ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (12): 2637-2650.doi: 10.7544/issn1000-1239.2018.20170773

• 信息安全 • 上一篇    下一篇

面向电子政务网络建设的信任互联管控模型

陈中林1,单志广2,肖国玉3,陈山枝1   

  1. 1(北京邮电大学网络技术研究院 北京 100876);2(国家信息中心信息化和产业发展部 北京 100045);3(复旦大学网络安全研究中心 上海 200433) (chenzl@263.net)
  • 出版日期: 2018-12-01
  • 基金资助: 
    国家自然科学基金重大项目(91018000)

The Trust Interconnection Control Model of E-Government Network Construction

Chen Zhonglin1, Shan Zhiguang2, Xiao Guoyu3, Chen Shanzhi1   

  1. 1(Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing 100876);2(Department of Informatization and Industry Development, State Information Center, Beijing 100045);3(Network Security Research Center, Fudan University, Shanghai 200433)
  • Online: 2018-12-01

摘要: 电子政务随着国家信息化发展而不断演进,电子政务网络安全成为信息安全的重要研究领域.然而,传统的局域网或互联模式不能适应我国电子政务网络分区分域的管理需求.虽然美国IATF理论在安全架构设计上虽有一定借鉴作用,但不能很好适应于我国电子政务网络特征和安全管理要求.当前,我国电子政务网络呈现出“分层分域的安全防护结构、分级分类的受控访问要求、分级负责的安全管理模式”3个基本特征.通过深入研究分析我国电子政务网络的现状和特征,提出了我国电子政务网络安全的信任互联管控(TIC)模型.分别阐述了电子政务网络安全TIC模型的3种具体设计:对等互联模型、层级互联模型和混合互联模型,并对跨域信任传递、域间安全监管和全程策略管控等关键技术进行了设计.最后,采用层次分析法(analytic hierarchy process, AHP)对TIC模型进行了评估.评估结果表明:在复杂的电子政务网络中,TIC模型可以适合于电子政务网络安全的架构设计,其关键技术能够为建立电子政务网络的安全体系及相关产品研制提供重要的参考借鉴.

关键词: 电子政务, 信任互联管控, 跨域信任传递, 域间安全监管, 全程策略控制

Abstract: E-government is evolving along with the development of national informatization. The e-government network security has become an important research field of national information security. However, the traditional LAN or Internet model cannot meet the need of e-government network based on region and domain management in China. The IATF(information assurance technical framework)theory originating from the US National Security Agency has become a reference for the design of network security architectures in many countries. However, the IATF model still cannot be well applied to the features and security management requirements of e-government network of China. At present, China’s e-government network has its own features characterized with the hierarchical domain protection architecture, classified controlled access requirements and graded responsibility management approach. Based on the in-depth analysis of e-government network status and requirements, a trust interconnection control (TIC) model for e-government network security is proposed to improve the trust control system. In the TIC model, three architecture designs of e-government network security are introduced, including the peer interconnectionmodel, hierarchical interconnection model and hybrid interconnection model, and the key technologies are designed in detail, such as cross-domain trusted transfer, inter-domain security supervision and whole-process strategy control etc. Finally, the TIC model is evaluated by analytic hierarchy process (AHP) method. The evaluation results show that in the complex e-government network, the TIC model can be suitable for the architecture design of the e-government network security. The key technologies in TIC can provide a valuable reference for the construction of the security system of the e-government networks and the implementation of the relevant products.

Key words: e-government, trust interconnection control, cross-domain trusted transfer, inter-domain security supervision, whole-process strategy control

中图分类号: