博碩士論文 etd-0811109-121353 詳細資訊


[回到前頁查詢結果 | 重新搜尋]

姓名 陳昀志(Yun-Chih Chen) 電子郵件信箱 E-mail 資料不公開
畢業系所 資訊管理學系研究所(Information Management)
畢業學位 碩士(Master) 畢業時期 97學年第2學期
論文名稱(中) 在以網路服務為基礎的工作流程中表達與實現存取控制限制  
論文名稱(英) On Specifying and Enforcing Access Control of Web Services Based Workflows
檔案
  • etd-0811109-121353.pdf
  • 本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
    請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
    論文使用權限

    電子論文:校內外都一年後公開

    論文語文/頁數 英文/60
    統計 本論文已被瀏覽 5350 次,被下載 1488 次
    摘要(中) 在SOA的架構影響之下,網路服務(Web Service)可被當作是工作流程(Workflow)中的一部分元件,組合適當網路服務後,能夠快速滿足企業的需求。工作流程之中包含人工活動(Human Task)與自動活動(Automatic Task),選擇適當的執行者來執行工作,並且不違反組織內部和組織之間的存取控制限制(Access Control Constraints)。本研究提出一套動態的選擇策略,在工作流程中選擇適當的人員、適當的網路服務來執行工作流程中的每一個活動。此策略的選擇避免了違反與流程相關的存取控制限制,使得最終能夠順利完成流程的成功機率較高。實驗顯示我們的選擇策略能夠避免違反存取控制限制,比Composition為基礎的方法與Random兩種方法表現的好。
    摘要(英) Web services have become the de facto standards as components for quickly building a business process that satisfies the business goal of an organization. Nowadays, Web services have found its way into describing the functions of automatic tasks as well as manual tasks. An important part in the specification of a business process, especially for manual tasks, is the access control. This thesis considers both types of tasks involved in a Web services-based process with its corresponding access control problem and proposes a selection approach for choosing the performer for each task so as to satisfy all access control constraints. Based on the role-based access control model, we focus on two types of access control: separation of duties (SoD) and binding of duties (BoD). Both role-level and participant-level of SoDs and of BoDs that need to be dynamically enforced and these constraints are considered in this thesis. The proposed performer selection approach is evaluated by a workflow scenario and is shown to have the highest chance of satisfying all predefined access control constraints when compared to other methods.
    關鍵字(中)
  • 網路服務選擇
  • 存取控制
  • 網路服務
  • 合適度
  • 關鍵字(英)
  • Web Services
  • Access Control
  • Web Service Selection
  • Composability
  • 論文目次 CHAPTER 1 - Introduction 8
    1.1. Background 8
    1.2. Motivation 9
    CHAPTER 2 - Literature Review 13
    2.1. Web Service Technology 13
    2.1.1. SOAP 13
    2.1.2. WSDL 14
    2.1.3. UDDI 14
    2.2. Web Service Composition 15
    2.3. Workflow Access Control 16
    2.4. Enforcing Access Control Constraints 18
    CHAPTER 3 - Problem Definition 20
    3.1. Preliminaries 20
    3.2. Problem description 29
    CHAPTER 4 - Our approach 30
    4.1. Skeleton of our Approach 30
    4.2. Adjusting the FSMs for each role and each web service 32
    4.3. Building the Composition and deciding composabilities of configurations 37
    4.4. Execution Time Delegation for Enforcing Participant-Level Access Control 43
    CHAPTER 5 - Performance Evaluation 47
    5.1. Purchase Process Scenario 47
    5.2. Experimental Design 47
    5.3. Experimental Result 51
    CHAPTER 6 - Conclusion 54
    References 55
    參考文獻 Agrawal, A., Amend, M., Das, M., Ford, M., Keller, C., Kloppmann, M., et al. (2007). WS-BPEL extension for people (BPEL4People).
    Alonso, G., Casati, F., Kuno, H., & Machiraju, V. (2004). Web services concepts, architectures and applications Springer New York.
    Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., et al. (2007). Web services business process execution language version 2.0. OASIS Standard,
    Andrews, T., Curbera, F., Dholakia, H., Goland, Y., Klein, J., Leymann, F., et al. (2003). Business process execution language for web services, version 1.1. Standards Proposal by BEA Systems, International Business Machines Corporation, SAP AG, Siebel Systems, and Microsoft Corporation,
    Bertino, E., Crampton, J., & Paci, F. (2006). Access control and authorization constraints for WS-BPEL. 275-284.
    Bertino, E., Ferrari, E., & Atluri, V. (1999). The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security, 2(1), 65-104.
    Bertino, E., Squicciarini, A., Paloscia, I., & Martino, L. (2006). Ws-AC: A fine grained access control system for web services. World Wide Web, 9(2), 143-171.
    Biron, P. V., & Malhotra, A. (2001). XML schema part 2: Datatypes second edition. W3C Recommendation, 2, 2-20010502.
    Christensen, E., Curbera, F., Meredith, G., & Weerawarana, S. (2001). Web services description language (WSDL) 1.1. Unpublished manuscript.
    Clark, D. D., & Wilson, D. R. (1987). A comparison of commercial and military computer security policies. IEEE Symposium on Security and Privacy, 0, 184.
    Clement, L., Hately, A., Riegen, C. V., & Rogers, T. (2004). UDDI version 3.0.2. Unpublished manuscript.
    Dang, Z., Ibarra, O. H., & Su, J. (2005). On composition and lookahead delegation of e-services modeled by automata. Theor.Comput.Sci., 341(1), 344-363.
    Hwang, S., Lim, E., Lee, C., & Chen, C. (2007). On composing a reliable composite web service: A study of dynamic web service selection. IEEE International Conference on Web Services, 184-191.
    Hwang, S., Lim, E., Lee, C., & Chen, C. (2008). Dynamic web service selection for reliable web service composition. IEEE Transactions on Services Computing, 1(2), 104-116.
    Joshi, J. B. D., Aref, W. G., Ghafoor, A., & Spafford, E. H. (2001). Security models for web-based applications. Communications of the ACM, 44(2), 38-44.
    Li, N., Bizri, Z., & Tripunitara, M. V. (2004). On mutually-exclusive roles and separation of duty. ACM Conference on Computer and Communications Security, 42-51.
    Martin, D., Burstein, M., Hobbs, J., Lassila, O., McDermott, D., McIlraith, S., et al. (2004). OWL-S: Semantic markup for web services.
    Milner, R. (1999). Communicating and mobile systems: The [symbol for pi]-calculus Cambridge University Press.
    Mitra, N., & Lafon, Y. (2007). SOAP version 1.2 part 0: Primer (second edition). Unpublished manuscript.
    Moses, T. (2005). Extensible access control markup language (XACML) version 2.0. Oasis Standard, 200502
    Pfleeger, C. P. (1997). Security in computing. Upper Saddle River, NJ, USA: Prentice-Hall, Inc.
    Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38-47.
    Sandhu, R. S. (1988). Transaction control expressions for separation of duties. Computer Security Applications Conference, 282-286.
    Wolter, C., Schaad, A., & Meinel, C. (2008). Task-based entailment constraints for basic workflow patterns. Symposium on Access Control Models and Technologies, 51-60.
    口試委員
  • 林福仁 - 召集委員
  • 徐士傑 - 委員
  • 楊婉秀 - 委員
  • 黃三益 - 指導教授
  • 口試日期 2009-06-24 繳交日期 2009-08-11

    [回到前頁查詢結果 | 重新搜尋]


    如有任何問題請與論文審查小組聯繫