李晓东 阎保平

                       (中国科学院计算机网络信息中心100080)

摘要:网络信息管理不同于传统的网络管理和信息管理，它的管理内容主要是网络信息及其服务，这种管理需求在OSI管理框架以及相关文档中没有明确提出过。本文对这个新的研究领域做了有益的研究尝试。本文介绍了网络信息管理的定义及其管理内容。在此基础上，分析了网络信息管理涉及到的安全问题，着重研究了其中的安全访问控制策略，并结合传输访问控制及安全监测方面的先进技术，提出了网络信息管理的安全构架。并已经将其应用于国家863重点项目“计算机网络管理与安全系统”中。

关键词:网络信息管理；访问控制；安全监测；X.509；PKI；LDAP

               Computer Network Information Management and its Security

                                  Li Xiaodong Yan Baoping

            (Computer Network Information Center, Chinese Academy of Sciences 100080)

Abstract: Network information management is different from traditional network management and information management. In OSI management architecture and related documents, there are no obvious proposals of such requirement. We made some constructive efforts on such new research area. This paper gives the definition and management content of network information system, and analyzes the related security problems, especially for access control policies. And based on the advanced technologies in transfer access control and security monitoring, it presents the security architecture of network information management and have implemented it in the key project “Computer Network Management and Security System” of High-tech Research and Development Program of China (863).

Key Words: Network Information Management; Access Control; Security Monitoring;PKI; X.509; LDAP

......

全文参见附件