| With the introduction of management information system(MIS), office and production management software is used more and more widely in the Country Electrical Power of State Grid Corporation of China(SGCC).It improves the efficiency and quality of service in enterprises, but the security of the software is an obstacle that blocks the promoting of information management. In other words, it is a serious problem that affects the production and operation in power sector.In order to solve software security problems, the author's work as follows:Firstly, the author applies the threat modeling techniques at the stage of software design. It can analyze the defect earlier, take defensive measures against attack, make the goal of security definitely and decrease the rate of attack and threat. Secondly, the author analyzes the threats on the base of threat modeling and takes corresponding measures to abate the threats. These threats include spoofing, tampering, repudiation, information disclosure, elevation of privilege, etc. Thirdly, the paper makes some security strategies in the software development process, such as software development platform option, database option, choice of software architecture, site security policies, network communications security strategies, etc. What's more, the thesis also list key code that used in the software development. Fourthly, the thesis analyzes and presents the design and implementation of permissions management system and E-document processing system which are both the sub-module of the system, as well as implements the function of electronic approval through the technology of digital signature.In conclusion, the security of standardization system is improved through the security search. So it can measure up to the security standards of electricity sector basically. |
PDF Full Text Request