(3.210.184.142) 您好!臺灣時間:2021/05/12 03:45
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:林宜進
研究生(外文):Yi-Chin Lin
論文名稱:基於XML之網路資訊資源的整合式存取控制機制研究
論文名稱(外文):Integrated Access Control Scheme for Networked Information Resources Based on XML
指導教授:曹偉駿曹偉駿引用關係
指導教授(外文):Woei-Jiunn Tsaur
學位類別:碩士
校院名稱:大葉大學
系所名稱:資訊管理學系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2005
畢業學年度:93
語文別:中文
論文頁數:125
中文關鍵詞:網路資訊資源XML角色為基礎之存取控制網路服務
外文關鍵詞:networked information resourcesXMLrole-based access controlweb services
相關次數:
  • 被引用被引用:0
  • 點閱點閱:90
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
常見網路資訊資源包括HTML、XML、Database和Web Services等型態,且網站上所提供資訊資源的查詢方式與權限規則會隨著系統環境及安全政策不同而有顯著差異,因此容易造成各項網路資源難以綜合運用。針對上述問題,現有作法是運用XML的互通性來建立標準的資料格式,但是對於權限規則及存取控制的整合方面卻尚未完備。是故,本論文將提出整合式存取控制機制,除了讓使用者可享有資料整合後所帶來的便利性,同時提供系統管理員權限控管。
在本論文提出之整合式存取控制機制中,首先系統會依照安全政策設定檔內所含的網路資訊資源之來源位置、格式對照表、角色及權限規則,將使用者的查詢條件依權限規則轉換成多種資訊資源查詢語法,使其能同步對多個資訊資源進行查詢。最後整合不同格式的結果成XML格式,並依照使用者權限萃取出查詢結果給使用者。簡言之,本研究貢獻在於,基於XML提出網路資訊資源的整合式存取控制,以提升現行機制的執行及通訊效率,並達到只有合法角色,才能依循安全政策,安全且有效率的存取整合後網路資訊資源。
It’s very common to use networked information resources, including HTML, XML, database, and web services. In general, websites provide the way to search and access networked information resources by employing a variety of limited rules and security policy. Therefore, it will be difficult to integrate all kinds of Internet resources. In order to resolve these problems, existing methods are to use the XML format to establish the standard form. As for the integration for limited rules and access control, there exists no integrated scheme as of now. Additionally, an integrated access control scheme is proposed in this thesis such that users can access networked information resources efficiently and securely.
Concerning the way to use the integrated access control scheme, first of all, according to the source of networked information resources, the mapping table, and role and privilege rules, the system will change users’ searching requirements to various information resources searching syntax, and therefore users can query many other information resources at the same time. And then it will integrate the results of different form to XML. Finally, it will show the query results to users according to users’ rights.
In summary, the contribution of the thesis is to propose the integrated access control scheme for Internet information resources based on XML. Only legal roles can access networked information resources after access control integration according to the security policy.
封面內頁 .......................................... 42
簽名頁 ............................................ 44
授權書 ............................................ 44
中文摘要 .......................................... 42
英文摘要 .......................................... 42
誌謝 .............................................. 46
目錄 .............................................. 46
圖目錄 ............................................ 44
表目錄 ............................................ 44
.................................................. 50
第一章 緒論 ...................................... 38
1.1 研究背景與動機 ................................ 32
1.2 研究目的 ...................................... 38
1.3 研究流程 ...................................... 38
1.4 論文架構 ...................................... 38
第二章 文獻探討 ................................... 35
2.1 XML相關技術 ................................... 35
2.1.1 XML ......................................... 41
2.1.2 XML Validation: DTD 與 XML Schema ........... 11
2.1.3 XPath and XQuery ............................ 28
2.1.4 Web Services ................................ 32
2.2 網路資訊資源整合 .............................. 30
2.2.1 網路資訊資源 ................................ 32
2.2.2 現行的整合架構 .............................. 30
2.3 存取控制 ...................................... 38
2.3.1 存取控制定義 ................................ 32
2.3.2 RBAC ........................................ 40
2.3.3 運用XPath 表示權限規則 ...................... 22
2.4 XML安全技術 ................................... 35
2.4.1 XML Encryption .............................. 30
2.4.2 XML Signature ............................... 31
2.4.3 XKMS ........................................ 40
第三章 網路資訊資源的整合式存取控制機制 .......... 10
3.1 具安全考量之系統整合架構 ...................... 22
3.2 系統建置階段 .................................. 34
3.2.1 安全政策設定檔之建立 ........................ 24
3.2.2 演算法符號及撰寫語法說明 .................... 20
3.2.3 查詢前處理 .................................. 34
3.2.4 使用者註冊 .................................. 34
3.3 系統運作流程 .................................. 34
