Some Researches And Solutions On Information Systems Security Of Electronic Government

With the rapid development of the information technology and the popularization of the Internet, the electronic government affairs have become an important domain of the information-based theory. When electronic technology, network and information-based theory are introduced in the various departments of the government, the efficiency of the administration is advanced and the quality of the public service is improved. However, some information in the system of the electronic government affairs relate to the nation's security and secret. While the electronic government affairs bring highly effective and convenient service for the work of the government, the risks of the system are also more and more high. Therefore, the problems of information security urgently need to be solved.The information by way of a sort of precious wealth run through humanity's all activities. The information system is an organic integer making of the various method, process and technology of information acquisition and management. With the development of the information technology, a lot of secret information is transferred by the network, many commercial activities and funds are circulated by Internet. The information is significant, so security of information system always faces the serious threat.In the information-based society, the security technology of information and information system has become a acuminate weapon to decrease the economic loss and guarantee social stability. So the problem of the information security is a topic having high value of research. The information security is a developmental concept. Now the security, integrity, usability and controllability of information security are concerned, different form only concerning communication security at early stage. The information security and the information system security are same important. The requirement of the information security can't be satisfied by the simplex secrecy mechanism and the static safeguard at present.In the paper, the background knowledge of information and information system security are introduced firstly, the problem and theory of information system security are discussed, and the technology of information system security is introduced simply. In the second part, the technologic countermeasures of founding project to solve the safe problem are discussed. Some important security services are researched. Types of the attack, security services and the usable security technology are introduced in detail. The design idea and the holistic solve scheme are researched in the third part. The certificate grant and the functional module of CA are introduced simply. In the fifth part, the definition and the traditional method of authentication access control technology is introduced firstly, based on the traditional method, a role-based access control technology is discussed. In the last part, an example of authentication strategy in the electronic government affairs is given. In the example, the strategy and process of authentication in the electronic government affairs is introduced concretely.At present, the theoretical research of the information security in the E-government is very active. The rich achievement has been gained, and many kinds of solutions have been set up in practice too. These solutions have outstanding successful places, and also have more obvious drawback and loophole. To these defects, the scheme based on "CA+AAs" architecture researched in this paper, incorporates PMI and PKI technology into an organic whole. PMI supplements the weakness of PKI through combining authorization management system and identity authentication system. The model integrating PKI to applied computing environment has been offered. To the shortcomings of DAC and MAC of traditional access control method, this paper carrys on research on access control technology based on role. Though the access control technology based on role is an effective access control method in implementing security strategy in E-government, existing RBAC model sets up restrains only from role, neglecting the most important source of this kind of restraint -- security mechanism of controlled target. To this question, further research is awaited.