Model Research Based On Security Architecture Of Application Area Boundary

The security solutions of most currentl information system are technical measures to defend and stop up by firewalls, inbreak detection and virus prevention and so on, and their operations are to solve the problem where there are possible risks and security problems with corresponding safety technique. As a result, the means of malicious users become wiser and wiser, and the protection detection programs more complicated. The false report rate will increase along with the safe investment, further more, the maintenance and management become more complicated and difficult to enforce, the efficiency of information system is greatly declining. In view of the lack of security solution scheme of the information system as a whole, information security experts at home and abroad have put forward new concepts, such as information assurance, information security architecture and so on to provide the whole security solutions of the information system. Instructed by the frames of information security assurance technology of Three longitudinal,Three horizontal and Two centers by Shen Changxiang academician, and the security architecture of application area boundary built in application layer of TCP/IP stack, the whole security model based on the security architecture of application area boundary and its typical plug-in layer security model have been put forward. A simulation method of security model is made in the end. We can provide the overall, intact information assurance based on application layer on boundary for information system by researching the security architecture of application area boundary and other security models in the dissertation. At first, elementary knowledge of information security model is introduced by analyzing the security architecture of application area boundary, correlative techniques. The concepts such as safe service set, granular control set, rule set and purview set are defined. The information security model based on the security architecture of application area boundary is given, according to the fundamental principle of finite automaton model, BLP model, Biba model and RBAC model. Information security model based on the security architectures of application area boundary is connected with the research of information security main attribute, but how can each one of information security attributes be combined organically? The thesis offers a solution to the problem with the introduction of the new concept of information concern degree, which is used for reflecting to what extent how people are concerned with the information security attribute. With two different ways, a safe function is given so that each information security attribute can be combined, and rules of reading and writing are defined respectively, and corresponding security model is also set up. One way is that integrative function of confidentiality and integrity of information security replace the classifications BLP model and improve the category of the BLP model, and the security rules similar to BLP model represent a new information security model which is the extension of BLP model and Biba model. The other way is that the reading and writing rules of the defined integrative function of information security attribute are compatible with those of BLP model and Biba model, and an application model is offered. The following researches are made in plug-in layer of the rule management of the security architecture of application area boundary. A security information flow model built on rules is established to RBAC model in the dissertation, and a security model grounded by rule management is set up in the light of security plug-in of rule management and from the point view of information security. In view of plug-in layer of encrypt and decrypt of the security architecture of application area boundary, a conclusion that traditional information flow model can not describe the process of encrypt and decrypt is reached from the angle ofinformation flow on the condition that present common cipher system is first reviewed and characteristics of information are analysed between encrypt and decrypt. A new security information flow the model on the foundation of encrypt and decrypt is formed by analyzing it in the paper.Meanwhile, the thesis offers security description of plug-in layer of encrypt and decrypt, and how it works to make any arbitrary object safe after encrypt ,and the requirements which meet the algorithm. The plug-in layer of authentication technique is also an important one of the security architecture of application area boundary. The existing common authentication technique is summarized in the dissertation. With the help of "authentication trustworthiness", it solves the problem of identity puzzle by way of modifying subject classifications and grade of integrity after authentication, and provides security description of the plug-in layer. The security architecture of application area boundary is an important part of the technological frames of information assurance, viz., Three longitudinal, Three horizontal and Two centers. The security information flow model of three longitudinal security architecture, which has the close connection with the security architecture of application area boundary, is given with three dimensions security function, and the model is regarded as a beneficial supplement of security model of the security architecture of application area boundary. At the same time, a specific example, the information flow model based on the network security of Nuclear Power Plant is given. Currently, the Browser/ Server (B/S) mode information system application is most widely used, and the thesis has given the security model of B/ S mode information system. It is served as a complement of the security architecture of application area boundary. At the end, it makes use of the interface ICI of OPNET which is a noted network simulation software to simulate the reality to transmit process of security information of data, which paves a new way for the simulation research of the security model of architecture of application area boundary and of the generic information security model.The thesis is focused on security architecture of application area boundary, and the models and methods that have been put forward, will have the positive meaning for the research of the whole security frame based on application layer upon the border and theories of information security.