跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.85) 您好!臺灣時間:2024/12/14 10:55
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:張峻榮
研究生(外文):Chun-Jung Chang
論文名稱:以混合式存取控制建構數位化校園之文件存取方案
論文名稱(外文):An Efficient Scheme of Document Access Upon Hybrid Access Control in Campus
指導教授:涂世雄涂世雄引用關係
指導教授(外文):Shih-Hsiung Twu
學位類別:碩士
校院名稱:中原大學
系所名稱:電機工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2003
畢業學年度:91
語文別:英文
論文頁數:54
中文關鍵詞:資料庫數論目標存取控制密碼學存取控制矩陣主體階層式
外文關鍵詞:access control matrixaccess controldatabasecryptographynumber theoryhierarchyobjectsubject
相關次數:
  • 被引用被引用:1
  • 點閱點閱:176
  • 評分評分:
  • 下載下載:14
  • 收藏至我的研究室書目清單書目收藏:0
摘 要
在本論文中我們提出一個基於混合式存取控制技術之有效率的文件存取方案,以處理數位化校園中日益廣範的公文之存取權問題。 在此方案中,我們提出一個兩層式存取控制的方法。其中我們使用了存取控制矩陣、階層式存取控制及向公眾公開存取控制等三個區域,來達成使用者在校園中存取他(她)們所希望存取之文件的目的。
首先,使用者必須輸入群組代碼、使用者代碼及密碼要求進入系統。當使用者通過驗證成為合法的使用者之後,方能進入第一層處理文件。依系統的設計,在第一層搜尋已分類集中管理的文件,並使用存取控制矩陣來控制合法的群組代碼及群組密碼方能進入第二層處理文件。而在第二層中我們使用存取控制矩陣及階層式存取控制的方法來控制文件的存取。最後,在第一層及第二層中系統依已分類的文件代碼所找到可以存取的文件,將之聚集成一個記憶體,再到資料庫中找出使用者所要存取的文件。
我們研究的主要貢獻如下: (一) 我們提出的數位化校園中文件存取控制方案是簡單的。 (二) 運用混合式存取控制的方法,減化了系統設計的複雜性。
我們相信本論文的研究成果,對未來校園中文件存取控制的研究領域上有相當的助益。
Abstract

In this thesis, we propose an efficient scheme of document access upon on hybrid access control to deal with access control rights for documents in digital campus. In the method, we discuss the access control in the digital campus. In order to simplify the complexity of access control of digital documents in campus, a two-layer access control is proposed. Based on such a two-layer scheme, a hybrid access control method including access control matrix, hierarchy access control and public access domain is applied to achieve an efficient way for user in campus to access their desired documents.
At first, the user id, unit id and password of the user are given to login the system. Passing through the password authentication process, the legal user is allowed to enter Layer 1 to access the corresponding documents. The identities of the user’s accessible documents in Layer 1 are found according to the access rules designed by the author. The method of access control matrix is used in this Layer. Then, by the unit id of the user, he is allowed to enter Layer 2 to access the corresponding documents. The identities of user’s accessible documents in Layer 2 are found according to the access rules designed in this Layer. The methods of access control matrix and hierarchy access control are used in this Layer. Finally, the identities of accessible documents of the user including Layer 1 and Layer 2 are stored in an access stack. By this access stack, the accessible documents of the user will be searched according to the requirements of the user.
The contributions of our works are as follows. (1) We propose a simple scheme for access control in campus. (2) The concept of hybrid access control is proposed to simplify the system design.
It is believed that the results of our study in this thesis will be efficient and helpful for documents access control.
Contents
Abstract …………………………………………………………………… I

List of Figures ……………………………………………………………III

List of Tables ………………………………………………………………IV

Chapter 1. Introduction
1.1 Motivations and Purposes………………………………………1
1.2 Our New Access Control and Main Results …………………3
1.3 Organization of The Thesis……………………………………4

