Research And Application Of Auditing In E-government System

E-government is a system engineering which makes the governmental work standard, served, informational, netted and opened with the computer and network to manage and maintain the daily work. E-government is related to state secret information and the high sensitivity of the core of administration, of which the safety has become a great concern over the issue. OSI/RM has defined five groups of security services: authentication services, access and control services, data integrity services, confidentiality services and anti-repudiation services. Security auditing is the core technology of anti-repudiation services in OSI/RM, which means to identify, record, store and analyze the related information about security activities, of which the records are used to check the security activities and find out who is responsible for these.The paper deals with the security auditing in e-government system in view of application layer. By studying theories of information system auditing and Oracle 9i auditing, it brings forward and implements the security auditing solution which is based on J2EE, covers internet, extranet and intranet and database, meets CC criteria.This paper focuses on the e-government system security audit technology research and application. Through analyzing the typical structure of e-government and the visited features and applied situation of internet layer, extranet layer and intranet layer, it develops corresponding audit strategy. Meanwhile, it makes in-depth study of the Oracle 9i auditing techniques to enhance the fineness and size of the security audit, improve the authoritative and credible nature of the audit log. The audit solution makes coverage of internet, extranet and intranet and the database, each of which contains core modals based on CC criteria, such as rules management, log collection, log analysis and log management, and provides a more complete resistance to anti-repudiation services. The security auditing solution using pipes and filters architecture model can be reused and transplanted and makes a lot of significances in the implementation of information systems security auditing.