Responsive image
博碩士論文 etd-0729110-162449 詳細資訊
Title page for etd-0729110-162449
論文名稱
Title
使用JESS來遵守工作流程裡的責任分散和責任集中限制
Using JESS for Enforcing Separation of Duties and Binding of Duties in a Web Services-based Workflow
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
56
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2010-06-29
繳交日期
Date of Submission
2010-07-29
關鍵字
Keywords
網路服務、規則引擎、網路服務選擇、存取控制
Rule Engine, Web Services, Web Service Selection, Access Control
統計
Statistics
本論文已被瀏覽 5912 次,被下載 0
The thesis/dissertation has been browsed 5912 times, has been downloaded 0 times.
中文摘要
在分散式系統環境中,網路促進資訊共享,並提供有限的維持和保護靈活性的資訊與資源。網路服務(Web Service)可被當作工作流程(Workflow)中的一部分元件,組合成適當的流程後,能夠快速滿足企業的需求。許多研究提出,將這些網路服務組合後,滿足跨組織的工作流程中不同任務(Task)的需求,也滿足不同組織中的存取控制限制(Access Control Constraint)。在以角色為基礎的存取控制模式(Role-Based Access Control Model)中,根據角色來指派適當的權責,避免不當指派權責或擁有過多的權責而越權。而在處理複雜和靈活的事務邏輯時,規則引擎(Rule engine)可以根據已存在事實與規則,推理出企業欲得到的結果。本研究提出一與規則引擎結合的動態選擇策略,在工作流程中選擇適當的人員或網路服務來執行流程中的每一個活動。此策略的選擇透過規則引擎避免違反與流程相關的存取控制限制,使得最終能夠順利完成流程的成功機率較高。實驗顯示,我們的選擇策略能夠避免違反存取控制限制,並比其他方法較有彈性去開發不同存取控制限制的流程。
Abstract
Open distributed environments such as the World Wide Web facilitate information sharing but provide limited support to the protection of sensitive information and resources. Web services have become a part of components for quickly building a business process that satisfies the business goal of an organization, and access control is imperative to prevent the illegal access of sensitive information. In recent years, several researches have investigated the Web services-based workflow access control problem, and selection approaches for choosing the performer for each task so as to satisfy all access control constraints have been proposed. Based on the role-based access control model, we focus on two types of access control: separation of duties and binding of duties. Both role-level and participant-level of SoDs and of BoDs that need to be dynamically enforced are considered in this thesis. While dealing with complex and flexible business logics, we use rule engine to reasons with the business facts to get the result based on business rules. The proposed approach is evaluated by a workflow scenario and is shown to be flexible to develop new process with dynamic access control constraints at the cost of higher execution time.
目次 Table of Contents
TABLE OF CONTENTS
CHAPTER 1 - Introduction ........................................................................................ 11
1.1. Background .............................................................................................. 11
1.2. Motivation ............................................................................................... 12
CHAPTER 2 - Literature Review .............................................................................. 16
2.1. Web Services Technologies ..................................................................... 16
2.1.1. SOAP ............................................................................................16
2.1.2. WSDL ...........................................................................................17
2.1.3. UDDI ............................................................................................18
2.2. Web Service Composition ....................................................................... 18
2.3. Workflow Access Control ....................................................................... 19
2.4. Workflow Access Control Constraints .................................................... 20
2.5. Workflow Access Control Enforcement .................................................. 21
2.6. Rule Engine ............................................................................................. 22
CHAPTER 3 - Problem Definition ............................................................................ 25
3.1. Preliminaries ............................................................................................ 25
3.2. Problem Description ................................................................................ 31
CHAPTER 4 - Our approach ..................................................................................... 32
4.1. Skeleton of Our Approach ....................................................................... 32
4.2. Initiation .................................................................................................. 33
4.3. Handling Task Arrivals ............................................................................ 35
4.4. Handling Task Claim ............................................................................... 37
4.5. JESS Implementation .............................................................................. 39
CHAPTER 5 - Performance Evaluation .................................................................... 45
5.1. Purchase Process Scenario ...................................................................... 45
5.2. Experiment Design .................................................................................. 47
5.3. Experiment Result ................................................................................... 50
CHAPTER 6 - Conclusion ......................................................................................... 54
References 55
參考文獻 References
Alonso, G., Casati, F., Kuno, H., & Machiraju, V. (2004). Web services: concepts, architectures and applications: Springer New York.
Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., et al. (2007). Web services business process execution language version 2.0. OASIS Standard.
Bertino, E., Crampton, J., & Paci, F. (2006). Access control and authorization constraints for ws-bpel. International Conference on Web Services, 2006, ICWS2006, 275-284.
Bertino, E., Ferrari, E., & Atluri, V. (1999). The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security, 2(1), 65 -104.
Bertino, E., Squicciarini, A., Paloscia, I., & Martino, L. (2006). Ws-AC: a fine grained access control system for web services. World Wide Web, 9(2), 143-171.
Christensen, E., Curbera, F., Meredith, G., & Weerawarana, S. (2007). Web services description language (WSDL) 1.1 W3C note.
Clement, L., Hately, A., von Riegen, C., & Rogers, T. (2004). UDDI Version 3.0. 2, Editors, OASIS Open (Vol. 19).
Crampton, J. (2005). A reference monitor for workflow systems with constrained task execution. Proceedings of the tenth ACM symposium on Access control models and technologies, 38 - 47.
Friedman-Hill, E. (2003). JESS in Action: Manning.
Hewett, R., Kijsanayothin, P., & Thipse, A. (2008). Security Analysis of Role-based
57
Separation of Duty with Workflows. Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, 765-770.
Hitchens, M., & Varadharajan, V. (2000). Design and specification of role based access control policies. IEE Proceedings-Software, 147(4), 117-129.
Hwang, S.-Y., Chen, Y.-C., & Tang, Y. (2009). Web Services and Role Selection in Support of Separation of Duties and Binding of Duties for Composable Process Execution. 2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA)(14-15 Jan. 2009 ), 1 - 8
Hwang, S., Lim, E., Lee, C., & Chen, C. (2007). On composing a reliable composite Web service: a study of dynamic Web service selection. IEEE International Conference on Web Services, 2007. ICWS 2007, 184-191.
Li, N., Bizri, Z., & Tripunitara, M. (2004). On Mutually-Exclusive Roles and Separation of Duty. ACM Congrtrnvr on Computer and Communications Security, 42-51.
Mitra, N., & Lafon, Y. (2003). Soap version 1.2 part 0: Primer, W3C Recommendation (Vol. 24).
Sandhu, R., Coyne, E., Feinstein, H., & Youman, C. (1996). Role-based access control models. IEEE Computer, 29(2), 38-47.
Thipse, A., & Hewett, R. (2008). Verification of Dynamic Separation of Duty Policy for Role-based Business Processes. 2008 IEEE Region 5 Conference, 1-6.
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:校內校外均不公開 not available
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available

您的 IP(校外) 位址是 52.90.50.252
論文開放下載的時間是 校外不公開

Your IP address is 52.90.50.252
This thesis will be available to you on Indicate off-campus access is not available.

紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code