博碩士論文 etd-0729110-162449 詳細資訊


[回到前頁查詢結果 | 重新搜尋]

姓名 張瑜書(Yu-Shu Jang) 電子郵件信箱 E-mail 資料不公開
畢業系所 資訊管理學系研究所(Information Management)
畢業學位 碩士(Master) 畢業時期 98學年第2學期
論文名稱(中) 使用JESS來遵守工作流程裡的責任分散和責任集中限制
論文名稱(英) Using JESS for Enforcing Separation of Duties and Binding of Duties in a Web Services-based Workflow
檔案
  • etd-0729110-162449.pdf
  • 本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
    請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
    論文使用權限

    電子論文:校內校外均不公開

    論文語文/頁數 英文/56
    統計 本論文已被瀏覽 5352 次,被下載 0 次
    摘要(中) 在分散式系統環境中,網路促進資訊共享,並提供有限的維持和保護靈活性的資訊與資源。網路服務(Web Service)可被當作工作流程(Workflow)中的一部分元件,組合成適當的流程後,能夠快速滿足企業的需求。許多研究提出,將這些網路服務組合後,滿足跨組織的工作流程中不同任務(Task)的需求,也滿足不同組織中的存取控制限制(Access Control Constraint)。在以角色為基礎的存取控制模式(Role-Based Access Control Model)中,根據角色來指派適當的權責,避免不當指派權責或擁有過多的權責而越權。而在處理複雜和靈活的事務邏輯時,規則引擎(Rule engine)可以根據已存在事實與規則,推理出企業欲得到的結果。本研究提出一與規則引擎結合的動態選擇策略,在工作流程中選擇適當的人員或網路服務來執行流程中的每一個活動。此策略的選擇透過規則引擎避免違反與流程相關的存取控制限制,使得最終能夠順利完成流程的成功機率較高。實驗顯示,我們的選擇策略能夠避免違反存取控制限制,並比其他方法較有彈性去開發不同存取控制限制的流程。
    摘要(英) Open distributed environments such as the World Wide Web facilitate information sharing but provide limited support to the protection of sensitive information and resources. Web services have become a part of components for quickly building a business process that satisfies the business goal of an organization, and access control is imperative to prevent the illegal access of sensitive information. In recent years, several researches have investigated the Web services-based workflow access control problem, and selection approaches for choosing the performer for each task so as to satisfy all access control constraints have been proposed. Based on the role-based access control model, we focus on two types of access control: separation of duties and binding of duties. Both role-level and participant-level of SoDs and of BoDs that need to be dynamically enforced are considered in this thesis. While dealing with complex and flexible business logics, we use rule engine to reasons with the business facts to get the result based on business rules. The proposed approach is evaluated by a workflow scenario and is shown to be flexible to develop new process with dynamic access control constraints at the cost of higher execution time.
    關鍵字(中)
  • 網路服務
  • 規則引擎
  • 網路服務選擇
  • 存取控制
  • 關鍵字(英)
  • Rule Engine
  • Web Services
  • Web Service Selection
  • Access Control
  • 論文目次 TABLE OF CONTENTS
    CHAPTER 1 - Introduction ........................................................................................ 11
    1.1. Background .............................................................................................. 11
    1.2. Motivation ............................................................................................... 12
    CHAPTER 2 - Literature Review .............................................................................. 16
    2.1. Web Services Technologies ..................................................................... 16
    2.1.1. SOAP ............................................................................................16
    2.1.2. WSDL ...........................................................................................17
    2.1.3. UDDI ............................................................................................18
    2.2. Web Service Composition ....................................................................... 18
    2.3. Workflow Access Control ....................................................................... 19
    2.4. Workflow Access Control Constraints .................................................... 20
    2.5. Workflow Access Control Enforcement .................................................. 21
    2.6. Rule Engine ............................................................................................. 22
    CHAPTER 3 - Problem Definition ............................................................................ 25
    3.1. Preliminaries ............................................................................................ 25
    3.2. Problem Description ................................................................................ 31
    CHAPTER 4 - Our approach ..................................................................................... 32
    4.1. Skeleton of Our Approach ....................................................................... 32
    4.2. Initiation .................................................................................................. 33
    4.3. Handling Task Arrivals ............................................................................ 35
    4.4. Handling Task Claim ............................................................................... 37
    4.5. JESS Implementation .............................................................................. 39
    CHAPTER 5 - Performance Evaluation .................................................................... 45
    5.1. Purchase Process Scenario ...................................................................... 45
    5.2. Experiment Design .................................................................................. 47
    5.3. Experiment Result ................................................................................... 50
    CHAPTER 6 - Conclusion ......................................................................................... 54
    References 55
    參考文獻 Alonso, G., Casati, F., Kuno, H., & Machiraju, V. (2004). Web services: concepts, architectures and applications: Springer New York.
    Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., et al. (2007). Web services business process execution language version 2.0. OASIS Standard.
    Bertino, E., Crampton, J., & Paci, F. (2006). Access control and authorization constraints for ws-bpel. International Conference on Web Services, 2006, ICWS2006, 275-284.
    Bertino, E., Ferrari, E., & Atluri, V. (1999). The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security, 2(1), 65 -104.
    Bertino, E., Squicciarini, A., Paloscia, I., & Martino, L. (2006). Ws-AC: a fine grained access control system for web services. World Wide Web, 9(2), 143-171.
    Christensen, E., Curbera, F., Meredith, G., & Weerawarana, S. (2007). Web services description language (WSDL) 1.1 W3C note.
    Clement, L., Hately, A., von Riegen, C., & Rogers, T. (2004). UDDI Version 3.0. 2, Editors, OASIS Open (Vol. 19).
    Crampton, J. (2005). A reference monitor for workflow systems with constrained task execution. Proceedings of the tenth ACM symposium on Access control models and technologies, 38 - 47.
    Friedman-Hill, E. (2003). JESS in Action: Manning.
    Hewett, R., Kijsanayothin, P., & Thipse, A. (2008). Security Analysis of Role-based
    57
    Separation of Duty with Workflows. Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, 765-770.
    Hitchens, M., & Varadharajan, V. (2000). Design and specification of role based access control policies. IEE Proceedings-Software, 147(4), 117-129.
    Hwang, S.-Y., Chen, Y.-C., & Tang, Y. (2009). Web Services and Role Selection in Support of Separation of Duties and Binding of Duties for Composable Process Execution. 2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA)(14-15 Jan. 2009 ), 1 - 8
    Hwang, S., Lim, E., Lee, C., & Chen, C. (2007). On composing a reliable composite Web service: a study of dynamic Web service selection. IEEE International Conference on Web Services, 2007. ICWS 2007, 184-191.
    Li, N., Bizri, Z., & Tripunitara, M. (2004). On Mutually-Exclusive Roles and Separation of Duty. ACM Congrtrnvr on Computer and Communications Security, 42-51.
    Mitra, N., & Lafon, Y. (2003). Soap version 1.2 part 0: Primer, W3C Recommendation (Vol. 24).
    Sandhu, R., Coyne, E., Feinstein, H., & Youman, C. (1996). Role-based access control models. IEEE Computer, 29(2), 38-47.
    Thipse, A., & Hewett, R. (2008). Verification of Dynamic Separation of Duty Policy for Role-based Business Processes. 2008 IEEE Region 5 Conference, 1-6.
    口試委員
  • 林福仁 - 召集委員
  • 楊婉秀 - 委員
  • 黃三益 - 指導教授
  • 口試日期 2010-06-29 繳交日期 2010-07-29

    [回到前頁查詢結果 | 重新搜尋]


    如有任何問題請與論文審查小組聯繫