基于云服务平台的移动安全管理系统的设计与实现

发布时间：2018-03-12 22:52

本文选题：移动办公　切入点：安全管理　出处：《南京理工大学》2017年硕士论文　论文类型：学位论文

【摘要】：随着智能手机等移动设备的全面普及,移动办公方式发生了巨大的改变,办公人员可以摆脱空间和时间的约束,使用手机随时随地进行办公。这一便利也带来了极大的安全隐患,比如办公人员保存、传播、盗用公司机密信息,因此对于移动办公能否制定一个安全解决方案是移动办公发展的瓶颈。论文选题来源于深圳中兴网信技术有限公司的实际项目"云盾--移动办公安全解决方案"。该系统汲取了现有移动办公系统的优点,并对其不足之处进行改善,将云计算的优势融入其中,通过在手机上连接云计算中心,获取远程虚拟化的Android系统环境,该系统不存储于本地,手机端只进行页面展示,所有数据均存储于云端虚拟机中,达到安全办公,降低公司成本,不侵扰员工隐私的目标。本文围绕云盾移动办公解决方案的改版项目,对移动管理系统进行设计和分析。论文的主要工作包括:首先,对系统开发框架进行概述,比较了各种技术开发框架后,采用目前性能较好的Spring MVC框架进行开发,同时使用数据持久层框架MyBatis进行配合,实现了对应用层的基础支撑,简化了前端与后台繁琐的数据交互。其次,详细介绍了定制云平台和云数据库的方法,并对Windows Azure公有云服务和SQLAzure进行了详细说明,实现了系统在云平台的部署和存储服务。然后通过对系统需求的分析,完成了系统主要功能的设计,包括用户管理,虚拟机管理,客户端版本管理,应用管理,登录验证等七个模块,给出了部分主要模块的代码示例,实现了对云办公方式的安全管理。在安全分析部分,由于云服务商都是不可完全信任的,将数据存储在云平台中的安全问题是系统设计必不可少的部分。本文提出使用云审计的方式验证云端数据的完整性,通过对云服务商,用户,TPA(第三方审计,Third Party Audit)三个终端在云审计过程中的交互进行模拟仿真,实现了云端数据完整性验证的目标。最后,对系统进行测试,分为功能和性能进行测试,功能测试部分展现系统各个模块正常运行,性能测试通过逐渐加压的方式对客户端并发登录以及客户端并发操作进行压力测试,评估系统的最大处理能力。
[Abstract]:With the popularity of mobile devices such as smart phones, the mode of mobile office has changed dramatically. Office workers can get rid of the constraints of space and time. This convenience also brings great security risks, such as the preservation, dissemination, and embezzlement of confidential company information by office personnel. Therefore, whether the mobile office can make a security solution is the bottleneck of the development of mobile office. This paper comes from the actual project "cloud shield-mobile office security solution" of Shenzhen ZTE Technology Co., Ltd. The system draws on the advantages of the existing mobile office system, By connecting the cloud computing center on the mobile phone, we can get the remote virtualization Android system environment, the system is not stored in the local, the mobile phone only carries on the page display. All data are stored in the cloud virtual machine to achieve the goal of secure office work, reduce company costs, and do not intrude on the privacy of employees. The main work of this paper is as follows: firstly, the system development framework is summarized. After comparing various technical development frameworks, the Spring MVC framework with better performance is used to develop the mobile management system. At the same time, the data persistence layer framework MyBatis is used to support the application layer, which simplifies the complicated data interaction between the front end and the background. Secondly, the method of customizing cloud platform and cloud database is introduced in detail. The Windows Azure public cloud service and SQLAzure are described in detail, and the deployment and storage services of the system on the cloud platform are realized. Then, through the analysis of the system requirements, the design of the main functions of the system is completed, including user management, virtual machine management, and so on. Seven modules, such as client version management, application management, login verification and so on, are given. The code examples of some main modules are given, and the security management of cloud office mode is realized. In the security analysis part, because cloud service providers are not completely trusted, The security of storing data in cloud platform is an essential part of system design. This paper proposes to use cloud audit to verify the integrity of cloud data. The interaction of the three terminals in the process of cloud audit is simulated and simulated by the user TPA (third Party Audit), which realizes the goal of data integrity verification in the cloud. Finally, the system is tested, which is divided into function and performance. The function test part shows the normal operation of each module of the system. The performance test carries on the stress test to the client concurrent login and the client concurrent operation through the gradual pressurization way, evaluates the system maximum processing ability.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP311.52;TP393.09

【参考文献】