臺灣博碩士論文加值系統

本研究計畫的主題在於研究代理人的可信度管理，首要的目標是建立一個以代理人為基礎的安全式電子交易環境。以目前的情況來看，唯有代理人的觀念及技術來執行電子商務仲介者的角色，利用軟體代理者具有自主性，及適時反應等特質，提供服務時的效益和彈性，再輔以適當的安全性管理及深入的可信度探討，電子商務才可能被具體應用到人類實際日常生活上。在作法上除了採用FIPA的規格作為代理人系統平台的實作標準，延伸XML/RDF來便利代理人的建構與溝通，更進一步結合X.509及SPKI/SDSI兩種類型憑證的優點，導入分散式認證授權的觀念，並透過RBAC的控管，形成多重代理人系統的安全架構。配合相關的信任策略及商務模型，以期完成建構一個以代理人為基礎可信任安全式電子交易環境的目標。

This thesis describes an agent-based secure E-Commerce environment with distributed authentication and authorization services. The previous researches about security issues in agent-mediated E-commerce do not solve the problems of deals with strangers. We merge role based access control (RBAC) concept for adapting the certificates to different business models or new content-based network. Several types of agent delegation mechanism based on our role certificates and some considerations about how to achieve agent trust management with policies both in logics and practice are presented. Finally, We will demonstrate a scenario on FIPA OS system by using agent communication language (ACL) and content language (CL) encoded by XML and XML/RDF.

1 Introduction1
1.1 Overview1
1.2 Related Work2
1.3 Contribution3
1.4 Organization3
2 Preliminary4
2.1 Overview4
2.2 Terms8
3 Our approach13
3.1 Overview13
3.2Agent-Based Secure E-Commerce Environment16
3.2.1 Secure E-Commerce Environment without CA16
3.2.2 Agent Platform16
3.3 Access Control System17
3.3.1 Role-based Access Control17
3.3.2 Role Certificate Authentication18
3.4 Authorization Policy and Delegation Logics19
3.4.1 Symbol Representation19
3.4.2 Certificate Deduction20
3.4.3 Certificate Delegation Network21
3.5 Agent Communication Language25
3.5.1 Certificate Management Operations25
3.5.2 Certificate Encoding in XML/RDF27
4 Implementation30
4.1 Implementation Environment30
4.1.1 Java30
4.1.2 FIPA Request Interaction Protocol31
4.2 System implementation32
4.2.1 system overview32
4.2.2 agent implementation32
4.3 Scenario33
4.3.1 Implementation of Provider Agent36
4.3.2 Implementation of Demander Agent37
4.3.3 Implementation of Matcher Agent37
4.4 A Snapshot of System39
5 Conclusions42

[1]Abadi, M., Burrows, M., and Lampson, B. (1993). A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, 15(4), 706-734.
[2]Aura, T. (1998). On the Structure of Delegation Network. Proceedings of the 11th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, 14-26.
[3]Aura, T. (1999). Distributed Access-Rights Management with Delegation Certificates. Secure Internet Programming: Security Issues for Mobile and Distributed Objects LNCS 1603, Springer-Verlag, 213-238.
[4]Blaze, M., Feigenbaum, J., and Lacy, J. (1996). Decentralized Trust Management. Proceedings of the 17th Symposium on Security and Privacy, 164-173.
[5]Camp, L.J. (2000). Trust and Risk in Internet Commerce, MIT Press.
[6]Chu, Y.H., Feigenbaum, J., LaMacchia, B., Resnick, P., and Strauss, M. (1997). REFEREE: Trust Management for Web Applications. World Wide Web Journal, 2, 127-139.
[7]Ellison, M. Carl, et al. (1999). SPKI Certificate Theory, RFC 2693, Internet Society. See ftp://ftp.isi.edu/in-notes/rfc2693.txt
[8]Extensible Markup Language (XML). See http://www.w3.org/XML/
[9]FIPA Specification Repository. See http://www.fipa.org/repository/index.html
[10]Gerck, E. (1998). Overview of Certification systems. See http://www.mcg.org.br
[11]He, Q., Sycara, K., and Finin, T.W. (1998). Personal Security Agent: KQML-Based PKI, ACM Conference on Autonomous Agents.
[12]Herzbery, A., Mass, Y., Mihaeli, J., Naor, D., and Ravid, Y. (2000). Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, 2000 IEEE Symposium on Security and Privacy, 2-14.
[13]Hu, Y.J. (2001). Some Thoughts on Agent Trust and Delegation. Proceedings of The 5th International Conference on Autonomous Agents 2001.
[14]JDOM. See http://www.jdom.org/
[15]Jennings, R.N., Sycara, K., and Wooldridge M. (1998). A Roadmap of Agent Research and Development. Journal of Autonomous Agents and Multi-Agent Systems, 1(1), 7-38.
[16]Kimbrough, O.S. and Moore, A.S. (1997). On Automated Message Processing in Electronic Commerce and Work Support Systems: Speech Act Theory and Expressive Felicity, ACM Transactions on Information Systems, 15(4), 321-367.
[17]NIST Role Based Access Control. See http://hissa.nist.gov/rbac/
[18]Nortel Networks FIPA-OS. See http://sourceforge.net/projects/fipa-os/
[19]Nwana, S.H., et al. (1998). Agent-Mediated Electronic Commerce: Issues, Challenges and some Viewpoints. Proceedings of the 2nd International Conference on Autonomous Agent 98, 189-196.
[20]Resource Description Framework (RDF). See http://www.w3.org/RDF/
[21]Rivest, R., and Lampson, B., SDSI: A Simple Distributed Security Infrastructure (SDSI). See http://theory.lcs.mit.edu/~cis/sdsi.html
[22]Special Interest Group on Agent-Mediated Electronic Commerce. See http://www.iiia.csic.es/AMEC/
[23]Wong, H. C., and Sycara, K. (1999). Adding Security and Trust to Multi-Agent Systems. Proceedings of Autonomous Agents ’99 (Workshop on Deception, Fraud and Trust in Agent Societies). 149-161.
[24]XML-Signature WG. See http://www.w3.org/Signature/