| Along with the popularization and development of network applications, PKI is becoming more and more important, and as an authoritative, trusted and righteous third party, PKI/CA must be protected from threats. To protect CA system, various security technologies are adopted, including firewall, intrusion detection, virus prevention and VPN. But in real environment, on one hand these security equipments are independent from each other and share little interoperability, on the other hand they generate abundant of security events resulting it difficult to find out fatal threats.After researching on SOC related technologies, this thesis analyze the drawbacks of traditional CA security management, and propose to apply the security management mechanism of SOC to CA, that is providing a new managing model to CA by means of the automatic collection and relationship analysis of security events and the linking control of security equipments. We focus on the transformation of security mechanism from SOC to CA, so we establish a information model of CA security events correlation and present a comprehensive approach to CA security events correlation. The point of our research is the analyzing arithmetic for the correlation of CA security events. Then, we design and realize a CA securely operating and managing system, based on events correlation and linkage control.At last, we apply the proposed system into a real CA. The result shows that it can detect exactly the fatal security events and respond to them initiatively. It is also able to reduce the wrong and leaking reports of intrusion detection system, maximize the security of equipments and minimize the network security threats to ensure the continuously secure operation of CA. |
PDF Full Text Request