内容安全权限管理系统的设计与架构

发布时间：2018-07-05 16:34

本文选题：内容安全 + 权限管理　；参考：《天津大学》2016年硕士论文

【摘要】：随着传统互联网,移动互联网的飞速发展,越来越多的公司暴露出了安全问题,安全问题的重要性也越来越大,但安全问题不仅限于网络安全,内容安全也也是很重要的一部分,因此设计一种合理的内容安全权限管理系统,有着非常重要的意义。内容安全权限管理系统,本质上是对于有访问限制要求并需要保证安全的内容做权限存储,权限管理涉及到的功能包括:权限适配,权限的查询,转发,撤销,更新等功能。内容安全系统必须能支持现有的管理制度,包括内容分级管理、文件生命周期管理。能够支持现有的应用系统,应用内部往往已经包含了大量需要保护的内容,内容安全系统必须能支持既有应用。部署内容安全系统要和现有的应用结合,不能对现有应用造成严重影响,不能终止、改变现有应用。目前本系统在国内外都有相似的设计及架构,但不少会存在一些问题,比如权限的隔离性,安全性,节点间的交互性等方面。本课题旨在设计一种内容安全权限管理系统,能遵从如下设计原则:使用的便利性,在日常工作中用户需要频繁访问内容安全系统,便利的授权管理手段将大大提高内容安全系统的可用性。应用的多变性,内容安全系统在具体应用中将呈现多样性,在条件许可的情况下权限管理子系统能和应用原有的权限管理系统进行联动。未来的扩展性,内容安全系统未来必将发展成为企业内部的关键应用,权限管理子系统的扩展性是系统发展的重要保障。实现重点如下,权限查询及同步服务,包括权限查询,权限转发,权限同步,权限更新,权限缓存更新,权限撤销;权限适配服务,包括本地节点权限适配,垮节点权限适配;加解密服务。在权限隔离性,安全性,节点间的交互性,服务性能等方面做出优化。
[Abstract]:With the rapid development of the traditional Internet and mobile Internet, more and more companies have exposed security problems, and the importance of security issues has become more and more important, but the security problems are not limited to network security. Content security is also an important part, so it is very important to design a reasonable content security privilege management system. Content security permission management system is essentially to have access restrictions and need to ensure the security of content to do the right storage, the rights management involved in the functions include: permission matching, permission query, forwarding, revocation, update and other functions. Content security systems must be able to support existing management systems, including content hierarchy management, file lifecycle management. In order to support the existing application system, the content security system must be able to support the existing application. The deployment of the content security system should be combined with the existing application, which can not seriously affect the existing application, can not terminate, and change the existing application. At present, the system has similar design and architecture at home and abroad, but there are some problems, such as the isolation of authority, security, interactivity between nodes and so on. The purpose of this paper is to design a content security authority management system, which can follow the following design principles: convenience of use and frequent access to content security system in daily work. Convenient authorization management means will greatly improve the availability of content security systems. The variability of application, the diversity of content security system in the concrete application, and the linkage between the privilege management subsystem and the original authority management system can be carried out under the condition that the condition permits. In the future, the extensibility of the content security system will become the key application in the enterprise, and the extensibility of the privilege management subsystem is the important guarantee for the development of the system. The key points are as follows: permission query and synchronization services, including permission query, permission forwarding, permission synchronization, permission update, permission cache update, permission revocation, permission adaptation service, including local node permission adaptation, collapsed node permission adaptation; Encryption and decryption services. It optimizes privilege isolation, security, interactivity between nodes, service performance and so on.
【学位授予单位】：天津大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP311.52

【参考文献】