题名

雲端ERP安全機制之研究

并列篇名

A Study of Cloud ERP Security Mechanism

DOI

10.6665/JLYIT.2015.14.78

作者

林天生(Tien-Sheng Lin);蔡侑庭(Yu-Ting Tsai);侯禹賢(Yu-Sian Hou)

关键词

雲端計算 ; 傳統ERP ; 雲端ERP ; 實體安全 ; 虛擬安全 ; Cloud computing ; traditional ERP ; cloud EPR ; physical security ; virtual security

期刊名称

蘭陽學報

卷期/出版年月

14期(2015 / 06 / 01)

页次

78 - 87

内容语文

繁體中文
中文摘要

雲端計算與傳統ERP功能,兩者技術相整合,形成雲端ERP系統,此系統由於顯著量訊息傳送,會加深安全問題的困難度,為了評估當前雲端ERP技術,必需對完整信息安全性問題,加以詳細的規劃與分析。雲端ERP必需提供完整之安全防護機制,包括入侵偵測服務、節點安全性考量,此防護機制包含實體安全及虛擬安全,實體安全主要是儲存媒體資料中心的安全性,亦包括機房安全,而虛擬安全最主要是傳輸的安全與資料存取的安全,在傳輸過程中經過安全性加密算法,例如HTTPS加密機制,來達到傳輸的安全性。而資料存取的安全性,最主要有三項考量,存取安全、資料安全、使用者認證。本研究最主要研究使用者認證方面,運用客戶端用戶認證架構,包括客戶端用戶認證代理機制及雲端用戶認證代理機制,來防止內部與外部攻擊,達到存取代理模式的安全性,以符合雲端多重使用者,安全認證之需求。
英文摘要

Cloud ERP system is formed by the integration techniques between cloud computing and traditional ERP functionality, both technology. This system faces to a deep degree difficulty of security problems due to a significant amount of messaging. In order to evaluate the current cloud ERP technology, it is necessary to plan and analyze the detailed information security considering completion issue. Cloud ERP must support a complete security protection mechanism, including intrusion detection services and security node detection. This mechanism can provide physical security and virtual security. For physical security, storage media data center is considered on the engine room safety. For virtual security, it is the most important security to achieve transmission security and access data security. Regarding to transmission security, encryption security algorithm can improve the capability for HTTPS encryption mechanism. Regarding to the security of access data, three main factors can be considered, including access security, data security, and user authentication. The research is to construct client-based user authentication mode that has client-based user authentication and cloud-based user authentication mechanisms. The major purpose of this mode is to resist inside and outside attacks for achieving the security of access control agent, and satisfy with security certification requirements for multiple users in the cloud.
主题分类 人文學 > 人文學綜合
基礎與應用科學 > 基礎與應用科學綜合
醫藥衛生 > 醫藥衛生綜合
生物農學 > 生物農學綜合
工程學 > 工程學綜合
社會科學 > 社會科學綜合
社會科學 > 社會學
参考文献
  1. 蔡一郎(2010)。雲端運算與雲端安全架構。資訊安全通訊,16(4),84-93。
    連結:
  2. ISACA (2010), Security, Audit and Control Features Oracle E-Business Suite, Available at: http://www.isaca.org/Knowledge-Center/Research/Documents/Oracle-EBS-3rd-Ed-Excerpt-17June2010-Research.pdf
  3. 鼎新電腦,http://www.dsc.com.tw/,2013/10/24
  4. 海量雲端ERP,http://www.erpsoft.com.tw/about.html
  5. IBM.(2011), Security and High Availability in Cloud Computing Environments. , (June), pp.1–12.Available at: http://www-935.ibm.com/services/za/gts/cloud/Security_and_ high_availability_in_cloud_computing_environments.pdf
  6. SimplySecurity.com.(2011), Survey: Most companies moving to the cloud. Available at: http://www.simplysecurity.com/2011/05/10/survey-most-companies-moving-to-the-cloud/.
  7. Castellina, N. (2011). SaaS and Cloud ERP Trends , Observations , and Performance 2011, Available at: http://www.distributionerpdelivered.com/wp-content/uploads/Avanade--ERP-Aberdeen-Report-SaaS-and-Cloud-ERP-Trends.pdf
  8. AlZain, M.A.,Pardede, E.(2012).Cloud Computing Security: From Single to Multi-Clouds.Proc. 45th Hawaii International Conf. on System Science (HICSS),Maui, Hawaii:
  9. Bezemer, C.,Zaidman, A(2010).Multi-tenant SaaS applications: maintenance dream or nightmare?.Proceedings of the Joint ERCIM Workshop on
  10. Hughes, J.,Beer, R.(2007).A Security Checklist for ERP Implementations.Educause Quarterly,4,7-10.
  11. Khan, A.U.,Oriol, M.,Kiran, M.,Jiang, M.,Djemame, K.(2012).Security Risks and their Management in Cloud Computing.Proc. IEEE 4th International Conf. on Cloud Computing Technology and Science (CloudCom),Taipei, Taiwan:
  12. Møller, C.(2003).ERP II extended enterprise resource planning.7th World Multi-Conference on Systemics, Cybernetics and Informatics,Orlando, F.L:
  13. Mozammel-Bin-Motalab,Shohag, S. A. M.(2011).Cloud Computing and the Business Consequences of ERP Use.International Journal of Computer Application,28(8),31-37.
  14. Rittinghouse, John W.,Ransome, James F.(2012).Cloud computing-implementation, Management and security.CRC press.
  15. Zhang, F. Q.,Han, D. Y.(2012).Applying Agents to the Data Security in Cloud Computing.Proc International Conf. on Computer Science and Information Processing (CSIP),Shaanxi, China:
  16. 梁文耀(2010)。碩士論文(碩士論文)。國立彰化師範大學資訊管理研究所。
  17. 梁文耀、許惠渝(2010)。CloudERP 組合的評選。產業資訊管理學暨新興科技實務研討會
  18. 莊曼、陳正雄(2011)。雲端服務協助中小企業導入SAP Business One 探討。萬能科技大學商學院學報,16,59-80。
  19. 陳瀅(2010)。雲端策略,雲端運算與虛擬化技術。台北:天下出版。
被引用次数
  1. (2024)。文檔系統資安意識評估架構及其實務運用之探討。圖書資訊學研究,18(2),1-47。
print cancel