Research And Implementation Of Information Security Issues Of Data Exchange Platform

With the high-speed development of informationlization, Electronic Government Affair System meets the problem that local Electronic Government Affair Systems are isolated and can not exchange information with each other. Data Exchange Platform, which aims for making distributed heterogeneous data exchangeable and shareable, can remove "information isolated island", implement information exchange and integration, and make local Electronic Government Affair Systems intercommunicate well.Data Exchange Platform may undergo many threatens in network circumstance. In order to ensure that Data Exchange Platform runs safely, reliably and effectively, an extendable high performance security subsystem is needed to prevent possible threatens.This thesis introduces our accomplished Data Exchange Platform named ExistABC, and then describes its function, framework and the function design of its subsystems. Basing on the research on present security technologies and the security requirement of Data Exchange Platform, this thesis gives the Single-domain Security Model and Multi-domain Security Model.Single-domain Security Model resolves the security issues in one domain. It makes use of xml digital signature and xml encryption to ensure the security of data exchange and uses digital certificate-based identify authentication to ensure the validity of authentication. Its RBAC-based access control and privilege management allow only authorized users to be given access to certain data, and makes privilege manage easily and safely. The communication between subsystems in this model is implemented by Web Service Security (WS-Security) , which makes communicate safely and effectively.Multi-domain Security Model resolves the security issues and management affairs over multiple domains. Besides dealing with the security issues which are similar to Single-domain Security Model, the model uses Domains Management, Routing Management and Holistic Schema Management to dispose the management affairs among domains. By considering the characteristics of privilege management over...