https://scholars.lib.ntu.edu.tw/handle/123456789/115587
標題: | 多層次安全性文件存取控制之研究 Multi-Layered Security Framework for Document Access Control |
作者: | 潘啟諫 Pan, Chi-Chien |
關鍵字: | 個人防火牆;存取控制;代理伺服器;分散式防火牆;Access Control;Prsonal Frewall;Proxy;Distributed Firewall | 公開日期: | 2004 | 摘要: | 由於網路技術的快速發展,企業組織所建立的內部網路其所及範圍與複雜度都日趨增加。同時隨著病毒與木馬後門等惡意程式的攻擊型態產生, 以往被視為安全可信賴的內部網路環境,其安全性問題受到極大的威脅。新型的木馬後門程式利用網路穿隧技術,透過標準的網路服務通訊埠,輕易地穿透企業防火牆進行內外的溝通與監視。而另一方面,透過內部網路進行文件的分享與存取,已成為各企業組織運作不可缺少的部分,文件安全性的問題尤其關係整個企業組織的發展,如何才能確保其安全,避免遭受可能的網路攻擊,便成為主要的研究課題。在本論文中,我們以企業組織的內部網路為範圍,研究提出S.P.A.C多層次的安全性架構,來提供安全的文件存取控制。在此架構下,我們同時可以與其他安全性機制(如IPsec, SSL)相結合,以發揮最大弁遄C另外在設計考量方面也以具彈性、低成本為目標,來減少企業組織實際應用的困難。相關研究的安全性機制包括各種個人防火牆技術與設計:以代理伺服器作為應用層面的控制、以動態封包過濾之個人防火牆作為網路底層的安全、以分散式防火牆來對使用端同時進行保護與控制、以動態密碼認證來作為整合的存取控制。 With the highly advanced network technology, the Intranet of the organization has become more complicated and widely applicable. At the same time, new attack models of the malicious software, such as virus and Trojan horse, have also been developed. The Intranet environment, which used to be considered as safe and reliable in the past, suffers tremendous threats. Those novel viruses and Trojan attacks make use of the tunneling technique to bypass the firewall via standard service ports, such as port 80. On the other hand, the sharing of documents in Intranet is essential for present organization, and its security problem has been a threat to development of the organization. The ways to secure the document access and protect Intranet from attacks have become an important issue. In this dissertation, we focus on the security problem for document access control in Intranet, and propose the S.P.A.C. multi-layered security framework to secure it. Within the framework, some present security mechanisms such as IPSec, and SSL can also be integrated to provide more security. We also consider the flexibility and cost in the design to reduce the potential difficulties of physical deployment in the organization. A compete security framework comprises the proxy server technique for application level access control, the dynamic packet filter personal firewall technique for stopping the illegal network packets, the distributed firewall technique for controlling and protecting the client machines, and the dynamic id/password authentication for integration of document access control. |
URI: | http://ntur.lib.ntu.edu.tw//handle/246246/53699 | 其他識別: | en-US |
顯示於: | 資訊工程學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。