基于LAMP架构的Web权限控制组件的设计与实现[J];电信工程技术与标准化;2012年09期
5 任艳芳;;基于椭圆曲线密码(ECC)的数字签名技术[J];硅谷;2013年12期
6 胡华平,陈海涛,黄辰林,唐勇;入侵检测系统研究现状及发展趋势[J];计算机工程与科学;2001年02期
7 裴莹;徐俊刚;;基于服务的企业标准化培训平台[J];计算机应用与软件;2010年01期
8 谢亿民;;互联网和软件融合成就SaaS[J];软件世界;2006年15期
9 宋国江;;SaaS:信息安全新途径[J];软件世界;2007年15期
10 莫展宏;;国内外SaaS模式的发展现状分析[J];商场现代化;2012年07期
本文编号:2390554
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2390554.html
