Modeling And Analysis Of PKI System Based On DoDAF

The Public Key Infrastructure (PKI) involves a set of factors such as personnel, management, facilities and cryptograph. It is complex to develop a PKI system and requires high security requirements. As a system engineering methodology guiding the development of complex systems, Department of Defence Architecture Framework (DoDAF) provides effective solutions to solve the problems faced during the process of developing a PKI system. Based on the systematic analysis of the DoDAF, the model of the PKI systems is built. Then the static structure, dynamic behavior, system systematic security and function functional validity of PKI systems are analyzed and validated. Finally, the structure and function of the PKI systems are designed.The main contributions of this dissertation are as follows:(1)Based on the analysis of DoDAF framework, the DoDAF-based modeling process is improved and optimized with the extension and partition of DoDAF architecture products OV-4 and OV-5. Then it is used to build the Top-level Design Model, Organization Model, Systems Activity Model and Systems Deployment Model of the PKI systems.(2)The static and dynamic models of the PKI systems, which are built on the basis of DoDAF, are analyzed. The systematic security is analyzed on the aspect of physical structure, logic relationship and sensitive information of the PKI systems. An UMLsec Model of the PKI systems is built with Attacker Capabilities. The functional validity of the PKI systems is formalized validated, guaranteeing the validity of the DoDAF-based PKI systems model.(3)In accordance with the hierarchical model, functions of registering and authenticating centers of the PKI systems are analyzed and designed, which provides a detailed guiding program for the further development and application of the PKI systems. The modeling and analyzing methods in this dissertation have good security and validity.The UML and the extended UMLsec are used in the whole development process, making the system model description clear and unified. As a result, the system model is simple to be understood by developers and can distinctly guide the upper analysis, design, maintenance and extension of the systems, improving the reusability and maintainability of the PKI systems.