远程教育系统中考试子系统的安全策略研究
|
摘要
随着Internet及其相关技术的飞速发展,也极大地推动了远程教育管理系统的蓬勃发展,而考试系统作为远程教育管理系统中不可缺少的一个组成部分,在远程教育的实施过程中占有重要的地位。一个好的考试系统不仅要反映教学的优劣,还要能保证教育的质量和效果,
同时,为了真实地反映学生的知识掌握情况,远程考试必须做到客观、公正,这就要求考试系统具有足够的安全性,防止出现网上欺骗、网上作弊等行为。
CC标准是由美、加、英、德、法、荷等国家共同制定安全评价标准,它在很大程度上给人们提供了安全保护的策略。本文从研究CC标准出发,按照CC的思想,分析考试系统的安全环境和安全目标,得到考试系统的安全需求,进而给出考试系统相应的安全策略。
在网络与信息安全中,密码学扮演着非常重要的角色。因而算法本身的强度和安全性就显得尤其重要。本文通过对各种密码算法和技术的研究,着重分析了三重DES算法和混沌加密算法,并设计和实现了一种适于在考试系统中使用的级联算法。
Web服务提供了互操作性的概念,即不同系统能够无缝地进行通信和共享数据。本文设计了一种基于Web服务的分布式考试系统,并综合利用相关安全技术,从用户的标识与鉴别、考试数据的保密性、完整性及可用性等方面出发,较好地实现了考试系统的安全性。
Along with the development of Internet at very fast speed, the development of the distance educational system has been driven greatly. The testing system, as an indispensable part of the distance educational system, has an important status in the implement of the distance education. A well testing system not only reflect the teaching is good or not, but also assure the quality and effect in the education.
At the same time, in order to reflect the real state of the student holding knowledge, the distance test must be impersonal and equitable, so the testing system has to be acquired to provide adequate security, and to be prevented from cheating and deceiving in the network.
CC criteria is a security evaluation criteria which has been established by the United State, Canada, Britain, Deutschland, France and Holland, etc. The CC provides the security policy in a great extent. Begin with the study of the CC criteria, according to the idea of CC, this paper has analyzed the security environment and objective, and get the security requirement in the testing system. This paper has also presented the security policy in the testing system.
In the network and information security, the Cryptography acts as an important role. So it is very important that the algorithm is robust and secure. This paper has studied many kinds of cryptogrammic algorithms and technologies, especially the triple des algorithm and chaos cryptography, it has developed a cascading algorithm, which was applied in the testing system.
Web services provide the concept about mutual operation, it can communicate and share data smoothly in the different system. This paper has designed distribute testing system which was based on web services, and synthetically used related security technologies, begin with user's identification and authentication, the confidentiality, integrality and availability of the testing data, it has implemented the security of the testing system
同时,为了真实地反映学生的知识掌握情况,远程考试必须做到客观、公正,这就要求考试系统具有足够的安全性,防止出现网上欺骗、网上作弊等行为。
CC标准是由美、加、英、德、法、荷等国家共同制定安全评价标准,它在很大程度上给人们提供了安全保护的策略。本文从研究CC标准出发,按照CC的思想,分析考试系统的安全环境和安全目标,得到考试系统的安全需求,进而给出考试系统相应的安全策略。
在网络与信息安全中,密码学扮演着非常重要的角色。因而算法本身的强度和安全性就显得尤其重要。本文通过对各种密码算法和技术的研究,着重分析了三重DES算法和混沌加密算法,并设计和实现了一种适于在考试系统中使用的级联算法。
Web服务提供了互操作性的概念,即不同系统能够无缝地进行通信和共享数据。本文设计了一种基于Web服务的分布式考试系统,并综合利用相关安全技术,从用户的标识与鉴别、考试数据的保密性、完整性及可用性等方面出发,较好地实现了考试系统的安全性。
Along with the development of Internet at very fast speed, the development of the distance educational system has been driven greatly. The testing system, as an indispensable part of the distance educational system, has an important status in the implement of the distance education. A well testing system not only reflect the teaching is good or not, but also assure the quality and effect in the education.
At the same time, in order to reflect the real state of the student holding knowledge, the distance test must be impersonal and equitable, so the testing system has to be acquired to provide adequate security, and to be prevented from cheating and deceiving in the network.
CC criteria is a security evaluation criteria which has been established by the United State, Canada, Britain, Deutschland, France and Holland, etc. The CC provides the security policy in a great extent. Begin with the study of the CC criteria, according to the idea of CC, this paper has analyzed the security environment and objective, and get the security requirement in the testing system. This paper has also presented the security policy in the testing system.
