Designing And Development Of The Service Security Container System Used In Next Generation Network Service Support Environment

Next Generation Network (NGN) opens network capabilities. While with the rapid growth of new service requirement, it's necessary to open service capabilities in NGN. Opening service capabilities brings forward a series of security problems in service layer of NGN. How to assure the service security of loading and running in the Service Supporting Environment is one of the main problems.This thesis first introduces the background of the project in which the author has participated, then the concept and the development of NGN and Service Supporting Environment are explained briefly. The existing security research fruit of opening service capabilities are expatiated in detail.According to analyzing thoroughly the background knowledge, the main content of the service loading and running security in the Service Supporting Environment is pointed out in the thesis, including four parts. These contents are service integration verify, application server core package protect, system resources protect, service abilities restrict.On the basis of making clear how to carry out the research, the security properties of services and application server are defined. And base on the clearing of entire requirement, four parts of service loading and running security in the Service Supporting Environment are put forwarded, and describe the function and non-function requirement which the system related to.On the basis of aforesaid research, a service security container system is put forward which is divided into five functional modules from the system designing perspective: service integration verify module, application server core package protect module, system resources protect module, service abilities restrict module and configure file parse module. The system is based on the RBAC access control model, and AOP interception mechanism, Java security model, PKI security technology etc. are related to. Then a detailed function account and work flow is given of each functional module.In the aspect of system realization, the software architecture of Service Security System is elaborated in the light of object oriented design pattern, and the main functional classes are illustrated by offering the class diagrams of each module.In the end of this paper, a summary of the author's work is listed;meanwhile, the necessary improvements of this system in the future arealso pointed out.