臺灣博碩士論文加值系統

網路購物是一種方興未艾的商業模式，其結合了許多現代生活的便利與機動，為許多小額資本創造更多機會。然而，過去的技術沿用，帶來了許多陳舊的問題。然而在軟體開發的經驗中，安全性常常在實際應用被屏除，成為一個獨立且非必要的學科，導致訓練及經驗不足之工程師忽略相關議題或是沿用有缺陷的程式碼，給予有心者進行破壞的空間，進而造成許多企業級的軟體開發出現不必要的安全威脅。在本篇論文中，將利用一個架構於雲端的代理人模組，提供企業在進行商業交易行為的介面上，一個可能的安全性解決方案。此模組將提供以下的特性：
1. 代理人可以照使用者自定的規則進行測試與定義輸出文字紀錄檔。
2. 提供一個代理人管理平台，讓不間斷測試形成一個監控模組。
3. 提供知識庫儲存已使用的規則以作為未來使用。
4. 代理人介面提供可攜性，可配合系統內容做移植。
此模組預計做為建構成一個半完整的監控執行程序之基礎，結合其他既存的知識，提供購物網站安全性管理的一個解決方案。

Internet shopping is a business model which combines the convenience of modern life and mobility, and creates more opportunities for many small capitals. However, the old pattern of technologies in use brought to many security problems that still exist. Also, while security is often an issue easy to be undercover, the lack of training and experience for the engineers often result in unnecessary security threats in enterprise-class software development. In this paper, a framework for agent module, acts as a possible security solutions. This module will provide the following features:
1. An agent can test according to the rules and output documents that users defined.
2. An agent management platform to allow uninterrupted test of a monitoring module.
3. Knowledge base to store rules for future use.
4. Agent interface provides portability, with the system content easy to transplant.
This module is expected to construct procedures for monitoring with existing technology, to provide a solution of the security management of a shopping site.

摘要 I
Abstract II
誌謝 III
章節目錄 IV
圖目錄 VII
表目錄 VIII
第一章 導論 1
1.1. 前言 1
1.2. 研究動機 2
1.3. 研究目的 3
1.4. 章節安排 4
第二章 背景知識與相關研究 5
2.1. 網路購物之安全問題 5
2.2. 黑箱測試(Black-Box Testing) 7
2.3. 基於可再用元件的軟體工程 8
2.4. 智慧型代理人 9
2.5. Enterprise Java Bean 10
2.6. Java Persistence API 11
2.7. JBoss Enterprise Application Platform 12
第三章 研究方法 14
3.1. 系統模型 14
3.2. 智慧型代理人 16
3.3. 測試知識庫 19
3.4. 應用元件介面 21
第四章 系統的設計與實作 23
4.1. 系統規格 23
4.1.1. 系統環境 23
4.1.2. 開發環境 23
4.2. 系統流程 23
4.3. 使用者介面 25
4.4. 代理人工廠 26
4.5. 知識庫實作 28
4.6. Enterprise Java Beans與再利用元件 29
第五章 案例研究與評估 31
5.1. 購物網站實例 31
5.2. 初始化代理人 32
5.2.1 成本檢查代理人 32
5.2.2 存貨檢查代理人 33
5.2.3 登入動作檢查代理人 33
5.3. 測試知識庫學習 36
5.4. 評估 37
第六章 結論與未來工作 39
參考文獻 41