In the network and information security, the Cryptography acts as an important role. So it is very important that the algorithm is robust and secure. This paper has studied many kinds of cryptogrammic algorithms and technologies, especially the triple des algorithm and chaos cryptography, it has developed a cascading algorithm, which was applied in the testing system.
Web services provide the concept about mutual operation, it can communicate and share data smoothly in the different system. This paper has designed distribute testing system which was based on web services, and synthetically used related security technologies, begin with user's identification and authentication, the confidentiality, integrality and availability of the testing data, it has implemented the security of the testing system
引文
[1] 刘玉龙、赵立江等,一种基于Internet/Internet网络的考试系统,徐州师范大学学报(自然科学版),2000.3
[2] 庄靖、张健,用PowerBuilder开发Windows实际操作考试系统,太原理工大学学报,2000.5
[3] 许强、吕昂,远程考试系统的设计与实现,浙江万里学院学报,2000.3
[4] 王万学、马洪文,通用题库系统的设计方法的研究,黑龙江大学自然科学学报,2000.3
[5] 申瑞民 曾华军, 基于Web的自适应考试系统, 全国高校现代远程教育协作组会议
[6] 张宝剑, 基于VFP的题库维护与试卷生成系统设计. 河南职技师院学报. 2000.3
[7] 周福才、蒋本铁、王波. 网络题库测试系统的研究与实现. 辽宁高等教育研究. 1998年第4期
[8] 吴中福. Internet基础教程. 成都:电子科技大学出版社. 1998
[9] 王康. Internet用户实用指南. 重庆:重庆大学出版社. 1998
[10] 郝琴,唐建,丁鹏等,远程医疗系统的网络安全性研究. 计算机应用研究. 2000(2)
[11] Department of Defense, Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, Washington, DC, Dec 1985.
[12] The International Organization for Standardization, Common Criteria for Information Technology Security Evaluation - Part 1: Introduction and General Model,ISO/IEC 15408-1:1999(E),1999.
[13] The International Organization for Standardization, Common Criteria for Information Technology Security Evaluation - Part 2: Security Functional Requirements,ISO/IEC 15408-1:1999(E),1999.
[14] The International Organization for Standardization, Common Criteria for Information Technology Security Evaluation - Part 3: Security Assurance Requirements,ISO/IEC 15408-1:1999(E),1999.
[15] Kai Rannenberg, Giovanni Iachello, Protection Profiles for Remailer Mixes. Do the New Evalution Criteria Help? http://www.iig.uni-freiburg.de/~giac/introduction.txt
[16] Guide for the Production of PPs and STs, ISO/IEC PTDR 15446, 2000.1
[17] Oracle Corporation, Oracle8 Security Target Release 8.0.5, April, 2000
[18] Jim Reynolds of CygnaCom Solutions , Inc. and Ramaswamy Chandramouli of the National Institute of Standards and Testing. Role-Based Access Control Protection Profile. July 30,1998.
[19] 申瑞民、李文彬等,Web Testing——一个基于WWW的远程测试系统,计算机工程与应用,1997.12
[20] 唐韶华、马卫华等,一种安全的分布式用户认证方案,华南理工大学学报(自然科学版),1999.6
[21] 张伟奇、汪为农,基于Agent的多域网络安全模型,计算机工程,1999.9
[22] 吴刚、敖青云等,异构网络安全管理的设计,计算机工程,1999.10
[23] 李铭,孙海英,安全系统工程和过程能力成熟模型,计算机世界,1999.8.30
[24] ANSI X3.92, "American National Standard for Data Encryption Algorithm (DEA)", American National Standards Institute, 1981
[25] (美)Bruce Schneier,应用密码学,机械工业出版社,2000.1
[26] 郝柏林,从抛物线谈起——混沌动力学引论,上海科技教育出版社,1993.9
[27] http://www-106.ibm.com/developerworks/library/xmlsecuritysuite/index.html
[28] http://www.w3.org/TR/xmldsig-core
[29] Microsoft Visual Studio.NET online help
[30] Keith Ballinger, Web服务和互操作性,http://www.microsoft.com/CHINA/msdn/xml/general/soapinteropbkgnd.asp
[31] John Hamey. Web services. Serverworld, 01/01/2002