Chapter 2. Background and Review of Previous Research
2.1 Basic Concepts of Number Theory………………………………5
2.2 Basic Concepts of Cryptography………………………………13
2.3 Identification and Authentication………………………… 17
2.4 Trusted System……………………………………………………19
2.5 Historical Review of Access Control……………………… 20

Chapter 3. An Efficient Scheme of Document Access Upon
Hybrid Access Control in Digital Campus
3.1 Construction of The Efficient Scheme ………………………29
3.2 Our Proposed Hybrid Scheme of Document Access ……………32

Chapter 4. Conclusions and Future Research …………………………46

References …………………………………………………………………47

List of Figures
Figure 2.1 Model of single- key cryptosystem …………………15
Figure 2.2 Model of public-key cryptosystem……………………17
Figure 2.3 An access control matrix………………………………22
Figure 2.4 The construction of the access control matrix …23
Figure 2.5 The accessor-list Method………………………………24
Figure 2.6 The capability -list method …………………………25
Figure 2.7 (a) The lock-list method……………………………………26
Figure 2.7 (b) The capability- list method …………………………26
Figure 2.8 The construction of the SKL system…………………28
Figure 3.1 Organization of the digital campus…………………31
Figure 3.2 A tree hierarchy structure of Unit i………………31
Figure 3.3 Quadratic residue password authentication ………33
Figure 3.4 Two access control scheme in Layer 1………………34
Figure 3.5 Three access control scheme in Unit i of Layer 2…38
Figure 3.6 An example of three level hierarchy structure
in Unit i of Layer 2……………………………………41
Figure 3.7 Flow chart of file management system………………45

List of Tables
Table 3.1 An example of access control matrix in section B
of Layer 1 for read access right ………………………35
Table 3.2 An example of access control matrix in section B
of Layer 1 for write access right ……………………35
Table 3.3 An example of access control matrix in section B
of Layer 1 for list access right ………………………36
Table 3.4 An example of access control matrix in section B
of Layer 1 for delete access right ……………………36
Table 3.5 An example of access control matrix in section B
of Layer 1 for append access right ……………………37
Table 3.6 An example of access control matrix in section Bi
of Layer 2 for read access right ………………………39
Table 3.7 An example of access control matrix in section Bi
of Layer 2 for write access right………………………39
Table 3.8 An example of access control matrix in section Bi
of Layer 2 for list access right ………………………40
Table 3.9 An example of access control matrix in section Bi
of Layer 2 for delete access right ……………………40
Table 3.10 An example of access control matrix in section Bi
of Layer 2 for append access right ……………………41
Table 3.11 A stack of file identities of accessible files
for read access right………………………………………42
Table 3.12 A stack of file identities of accessible files
for write access right ……………………………………43
Table 3.13 A stack of file identities of accessible files
for list access right………………………………………43
Table 3.14 A stack of file identities of accessible files
for delete access right……………………………………44
Table 3.15 A stack of file identities of accessible files
for append access right……………………………………44
References

