本文選題：移動終端　切入點：敏感信息　出處：《西安電子科技大學》2014年碩士論文

【摘要】：隨著信息化技術的高速發(fā)展,擁有全國乃至海外分支機構的大型企事業(yè)單位,其內部交互的重要、敏感信息越來越多,而且出差在外的員工利用公開網(wǎng)絡與單位內網(wǎng)之間進行業(yè)務傳遞的情況也越來越頻繁,因此,研究在公開網(wǎng)絡環(huán)境中敏感信息在移動終端的隔離防護技術具有較高的理論意義和實際應用價值。本文首先詳細分析了隔離防護技術的研究現(xiàn)狀,包括國內外現(xiàn)有信息安全保障體系、可信計算技術以及隔離交換技術和美國GIG網(wǎng)中高保障IP加密機技術,然后對敏感信息在移動終端可能面臨的主要攻擊形式進行了分析,為后續(xù)方案的安全性設計提供重要參考；接著重點研究了移動終端與企事業(yè)內網(wǎng)之間傳輸敏感信息的應用場景,根據(jù)應用場景提出了敏感信息在移動終端隔離防護的安全模型,并對安全模型中各模塊的功能進行了詳細的設計；隨后在把握設計原則的基礎上,提出了敏感信息在移動終端的隔離防護方案。利用可信計算技術提供底層安全,設計自定義協(xié)議對內部傳輸通道進行隔離,通過拆分和重組數(shù)據(jù)并采用不同傳輸通道以降低可能出現(xiàn)的漏洞攻擊。最后,對方案中的關鍵技術進行了編程實現(xiàn),包括身份認證與密鑰協(xié)商過程以及數(shù)據(jù)的拆分與重組。并且從軟硬件兩個層面分別就方案的抗攻擊機制和安全防護機制的安全性進行了分析,表明方案具有較高的安全性。
[Abstract]:With the rapid development of information technology, large enterprises and institutions with branches throughout the country and even overseas have more and more important and sensitive information in their internal interactions. Moreover, the use of the open network and the internal network for business transfer is also becoming more and more frequent, so, It has high theoretical significance and practical application value to study the isolation and protection technology of sensitive information in mobile terminal in the open network environment. It includes the existing information security system at home and abroad, trusted computing technology, isolation and exchange technology and high security IP encryption machine technology in American GIG network. Then the main attack forms that sensitive information may face in mobile terminal are analyzed. It provides an important reference for the security design of the subsequent scheme, and then focuses on the application scenario of transmitting sensitive information between the mobile terminal and the enterprise Intranet, and puts forward a security model for the isolation and protection of the sensitive information in the mobile terminal according to the application scenario. The function of each module in the security model is designed in detail, and then, on the basis of grasping the design principle, the isolation and protection scheme of sensitive information in mobile terminal is put forward, and the underlying security is provided by using trusted computing technology. A custom protocol is designed to isolate the internal transmission channels and to reduce the possible vulnerability attacks by splitting and reorganizing the data and adopting different transmission channels. Finally, the key technologies in the scheme are programmed and implemented. It includes the process of identity authentication and key agreement as well as the split and recombination of data, and analyzes the security of the anti-attack mechanism and the security protection mechanism from the two aspects of software and hardware, which shows that the scheme has high security.
【學位授予單位】：西安電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TN918.4

【參考文獻】

相關期刊論文 前1條

1 虞文進;李健俊;;基于IATF思想的網(wǎng)絡安全設計和建設[J];信息安全與通信保密;2010年01期

，

本文編號：1691384