3.3.1 使用者查詢 .................................. 34
3.3.2 啟動Mediation Layer 的API ................... 19
3.3.3 身份驗證 .................................... 36
3.3.4 角色授權 .................................... 36
3.3.5 任務分派 .................................... 36
3.3.6 同步啟動 XMF Wrapper ........................ 24
3.3.7 取得Resource Layer授權 ...................... 22
3.3.8 同步查詢 Resource Layer ..................... 21
3.3.9 接收Resource Layer資料 ...................... 22
3.3.10 資料整合 ................................... 35
3.3.11 依權限過濾可讀的標籤 ....................... 23
3.3.12 回傳整合結果給 Mediation _API .............. 14
3.3.13 回傳查詢結果給使用者 ....................... 23
第四章 安全性與效能分析 ........................... 27
4.1 系統假設 ...................................... 38
4.2 安全性分析 .................................... 36
4.3 計算效率之分析 ................................ 32
4.4 通訊效率之分析 ................................ 32
4.5 優勢與效益 .................................... 36
第五章 系統案例與實作 ............................ 28
5.1 公司與銀行對帳之案例 .......................... 26
5.2 系統實作環境 .................................. 34
5.3 系統建置階段 .................................. 34
5.4 系統身份驗證運作流程 .......................... 26
5.5 資料查詢 ...................................... 38
第六章 結論與未來發展方向 ........................ 24
參考文獻 .......................................... 42
附錄 .............................................. 46
[1] 邱啟弘,"RBAC 權限控管系統中靜態責任分離機制之研究", 中原大學資訊工程系碩士論文,2004。
[2] 林玉凡,"EB 前瞻產品-企業應用程式整合(EAI)產品之探討",資策會電子商務應用推廣中心-FIND 研究群, 2001。
[3] 陳光明,"企業資訊入口網站設計之研究",國立交通大學資訊管理所碩士論文,2002。
[4] F. Casati, M. Fugini and I. Mirbel, "An environment for designing exceptions in workflows," Information Systems, Vol. 24, pp. 255-273, 1999.
[5] D. Ferraiolo and R. Kuhn, "Role-based access control," 15th NIST-NCSC National Computer Security Conference, 1992.
[6] D. Ferraiolo, J. Barkley and D. Richard Kuhn, "A role-based access control model and reference implementation within a corporate Intranet," ACM Transactions on Information and System Security, Vol. 2, pp. 34-64, 1999.
[7] D. Ferraiolo, R. Sandhu, S. Gavrila, D. Richard Kuhn and R. Chandramouli, "Proposed NIST standard for role-based access control," ACM Transactions on Information and System Security, Vol. 4, pp. 224-274, 2001.
[8] A. Harbitter and D. Menasce, "Performance of public-key-enabled Kerberos authentication in large networks," Proceedings of the IEEE Int. IEEE Symposium on Security and Privacy, pp. 170-183, 2001.
[9] J. Jeon , "Filtering XPath expressions for XML access control," Computers and Security , Vol. 23, pp. 591-605, 2004.
[10] P. Johannesson, B. Wangler and P. Jayaweera, "Application and process integration –concepts, issues, and research directions," Swedish National Board for Industrial and Technical Development, 2001.
[11] K. Lee, J. Min and K. Park, "A design and implementation of XML-based mediation framework(XMF) for integration of internet information resources," Proceedings of the 35th Hawaii International Conference on System Sciences, pp. 20-33, 2002.
[12] S. Osborn, "Integrating role graphs: a tool for security integration," Data and Knowledge Engineering, Vol. 43, pp. 317-333, 2002.
[13] H. Theo, S. Gunter and T. Joachim, "The intrinsic problems of structural heterogeneity and an approach to their solution," The VLDB Journal, Vol. 8, pp. 25-43, 1999.
[14] A. Wohrer, P. Brezany and I. Janciak, "Virtualization of heterogeneous data sources for grid information systems," Institute for Software Science University of Vienna, 2004.
[15] Robert W. , "Internet security glossary," IETF RFC 2828, 2000.
[16] S. Yoo, K. Lee, and K. Lee, "An XML-based mediation framework for seamless access to heterogeneous internet resources," Lecture Notes in Computer Science, Vol. 797, pp.396-405, 2003.
[17] OASIS Security Services (SAML) ,<http://www.oasis-open.org/committees/security>, 2004.
[18] OASIS Security Services (SAML), <http://www.oasis-open.org/committees/download.php/1371/oasis-sstc-saml-ocre-1.0.pdf>, 2001.
[19] W3C Extensible Markup Language (XML) ,<http://www.w3.org/XML/>, 2004.
[20] W3C Recommendation (Extensible Markup Language (XML) 1.0 , <http://www.w3.org/TR/REC-xml>, 2004.
[21] W3C XML Signature, <http://www.w3.org/Signature >, 2001.
[22] W3C XML Encryption, <http://www.w3.org/Encryption/2001>, 2001.
[23] W3C XML Schema, <http://www.w3.org/TR/xmlschema-0>, 2004.
[24] XML Key Management Specification (XKMS), <http://www.w3.org/TR/xkms/>, 2001.
[25] XML台灣資訊網, <http://www.xml.org.tw>, 2004.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊
 
系統版面圖檔 系統版面圖檔