计算机应用
計算機應用
계산궤응용
COMPUTER APPLICATION
2015年
z1期
37-42
,共6页
杜海超%赵明%王蕊%贾晓启
杜海超%趙明%王蕊%賈曉啟
두해초%조명%왕예%가효계
数据处理系统应用与产品%系统导出文件%缓存置换%透明文件加密
數據處理繫統應用與產品%繫統導齣文件%緩存置換%透明文件加密
수거처리계통응용여산품%계통도출문건%완존치환%투명문건가밀
Systems Applications and Products in data processing(SAP)%system export file%cache replacement%transparent file encryption
针对广泛应用于国内的企业资源计划( ERP)商用管理软件———数据处理系统应用与产品( SAP)系统存在的本地文件导出安全性问题,建立高度匹配于SAP系统特点及特定进程的文件透明加解密系统,在驱动层针对SAP系统关联的特定进程涉及的新建、读、写文件等操作进行捕获,通过卷上下文与流上下文提取缓存信息,依据所捕获的文件操作类型,完成不同的缓存置换;在应用层实现密钥的获取与分发。同时实现了文件透明加解密系统的客户化定制,通过配置可以实现对SAP系统特定进程,导出文件类型甚至特定文件的指定。实验结果表明,该系统在对用户无干扰无需人工介入的前提下,能自动与SAP系统无缝对接,对导出文件透明加解密,并限定导出文件仅能在本地计算机中使用;最终有效地与SAP系统本身自带的用户名登录、权限管控等安全控制机制整合联动,完善了SAP系统在外部商业数据输出安全性管控上的缺失,提升企业对商业数据安全使用、输出的管控及保障能力。
針對廣汎應用于國內的企業資源計劃( ERP)商用管理軟件———數據處理繫統應用與產品( SAP)繫統存在的本地文件導齣安全性問題,建立高度匹配于SAP繫統特點及特定進程的文件透明加解密繫統,在驅動層針對SAP繫統關聯的特定進程涉及的新建、讀、寫文件等操作進行捕穫,通過捲上下文與流上下文提取緩存信息,依據所捕穫的文件操作類型,完成不同的緩存置換;在應用層實現密鑰的穫取與分髮。同時實現瞭文件透明加解密繫統的客戶化定製,通過配置可以實現對SAP繫統特定進程,導齣文件類型甚至特定文件的指定。實驗結果錶明,該繫統在對用戶無榦擾無需人工介入的前提下,能自動與SAP繫統無縫對接,對導齣文件透明加解密,併限定導齣文件僅能在本地計算機中使用;最終有效地與SAP繫統本身自帶的用戶名登錄、權限管控等安全控製機製整閤聯動,完善瞭SAP繫統在外部商業數據輸齣安全性管控上的缺失,提升企業對商業數據安全使用、輸齣的管控及保障能力。
침대엄범응용우국내적기업자원계화( ERP)상용관리연건———수거처리계통응용여산품( SAP)계통존재적본지문건도출안전성문제,건립고도필배우SAP계통특점급특정진정적문건투명가해밀계통,재구동층침대SAP계통관련적특정진정섭급적신건、독、사문건등조작진행포획,통과권상하문여류상하문제취완존신식,의거소포획적문건조작류형,완성불동적완존치환;재응용층실현밀약적획취여분발。동시실현료문건투명가해밀계통적객호화정제,통과배치가이실현대SAP계통특정진정,도출문건류형심지특정문건적지정。실험결과표명,해계통재대용호무간우무수인공개입적전제하,능자동여SAP계통무봉대접,대도출문건투명가해밀,병한정도출문건부능재본지계산궤중사용;최종유효지여SAP계통본신자대적용호명등록、권한관공등안전공제궤제정합련동,완선료SAP계통재외부상업수거수출안전성관공상적결실,제승기업대상업수거안전사용、수출적관공급보장능력。
For the national widely applied famous Enterprise Resource Planning ( ERP ) software system – Systems Applications and Products in data processing ( SAP) , against the existing outstanding local file exporting security problem, a transparent encryption and decryption file system was established according to SAP system characteristic and specific process. Operations of file creation, read and write within specific process in the driver layer were successfully captured by the transparent encryption and decryption file system, cache information of both volume up and low context and flow up and low context were also correctly extracted. Based on the captured operation type, cache replacement automation function was successfully achieved according to predefined rules. Additionally, in the application layer, security key’s automatic acquisition and distribution was successfully realized. The system supported user customization, where configuration and definition of file export action within specific SAP process, specific file type and even specific file were strongly supported. The experimental results prove that, the system successfully realizes automatic control of file exportation and exported file application on local termination without any interruption or additional manual action required. In addition, system also sufficiently integrate file transparent encryption and decryption function with SAP system local security control mechanism, such as user name logon and authority control, enhances the missing security control on SAP external business data exportation, fully improves enterprise control and management ability on safe application and exportation of business data.
