| Information security is focused by both academic researchers and enterprise practitioners, and Product information is one of carrier with knowledge innovation in an enterprise,whose security management is important for enterprises development.With the development of enterprises information construction, the period of product information security management covers the whole product life, which increases the difficulty and complexity of management. Traditional product information management method becomes weak in dynamic and real-time product management, while it is an opportunity to the innovation of product information security management to build up the system of product information security management for PLM.To deal with some problems in the product information security management, on the basis of analyzing the information security theories and application status in enterprises, according to the ideas of system theory and integration theory, a product information security management system framework and its implementation techniques are studied in the dissertation with different engineering methods.The contents of product information security management are analyzed, and the paper builds product information model and product information assets model for security management. The product information security management framework structure is proposed based on analyzing the features and requirement of product information security management in PLM environment, which includes hierarchy structure and functional structure. And then the paper presents the key technologies of Product information security management and a system integration model based on filtering system according to the real difficulties for system integration process.From the reduced complexity of perspective, a system boundary control method for product information security is proposed. By building the system boundary model, the security management objects in the system boundary are analyzed. And then a concept model for system boundary controlling objects, a hierarchical threat model based on system boundary and a security constrain model for system boundary controlling process are proposed. And on the base of the above models a system boundary control method for product information security management is presented including a system boundary operation control method based on rules and a system boundary operation control method on constrain relationships, which can achieve the dynamic, real-time control and prevent leakage of product information.The method of controlling and managing product information flow is proposed. By analyzing the change characters in product information business process in PLM environment, a condition describing model of product information is presented, which realizes that dynamic conditions of product information can be tracked. Thus, a querying and tracking method for processes of product information based on information topologic structure Model is proposed through the relation study among product information, product information topologic structure and vector spaces, which realizes the process of locating and tracking quickly. The method provides the necessary decision support for product information security boundary operation control, and it is the base of product information security management.From the overall view of enterprises an authorization management for process control based on PMI model is researched. By analyzing dynamic process of access control in PLM and hierarchical system constrains, an access control model based on T-RBAC is built. And to deal with special protection requirement for sensitive information, an access control method for sensitive information of enterprises is presented, which focuses on special control method for sensitive information managing process. According to the above study, by introducing T-RBAC model into PMI role mode a PMI security management method based on T-RBAC is proposed, which can support information security management with three ways of access control including access control based on role, task and role and task.Combining the study result and security management situation in enterprise, an information system software prototype based on the product information security management conditions and requirements for enterprises is established including system framework,function model, system analysis method, system design method and system implementation method, which is tested and analyzed. The study of product information security management method and its support system is favorable to promoting information security management theory and practice with practically significant to enterprises. |
PDF Full Text Request