[1]Bigne, E., Ruiz, C., & Sanz, S. (2005). The Impact of Internet User Shopping Patterns and Demographics on Consumer Mobile Buying Behavior. Journal of Electronic Commerce Research. 6 (3).
[2]Jarvenpaa, S. L., & Todd, P. A. (1997). Consumer reactions to electronic shopping on the World Wide Web. International Journal of Electronic Commerce. 1, pp. 59–88.
[3]Peterson, R. A., Balasubramanian, S., & Bronnenberg, B. J. (1997). Exploring the implications of the Internet for consumer marketing. Journal of the Academy of Marketing Science. 25, pp. 329–346.
[4]Huang, M. (2000). Information load: its relationship to online exploratory and shopping behavior. International Journal of Information Management. 20, pp. 337–347.
[5]iThome. (2008). 線上購物網站的安全到底出了什麼問題. Retrieved from http://www.ithome.com.tw/itadm/article.php?c=47677
[6]李允中. (2009).。軟體工程 Software Engineering. 美商麥格羅.希爾, Taiwan
[7]Perry, W. E. (1999). Effective Method for Software Testing. 2nd Ed. Danvers, MA: Wiley.
[8]Beizer, B. (1995). Black-Box Testing: Techniques for Functional Testing of Software and Systems. Danvers, MA: Wiley.
[9]Edwards, S. H. (2001). A framework for practical, automated black-box testing of component-based software. Software Testing, Verification and Reliability, 11(2), pp. 97-111.
[10]Mutz, D., Vigna, G., & Kemmerer, R. (2003). An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems. Proceedings of the 19th Annual Computer Security Applications Conference. Las Vegas, NV, USA
[11]Krichen, M., & Tripakis, S. (2004) Black-Box Conformance Testing for Real-Time Systems. Lecture Notes in Computer Science, 2004(2989), pp. 109-126.
[12]Booch, G. (1994). Object-oriented analysis and design with applications 2nd ed. Redwood City, Calif: Benjamin/Cummings Pub. Co.
[13]Gamma, E., Helm, R., Johnson, R., & Vlissides, J. (1994). Design Patterns. Elements of Reusable Object-Oriented Software. Boston, MA: Addison-Wesley.
[14]Johnson, R.E., & Foote, B. (1988). Designing Reusable Class. Journal of Object-Oriented Programming, 1(2): pp. 22-35.
[15]Meyer, B. (1990). Tools for the New Culture: Lessons from the Design the Eiffel Libraries. Communications of the ACM, 33(9): pp. 68-88.
[16]Holland, I. M. (1993). The Design and Representation of Object-Oriented Components. (Doctoral thesis). Northeastern University, Boston, MA. Retrieved from http://www.ccs.neu.edu/home/lieber/theses-index.html
[17]Chu, C. W., Lu, C. W., Yang, H., & He, X. (2000). A Formal Approach for Component Retrieval and Integration Analysis. Journal of Software Maintenance, 12(5): pp. 325–342.
[18]Chu, C. W., & Yang, S. (1999). A Formal Approach to Software Design Process with Reuse. Proceedings of the Fourth World Conference on Integrated Design & Process Technology, Kusadasi, Turkey.
[19]Chu, W.C., Hsu, C.P., Lu, C. W., & He, X. (1999). A Semi-Formal Approach to Assist Software Design with Reuse. Proceedings of ICSM’99: IEEE International Conference on Software Maintenance, Oxford, England, pp. 256-264.
[20]Yang, J. T., Huang, J. L., Wang, F. J., & Chu, C. W. (2002). Constructing an Object-Oriented Environment for Web Application Testing. Journal of Information Science and Engineering, 18(1): pp. 59-84.
[21]Chu, C.W., Lu, C.W., Chang, C.H., & Chung, Y.C. (2001). Pattern Based Software Re-engineering. Handbook of Software Engineering and Knowledge Engineering, (1), pp.767-786. River Edge, NJ: World Scientific Publishing.
[22]Bradshaw, J. E. (1997), Software Agents, MIT Press.
[23]Hayes, C. C. (1999). Agents in a Nutshell-A Very Brief Introduction. IEEE Transactions on Knowledge and Data Engineering, 11(1), pp. 127-132, Jan.-Feb. 1999, doi:10.1109/69.755621
[24]Zulkernine, F. H., Powley, W., & Martin, P. (2009). Aut-onomic Management of Networked Web Services-Based Processes. Autonomic Computing and Networking, Eds. by Denko, M. K., Yang, L. T. & Zhang, Y., New York, NY: Springer.
[25]Zulkernine, F. H., & Martin, P. (2011). An Adaptive and Intelligent SLA Negotiation System for Web Services. IEEE Transactions on Services Computing, 4(1), pp. 31-43.
[26]Zulkernine, F., Patrick Martin, P., Craddock, K., & Wilson, K. (2009) Policy-based Middleware for Web Services SLA Negotiation. Proceedings of IEEE International Conference on Web Services. Los Angeles, CA.
[27]Green, D. (2002) Enterprise Beans. J2EE Tutorial. Retrieved from http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/EJBConcepts.html
[28]Rubinger, A. L., & Burke, B. (2010). Enterprise JavaBeans 3.1, 6th Ed. Sebastopol, CA: O’Reilly Media.
[29]Debu Panda, Reza Rahman, Derek Lane. (2007). EJB 3 in Action. Greenwich, CT: Manning.
[30]Java Persistence 2.0 Expert Group. (2009). JSR 317: JavaTM Persistence API, Version 2.0. Retrieved from http://download.oracle.com/otndocs/jcp/persistence-2.0-fr-oth-JSpec/
[31]King, G., Bauer, C., Andersen, M. R., Bernard, E., Ebersole, S. & Ferentschik, H. (2004). Hibernate Reference Documentation. Raleigh, NC:Red Hat. Retrieved from http://docs.jboss.org/hibernate/stable/core/manual/en-US/html/
[32]Bernard, E., Ebersole, S., & King, G. (2005). Hibernate Entity Manager. Raleigh, NC:Red Hat. Retrieved from http://docs.jboss.org/hibernate/entitymanager/3.5/reference/en/html_single/
[33]JBoss Enterprise Middleware. Retrieved from http://www.redhat.com/jboss/
[34]In, H. P., Kim, C. H., Yun, U., & Yau, S. S. (2003). Q-MAR: A QoS Resource Conflict Identification Model for Situation-Aware Middleware. Proceedings of FTDCS’03: The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems. San Juan, Puerto Rico.
[35]Wohlstadter, E., Tai, S., Mikalsen, T., Diament, J., & Rouvellou, I. (2006). A Service-oriented Middleware for Runtime Web Services Interoperability. Proceedings of ICWS ’06: International Conference on Web Services. Rosemont, IL.
[36]Tambe, S., Dabholkar, A., & Gokhale, A. (2009). Fault-Tolerance for Component-Based Systems - An Automated Middleware Specialization Approach. Proceedings of ISORC ’09: IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, 2009.
[37]Coulson, G., Grace, P., Blair, G., Mathy, L., Duce, D., Cooper, C. . . . Cai, W. (2004) towards a component-based middleware framework for configurable and reconfigurable grid computing. Proceedings of WETICE 2004: The 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. Modena, Italy.