A comprehensive security policy research on web information system

In order to solve security problems in web-based information systems in the large-scale distributed environment, we design a comprehensive security policy. We realize the single entry mechanism of multi-system access by using the single-sign-on, create identity authentication mechanism of high-reliability and security based on China´s second-generation ID card. We also propose the cross-domain setup and its strategies for the access from scattered information systems. This paper will show the access control policy which combines dynamic and static methods, bring up a combination of coarse-grained and fine-grained access control strategy through refining digital objects, operations and rights. Besides we realize encrypted data communication for VPN by using SSL encryption technology to make data encapsulation. Considering the database security, we adopt access control technology, separation control technology, encryption technology, data flow control technology, reasoning control technology and backup technology. We then track and check all users who accessed or tried to access the system by using the system audit, use the triple-right separation mechanism for reliable management to avoid the abuse of powerful rights owned by the system administrator.