Research On Secure Transfer Model Of Network-Component

Component based software engineering is the necessary tendency of software technology in the next century. It is also one of the hottest topics in current software engineering realm. As traditional component technology is integrated into Internet further, software component which bases on heterogeneous and distributed network enviroment, we called Network-Component, has already become one of the most important directions of component development. The characteristics of Internet environment, such as opening, unstability, autonomy and heterogeneity, etc. lead the running environments of Network-Component to an unpredictable situation. Also, the communication between the Network-Components become unsecured. So the communication of Network-Component will be confronted with great challenges.This thesis begins with the analysis of secure requirement of network-component proposes the Secure Transfer Model of Network-Component(STMNC). The STMNC add security layer on traditional network-component system model, it insures secure communication between client and network-components. We also propose the concept of Secure Domain to enhance efficiency and two strategies that will decline the overhead. Then describe design and implementation of the model. This thesis mainly includes:First, as we consider the traditional network-component software architecture, we announce the concept of secure Network-Component. Then we define and describe it using formalization method;Second, the thesis introduces the SSH Protocol, analyses its workflow and the secure assurance in network security. Comparing with other protocols, we deduce its advantage in the application layer of network security. Aiming at the secure problem of network-component software system, we apply the SSH idea to our network-component system. We also describe the SSH project in Huawei's VRP platform.Third, We propose the Secure Transfer Model of Network-Component aiming at the distributed secure communication of the network-component. For enhancing the efficiency of the distributed communication, the thesis proposes the concept of secure domain. Then we discuss reuseness of security steps and the formal description of secure domain and secure agent. We propose two strategies that will decline the overhead: data prefetch and parallel authentication, and their performance.At last, we describe the system design of the STMNC detailedly and offer the algorithm of the main module. And add the STMNC to the "Component-Based Software Development Kits" (CBSDK). We do some experiments on EJB using system CBSDK. The experimental results showed that the new securenetwork-component software architecture can get excellent result in improving the performance and efficiency of distribute secure communication in software system.This thesis is supported by the fund of the concurrent workflow development based on component library research(2001AA113142) and the SSH project in Huawei company. The idea of this thesis is generated from this two projects.