論文使用權限 Thesis access permission:校內一年後公開,校外永不公開 campus withheld
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus:永不公開 not available
論文名稱 Title |
在以Web Service為基礎的工作流程實行存取控制之研究 Enforcing Access Control of Web Services Based Workflows |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
65 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2008-06-23 |
繳交日期 Date of Submission |
2008-07-22 |
關鍵字 Keywords |
存取控制、網路服務、可靠度、網路服務選擇 Reliability, Web Services, Web Service Selection, Access Control |
||
統計 Statistics |
本論文已被瀏覽 5947 次,被下載 26 次 The thesis/dissertation has been browsed 5947 times, has been downloaded 26 times. |
中文摘要 |
在網路服務(Web services)被廣泛地用來包裝組織內與跨組織的人工與自動服務之後,許多研究提出,將這些網路服務組合起來,滿足跨組織的工作流程(Workflow)中不同任務(Task)的需求,而且還要滿足不同組織中的存取控制限制(Access Control Constraint)。本研究提出一個動態選擇策略,為跨組織工作流程中的每個任務,選擇適當網路服務。此選擇策略除了可以避免違反存取控制限制之外,還能選擇讓流程成功機會較高的網路服務。實驗顯示我們的選擇策略可以避免違反存取控制限制,在有存取控制限制的情況下比Aggregate Reliability 和Random 兩種方法表現得好。 |
Abstract |
Web services have emerged as a de facto standard for encapsulating services within or across organization boundaries. Various proposals have been made to compose Web services into workflow so as to meet the goal previously unaccomplished by a single entity. This thesis intends to investigate the Web services-based workflow access control problem. It starts by analyzing the various access control constraints proposed in the literatures and presenting three primitive constructs that are capable of specify these constraints. It then proposes a Web service selection approach that dynamically chooses a performer for each task in the workflow, not only to satisfy all access control constraints currently but also to increase the chance of completing the entire process in the future. The proposed approach is evaluated using synthetic data and is shown to result in the execution that is less likely to violate any specified access control constraints. |
目次 Table of Contents |
CHAPTER 1 - Introduction 1 1.1 Background 1 1.2 Motivation 2 1.3 Thesis Organization 5 CHAPTER 2 - Literature Review 6 2.1 Web Services Technologies 6 2.1.1 SOAP 6 2.1.2 WSDL 7 2.1.3 UDDI 7 2.2. Web Services Composition 8 2.3. Workflow Access Control 9 2.4. Workflow Access Control Constraints 9 2.5. Dynamic Web Service Selection 10 CHAPTER 3 - Problem Definition 12 3.1 Preliminaries 12 3.2 Problem description 19 CHAPTER 4 - Our Approach 20 4.1 Architecture 20 4.2 Modeling the access control constraints 22 4.2.1 Separation of Duties (SoD) 22 4.2.2 Binding of Duties (BoD) 23 4.2.3 Session Limit 23 4.2.4 Pre-Requisite Roles 23 4.2.5 Service Restriction 24 4.2.6 Seniority 24 4.2.7 Location/time-based 24 4.2.8 Disallowed delegation sequence 24 4.3 Adjusting the FSMs of participants and component WSs 25 4.4 Building the composition of the target FSM, participants and component WSs 31 4.5 Computing Aggregated Reliabilities for Web Service Selection 32 4.6 Enforcing disallowed delegation sequence at runtime 34 CHAPTER 5 - Performance Evaluation 36 5.1 TripPlan Scenario 36 5.2 Experiment Design 40 5.3 Experiment Result 44 CHAPTER 6 - Conclusion 52 References 53 |
參考文獻 References |
Bertino, E., Crampton, J., & Paci, F. (2006). Access control and authorization constraints for WS-BPEL. Web Services, 2006. ICWS '06. International Conference on, 275-284. Bertino, E., Ferrari, E., & Atluri, V. (1999). The specification and enforcement of authorization constraints in workflow management systems. ACM Trans.Inf.Syst.Secur., 2(1), 65-104. Bertino, E., Squicciarini, A., Paloscia, I., & Martino, L. (2006). Ws-AC: A fine grained access control system for web services. World Wide Web, 9(2), 143-171. Bhatti, R., Bertino, E., & Ghafoor, A. (2005). A trust-based context-aware access control model for web-services. Distributed and Parallel Databases, 18(1), 83-105. Cardoso, J. Sheth, A. Miller, J. Arnold, J. Kochut,K. (2004). Quality of service for workflows and web service processes Christensen, E., Curbera, F., Meredith, G., & Weerawarana, S. (2007). Web services description language (WSDL) 1.1. Unpublished manuscript. Retrieved 10 17,2007, from http://www.w3.org/TR/wsdl Clement, L., Hately, A., von Riegen, C., & Rogers, T. (2004). UDDI version 3.0.2. Unpublished manuscript. Retrieved 10 17, 2007, from http://uddi.org/pubs/uddi-v3.0.2-20041019.htm Crampton, J. (2005). A reference monitor for workflow systems with constrained task execution. SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden. 38-47. Curbera, F., Duftler, M., Khalaf, R., Nagy, W., Mukhi, N., & Weerawarana, S. (2002). Unraveling the web services web: An introduction to SOAP, WSDL, and UDDI. Internet Computing, IEEE, 6(2), 86-93. Hwang, S., Lim, E., Lee, C., & Chen, C. (2007). On composing a reliable composite web service: A study of dynamic web service selection. ICWS, 184-191. Mitra, N., & Lafon, Y. (2007). SOAP version 1.2 part 0: Primer (second edition). Unpublished manuscript. Nakos, G., & Joyner, D. (1998). Linear algebra with applications (1st ed.) Brooks/Cole Pub. Co. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. Computer, 29(2), 38-47. Srivatsa, M., Iyengar, A., Mikalsen, T., Rouvellou, I., & Jian Yin. (2007). An access control system for web service compositions. Web Services, 2007.ICWS 2007.IEEE International Conference on, , 1-8. Thomas, J., Paci, F., Bertino, E., & Eugster, P. (2007). User tasks and access control over Web services Tolone, W., Ahn, G., Pai, T., & Hong, S. (2005). Access control in collaborative systems. ACM Comput.Surv., 37(1), 29-41. Zeng, L., Benatallah, B., Ngu, A. H. H., Dumas, M., Kalagnanam, J., & Chang, H. (2004). QoS-aware middleware for web services composition. IEEE Transactions on Software Engineering, 30(5), 311-327. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:校內一年後公開,校外永不公開 campus withheld 開放時間 Available: 校內 Campus: 已公開 available 校外 Off-campus:永不公開 not available 您的 IP(校外) 位址是 18.118.254.94 論文開放下載的時間是 校外不公開 Your IP address is 18.118.254.94 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |