| With development of network technology, e-business is becoming hotspot concerned by more and more corporations, and consumers gradually. However, inevitable security flows of network hinder the further development of e-commerce industry. Therefore, it is indispensable to develop an efficient application to ensure it's progress.The thesis takes security issues related with e-commerce and modern network techonology into consideration, and proposes an integrated security management software platform for e-commerce. Following the international standard principals of E-Commerce, the system adopts modular design principles and XML bus topolopy, each module has standard interface, which makes expansibility and maintainability more conviniently; Using advanced technology develops Integrated e-commerce Security Framework: Integrated behavior modeling and pattern matching intrusion detection algorithm for data filtering module, authentication&authorization algorithm based on JAAS, Cryptographic technology and dynamic periodicity management for key, Application monitoring module which can responds information dynamiclly, Security monitoring module that monitors security information on line; Plug-in intelligent security agent can collect the security information of user requests and filter the malicious sensitive character, and then insure the seamless connection between security agent and E-Commerce.As the part of introducation, current situcation of E-commerc and problems in security solusions are discussed. Chapter 2 reveals a framwork of the security platform proposed in the thesis, and discusses its implementation mechanism and relationships among several funcational modules. Chapter 3 delivers implementation details of data filtering moduel. Chapter 4 explains the design of Security Agent. Chapter 5 concentrates on how to implement an authentication and authorization module based on JAAS. Detailed description on Protocol Filtering is reviewed in Chapter 6. Chapter 7 analyzes cryptographic technology principles and implementation based on JCE. Log-related functions, such as retrieval and removal, are described in Chapter 8. The methodology to real-time security monitoring can be found in Chapter 9. Chapter 10 discusses how to implenment real-time application monitoring, including response performance monitoring. Several popular J2EE-relevant technology, such as Struts and dom4j, are introduced briefly in Chapter 11. Finally, testing and result are gaven in the Chapter 12. These experiment results demonstrat that the proposed integrated security management software platform for e-commerce is very effective and efficient. |
PDF Full Text Request