[32] Refik Molva, Internet Security Architecture, Computer Networks, 1999
[33] Anonymous, Securing Your Companies Network, Security White Paper Series, Innovative Security Products, KS, USA, 1998
[34] ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-7.asc
[35] 秦 拯,吴中福,廖晓峰. Windows NT站点的安全性研究. 计算机科学. 2001(3)
[36] 楼晓燕、潘云燕,信息认证与数字签名技术,嘉兴学院学报,2001.5
[37] Denning D E. An Intrusion Detection Model. IEEE Transaction on Software ;Engineering,1987,2(2):222-232
[2] 庄靖、张健,用PowerBuilder开发Windows实际操作考试系统,太原理工大学学报,2000.5
[3] 许强、吕昂,远程考试系统的设计与实现,浙江万里学院学报,2000.3
[4] 王万学、马洪文,通用题库系统的设计方法的研究,黑龙江大学自然科学学报,2000.3
[5] 申瑞民 曾华军, 基于Web的自适应考试系统, 全国高校现代远程教育协作组会议
[6] 张宝剑, 基于VFP的题库维护与试卷生成系统设计. 河南职技师院学报. 2000.3
[7] 周福才、蒋本铁、王波. 网络题库测试系统的研究与实现. 辽宁高等教育研究. 1998年第4期
[8] 吴中福. Internet基础教程. 成都:电子科技大学出版社. 1998
[9] 王康. Internet用户实用指南. 重庆:重庆大学出版社. 1998
[10] 郝琴,唐建,丁鹏等,远程医疗系统的网络安全性研究. 计算机应用研究. 2000(2)
[11] Department of Defense, Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, Washington, DC, Dec 1985.
[12] The International Organization for Standardization, Common Criteria for Information Technology Security Evaluation - Part 1: Introduction and General Model,ISO/IEC 15408-1:1999(E),1999.
[13] The International Organization for Standardization, Common Criteria for Information Technology Security Evaluation - Part 2: Security Functional Requirements,ISO/IEC 15408-1:1999(E),1999.
[14] The International Organization for Standardization, Common Criteria for Information Technology Security Evaluation - Part 3: Security Assurance Requirements,ISO/IEC 15408-1:1999(E),1999.
[15] Kai Rannenberg, Giovanni Iachello, Protection Profiles for Remailer Mixes. Do the New Evalution Criteria Help? http://www.iig.uni-freiburg.de/~giac/introduction.txt
[16] Guide for the Production of PPs and STs, ISO/IEC PTDR 15446, 2000.1
[17] Oracle Corporation, Oracle8 Security Target Release 8.0.5, April, 2000
[18] Jim Reynolds of CygnaCom Solutions , Inc. and Ramaswamy Chandramouli of the National Institute of Standards and Testing. Role-Based Access Control Protection Profile. July 30,1998.
[19] 申瑞民、李文彬等,Web Testing——一个基于WWW的远程测试系统,计算机工程与应用,1997.12
[20] 唐韶华、马卫华等,一种安全的分布式用户认证方案,华南理工大学学报(自然科学版),1999.6
[21] 张伟奇、汪为农,基于Agent的多域网络安全模型,计算机工程,1999.9
[22] 吴刚、敖青云等,异构网络安全管理的设计,计算机工程,1999.10
[23] 李铭,孙海英,安全系统工程和过程能力成熟模型,计算机世界,1999.8.30
[24] ANSI X3.92, "American National Standard for Data Encryption Algorithm (DEA)", American National Standards Institute, 1981
[25] (美)Bruce Schneier,应用密码学,机械工业出版社,2000.1
[26] 郝柏林,从抛物线谈起——混沌动力学引论,上海科技教育出版社,1993.9
[27] http://www-106.ibm.com/developerworks/library/xmlsecuritysuite/index.html
[28] http://www.w3.org/TR/xmldsig-core
[29] Microsoft Visual Studio.NET online help
[30] Keith Ballinger, Web服务和互操作性,http://www.microsoft.com/CHINA/msdn/xml/general/soapinteropbkgnd.asp
[31] John Hamey. Web services. Serverworld, 01/01/2002
[32] Refik Molva, Internet Security Architecture, Computer Networks, 1999
[33] Anonymous, Securing Your Companies Network, Security White Paper Series, Innovative Security Products, KS, USA, 1998
[34] ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-7.asc
[35] 秦 拯,吴中福,廖晓峰. Windows NT站点的安全性研究. 计算机科学. 2001(3)
[36] 楼晓燕、潘云燕,信息认证与数字签名技术,嘉兴学院学报,2001.5
[37] Denning D E. An Intrusion Detection Model. IEEE Transaction on Software ;Engineering,1987,2(2):222-232