〔1〕 Graham ,G.S. and Denning ,D. J.(1972): “ Protection-Principles and
Practice”, Proc. AFIPS 1972 SJCC,Vol.40,pp. 417-429.
〔2〕 Wu,M.L. and Hwang,T.Y.(1984): “Access Control with Single-Key-
Lock” ,IEEE Transactions on Software Engineering.Vol.SE-
10,No.2,1984,pp.185-191.
〔3〕 Jan,J.K.(1987): “A Single Key Access Control Scheme in Information
Protection Systems”. Proceedings of National Computer Symposium
1987,pp.299-303;also to appear in Information Sciences,1989.
〔4〕 Jan,J.K. Chang,C.C. and Wu,L.H(1989): “An Arithmetic Coding Oriented
Single Key Access Control Scheme”, to appear in The International
Journal of Policy and Information. Vol.13 ,No.2, December 1989.
〔5〕 Chang,C.C.(1986): “On the Design of a Key-Lock-pair Mechanism in
Information Protection System”, BIT, Vol.26, 1986, pp410-417.
〔6〕 Chang,C.C. and Chen,C.P.(1986): “A Key-Lock-pair Mechanism Based on
Generalized Chinese Remainder Theorem ”,Journal of the Chinese Institute
of Engineers,Vol.9,No.4,1986,pp.383-390.
〔7〕 Chang,K.C and Jang.T.M.(1987): “ An Access Control Mechanism for
Information Security”, Proceedings of Academic Seminar Public Security
and Information Management, Taipei, Taiwan, April 1987,pp.387-396.
〔8〕 Chang,C.C.(1987): “An Information Protection Scheme Based upon Number
Theory”, The Computer journal , Vol.30 , No.3, 1987. pp.249-253.
〔9〕 Chang,C.C. and Chang,C.H.(1987): “A Dynamic Access Control Scheme Based
upon Chinese Remainder Theorem”, Proceedings of National Computer
Symposium 1987,pp.304-311.
〔10〕Chang,C.C. and Jan,J.K.(1988): “An Access Control Scheme for New Users
and Files”, The International Journal of Policy and Information,Vol.
12,No. 2,December 1988,pp.89-98.
〔11〕Akl, S. G. and Taylor, P. D. (1983): “Cryptographic Solution to a
problem of Access Control in a Hierarchy”, ACM Trans. Computer System,
Vol.1, No 3, August 1983, pp.239-247.
〔12〕Mackinnon, S. T., Taylor, P. D., Meier, H., and Akl, S. G. (1985): “An
Optimal Algorithm for Assignment Cryptographic Keys to Control Access in
a Hierarchy”, IEEE Transactions on Computers, Vol. C-34, No.9, September
1985,pp.95-98.
〔13〕Chang, C. C. (1987): “On the implementation of User Hierarchy Structure
in Information Systems”, Proceedings if International Conference on
Computer Software and Applications, IEEE, Tokyo, Japan, October 1987,
pp.412-415.
〔14〕Sandhu, R. S. (1988): “Cryptographic Implementation of a Tree Hierarchy
for Access Control”, Information Processing Letters, Vol.27, 1988, pp.95-
98.
〔15〕J. J. Hwang, B.M. Shao and P.C. Wang, “A new access control method using
prime factorization”, The Computer Journal,Vol.35,No.1,pp.16-20,1992.
〔16〕W. Diffie and M.E. Hellman , ”New Directions in Cryptography ”,IEEE
Trans. Inform. Theory ,Vol. IT-22,1976.
〔17〕Eiji OKAMOTO, Member, IEEE, and KAZUE TANAKA,” Identity-Based
Information Security Management System for Personal Computer
Networks ”,IEEE Journal on selected areas in Communications, Vol.
