基于CORBA的综合网络管理系统安全性优化设计与实现

发布时间：2019-05-24 04:32

【摘要】：光纤通信作为通信网络的基础支撑,担负着事关国计民生的高速率、大容量信息传输任务,也是信息传送的重要承载主体。当前,随着信息时代的飞速发展,通信网络的规模日趋庞大,为了实现通信网络的高效、集中管理,各大运营商、企业等相继开发、建设了基于CORBA的综合网络管理系统,以提高网络运维管理水平。由于分布式结构的松散特性以及CORBA平台自身的复杂性,加之与CORBA相关的安全规范滞后于网络管理系统的发展,分布式网管系统面临着更加严峻的安全问题。因此,加强对基于CORBA的综合网络管理系统安全性的优化设计研究,提升综合网管系统的整体安全水平,对于安全光网络的建设、发展具有重要意义。本文对基于CORBA的综合网管系统的安全性进行了分析,介绍了几种隐式授权攻击方式,并在此基础上提出了CORBA对象引用相关安全威胁的对策与方法。主要研究内容和创新性成果如下:一是提出了一种能够威胁CORBA对象引用过程的攻击方式,通过对多个厂商的CORBA产品进行匿名测试攻击,证明该种通过隐式授权对对象主键实现有效测算的攻击方法,可以较为高效地对CORBA产品进行攻击。二是提出了两种对CORBA产品中对象主键进行加密的算法,通过对对象主键进行加密,实现对来自隐式授权安全威胁的有效保护。三是本文实现了CORBA第三方软件的加密功能,通过对华为i Manager T2000网络管理系统进行加密算法的封装,实现对华为i Manager T2000综合网络管理系统安全性能的提升,从而证明了本文提出安全性加密算法的正确性和有效性。
[Abstract]:As the basic support of communication network, optical fiber communication is responsible for the task of high speed and large capacity information transmission related to the national economy and people's livelihood, and is also an important carrier of information transmission. At present, with the rapid development of the information age, the scale of the communication network is becoming larger and larger. In order to realize the efficient and centralized management of the communication network, the major operators, enterprises and other major operators have developed one after another, and an integrated network management system based on CORBA has been built. In order to improve the management level of network operation and maintenance. Due to the loose characteristics of distributed structure and the complexity of CORBA platform, and the security specifications related to CORBA lag behind the development of network management system, distributed network management system is facing more serious security problems. Therefore, it is of great significance for the construction and development of secure optical network to strengthen the research on the security optimization design of integrated network management system based on CORBA, and to improve the overall security level of integrated network management system. In this paper, the security of integrated network management system based on CORBA is analyzed, several implicit authorization attacks are introduced, and the countermeasures and methods of CORBA object reference related security threats are put forward. The main research contents and innovative results are as follows: first, an attack method which can threaten the CORBA object reference process is proposed, through anonymous testing attacks on the CORBA products of multiple vendors. It is proved that this attack method, which can effectively measure the primary keys of objects by implicit authorization, can attack CORBA products more efficiently. Secondly, two algorithms for encrypting object primary keys in CORBA products are proposed, which can effectively protect the security threats from implicit authorization by encrypting the object primary keys. Third, this paper realizes the encryption function of CORBA third-party software. By encapsulating the encryption algorithm of Huawei I Manager T2000 network management system, the security performance of Huawei I Manager T2000 integrated network management system is improved. Thus, the correctness and effectiveness of the security encryption algorithm proposed in this paper are proved.
【学位授予单位】：国防科学技术大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.07

【参考文献】