基于用户行为的农业信息云平台统一身份认证技术研究

发布时间：2018-04-15 12:46

本文选题：单点登录 + 身份认证　；参考：《河北农业大学》2015年硕士论文

【摘要】：随着云计算的在各领域的广泛应用,云计算的安全问题显得更加突出。相较于传统的网络安全问题,隐私和安全是云数据管理环境中的主要风险。云计算最重要的服务是数据存储,把数据存到云端,所说的云端实际上是由云服务提供商提供的大型数据存储中心,云端存储的数据资源可以同时为多个用户所使用。身份管理和身份认证是云用户面临的一个大问题。为了保证云环境中用户的数据和隐私安全,必须使用高效的用户身份管理和认证方法。单点登录技术使用不同用户身份的管理来提高云用户的隐私和安全,确保用户的访问授权,保证提供安全的云数据管理环境的有效方法。单点登录技术是应用于不同系统之间,既可实现同域也可实现跨域登录的“一键切换”。论文分析了当前农业信息云平台的安全和用户隐私存在的问题,深入研究了单点登录技术,建立了一套适合农业信息云平台的单点登录模型,另外,为了进一步提高用户信息和平台数据的安全性建立了用户行为分析模型。论文的主要工作如下:(1)建立了基于CAS的单点登录模型,对传统的CAS登录机制做了改进,对用户的帐号和密码进行加密处理,确保用户信息安全。(2)采用Acegi和CAS相结合的用户访问权限控制技术,对用户身份认证和访问权限进行统一管理,避免用户多次进行身份认证,在系统内部可以进行自由切换,降低了应用系统的维护和管理成本,同时提高了安全性和可扩展性。(3)在用户身份认证的基础上,引入了用户行为认证机制,对平台用户的网络操作行为(用户行为习惯)建立了用户行为认证模型。引入用户访问行为偏离度的概念,有效的过滤掉一部分信任度低的访问请求。论文中的单点登录技术具体应用到某省农业信息云平台,配置了农业信息云平台所需的运行环境,并测试了整个单点登录系统的性能,实验结果符合预期,实现了用户隐私保护和系统安全。
[Abstract]:With the wide application of cloud computing in various fields, the security of cloud computing becomes more and more prominent.Compared with traditional network security, privacy and security are the main risks in cloud data management environment.The most important service of cloud computing is to store data to the cloud. The cloud is actually a large data storage center provided by cloud service provider. The data resource stored in cloud can be used by multiple users at the same time.Identity management and identity authentication is a big problem for cloud users.In order to ensure the security of user's data and privacy in cloud environment, efficient user identity management and authentication methods must be used.Single sign-on technology uses the management of different user identities to improve the privacy and security of cloud users, to ensure user access authorization, and to ensure an effective method to provide a secure cloud data management environment.Single sign-on (SSO) technology is a kind of "one key switch" which can be applied to different systems, both in the same domain and across domains.This paper analyzes the security and user privacy problems of the current agricultural information cloud platform, deeply studies the single sign-on technology, and establishes a single sign-on model suitable for the agricultural information cloud platform.In order to further improve the security of user information and platform data, a user behavior analysis model is established.The main work of this paper is as follows: (1) the single sign-on model based on CAS is established, the traditional CAS login mechanism is improved, and the user's account number and password are encrypted.To ensure the security of user information, the user access rights control technology combined with Acegi and CAS is adopted to manage the user identity authentication and access authority uniformly, to avoid user identity authentication many times, and to switch freely within the system.It reduces the maintenance and management cost of the application system, and at the same time improves the security and expansibility. It introduces the mechanism of user behavior authentication on the basis of user identity authentication.The user behavior authentication model is established for the network operation behavior (user behavior habit) of platform users.The concept of user access behavior deviation is introduced to effectively filter out some access requests with low trust.The single sign-on technology in this paper is applied to the agricultural information cloud platform of a certain province, and the running environment of the agricultural information cloud platform is configured, and the performance of the whole single sign-on system is tested. The experimental results are in line with the expectation.User privacy protection and system security are realized.
【学位授予单位】：河北农业大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP309;S126

【参考文献】