7,No.2,February 1989.
〔18〕Kun Liu, Jan H. Bons and Jens C. Arnbak ,”Compound Document Transfer
Between Electronic-Mail Network And Facsimile Terminals”, IEEE Region 10
Conference Computer and Communication System ,September 1990.Hong Kong.
〔19〕C.-C. Chang , T.-C. Wu “Remote password authentication with smart
cards”, IEEE Proceedings-e ,Vol.138,No.3,May 1991.
〔20〕J,-P. Thomasson ,L. Baldi ,”Smartcards : Portable Security”,
Proceedings of the IEEE SET,1997.
〔21〕MARVIN A. SIRBU, “Credits and debits on the Internet”, Proceedings of
the IEEE Electronic Payments, pp.23-29, 1997.
〔22〕C. Crepeau and J. Killan, “ Achieving Oblivious Transfer Using Weakened
security Assumptions”, 29 th FOCS,1998.
〔23〕Jorgen Brandt, Ivan Damgard , Peter Landrock , Torben Pedersen ,”Zero-
Knowledge Authentication Scheme with Secret Key Exchange”, J .of
Crypto., vol.1,1998.
〔24〕Shiyong Lu,Scott A. Smolka, “Model Checking the Secure Electronic
Transaction (SET) Protocol”, Proceedings of the IEEE SET,2000.
〔25〕楊吳泉,賴溪松,”PGP 之弱金鑰”,資訊安全通訊,第四卷第一期,December 1997.
〔26〕賴溪松編著, “資訊安全通訊”, 中華民國資訊安全學會, Vol.7, No.3, June
2001.
〔27〕K.H.Rosen, Elementary Number Theory and It’s Applications,3 rd ed.,
Addision Wesley,1992.
〔28〕M.R.Schreeder, Number Theory in Science and Communication, 2nd ed.,
Springer-Verlag,1986.
〔29〕J. k. Strayer , Elementary Number Theory, PWS Publishing
Company,Boston,1994.
〔30〕Douglas R. Stinson, CRYPTOCRAPHY Theory an Practice, CRC.
〔31〕Simon Hayhin, COMMUNICATION SYSTEMS , 4 th Edition, Wiley Computer
Publishing ,JOHN WILEY&SONS,INC.
〔32〕William Stallings, Cryptography and Network Security, Principles and
Practice, Third Edition, pp.28-30, 2003.
〔33〕William Stallings, Cryptography and Network Security, Principles and
Practice, Third Edition, pp.616-634, 2003.
〔34〕Mark S, Merkow , Jim Breithaupt , Ken L. Wheeler, Building SET
Applications for Secure Transactions. Wiley Computer Publishing. JOHN
WILEY&SONS,INC.
〔35〕Vijay Ahuja , PH.D. Secure Commerce on the Internet, AP Professional INC.
〔36〕Bruce Schneier, Applied Cryptography, Second Edition, John Wiley & Sons,
Inc, pp.429-459, 1996.
〔37〕Chris Brenton 原著,Mastering Network Security,儒林圖書公司.
〔38〕閔嗣鶴,嚴士健編著,初等數論,第二版,凡異初版社,1957.
〔39〕楊吳泉編著, 現代密碼學入門與程式設計, 全華科技圖書股份有限公司, 1997.
〔40〕張真誠編著,電腦密碼學與資訊安全, 松崗電腦圖書資料股份有限公司, 1999.
〔41〕賴溪松, 韓亮, 張真誠編著, 近代密碼學及其應用, 松崗電腦圖書資料股份有限公
司, 1999. 
〔42〕伍麗樵.陳世仁編著, 網路安全與管理, 全華科技圖書股份有限公司, 1997.
〔43〕文書流程管理手冊,行政院研究發展考核委員會.教育部中部辦公室編印.20001.
〔44〕賴世培.項靖.宋餘俠.曾章瑞.馮震宇.吳秀光.詹中原合著,數位化政府,國立空中大
學.2002.
〔45〕張真誠, 林祝興, 江季翰編著,電子商務安全, 松崗電腦圖書資料股份有限公司,
2000.
〔46〕張耀仁.劉永信編著, 電子商務系統, 高立圖書資有限公司, 2001.
〔47〕張曉琪,廖建勇原著,劉緯鎧,阮明燦編譯,電子商務理論與實踐, 全華科技圖書股份有
限公司, 2001.
〔48〕吳汝貞編著,電子商務基礎技術及實務,新文京開發出版有限公司,2001.
〔49〕王貳瑞編著,電子商務概論,華泰文化事業有限公司,2000.
〔50〕許招墉編譯 , COMMUNICATION通訊 尖端通訊新知, 全華科技圖書股份有限公司.
〔51〕張大中編著,數據與數位通訊系統原理, 全華科技圖書股份有限公司.
〔52〕藍國桐編著, 通訊原理與應用 , 全華科技圖書股份有限公司.
〔53〕何中庸編譯 ,數位形動通信入門 , 全華科技圖書股份有限公司.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top