跳到主要內容

臺灣博碩士論文加值系統

(44.221.70.232) 您好!臺灣時間:2024/05/29 11:32
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:吳建榮
研究生(外文):Chien-Jung Wu
論文名稱:利用OCL限制語言強化工作流程內的資訊流控制模式之研究
論文名稱(外文):An Information Flow Control Model for Workflows Using OCL as It is Constraint Language
指導教授:周世杰
指導教授(外文):Shih-Chien Chou
學位類別:碩士
校院名稱:國立東華大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2005
畢業學年度:93
語文別:中文
論文頁數:76
中文關鍵詞:工作流程物件限制語言工作流程存取控制列
外文關鍵詞:constraintOCLWFACLworkflow
相關次數:
  • 被引用被引用:0
  • 點閱點閱:174
  • 評分評分:
  • 下載下載:22
  • 收藏至我的研究室書目清單書目收藏:1
在現代軟體工程發展的趨勢中,工作流程(Workflow)可以將企業流程部份或全部自動化,提升企業的工作效率,因此工作流程的應用漸漸成為企業資訊應用的方向。然而在工作流程的執行過程中,常忽略工作流程內部的資訊安全,例如:讓權限較低的線上操作員,取得屬於經理權限才能讀取之客戶優惠折扣資料,造成資訊的洩漏。本論文的探討重點即是以我們之前發展的一套WfACL模式為基礎,再配合物件限制語言(Object Constraint Language,簡稱OCL)的應用,用以確保工作流程執行過程中資料的安全。它的基本方法為:(a)利用WfACL中資料的存取權控制資料的存取,例如:線上操作員不得取得經理權限的資料;(b)使用OCL語法加強WfACL中限制的描述,例如:限制出納人員不得兼任會計人員,以防止舞弊;由以上所提出的方法,我們加以研究及模擬來證實WfACL及OCL是可以讓工作流程執行過程中資料更安全,我們將WfACL和OCL結合成EWfACL(Extended WfACL),並實作輸入介面以供使用者使用EWfACL。
This thesis proposes an information flow control model for workflows,which is named EWfACL(Extended WfACL). It is an extension of our previous research WfACL(Information flow control model for workflows based on Access control list).WfACL offers various features to prevent information leakage during the execution of workflows. Nevertheless,WfACL is weak in describing and enforcing constraints. In this regard,We extend WfACL by adding the ability of describing and enforcing constraints. The extension results in EWfACL, In extending WfACL,we first tried to define a constraint language,After several months of research, we identitied that OCL(object constraint language) is very powerful in describing the constraints that cannot be described by WfACL. We thus combined OCL and WfACL to form the new model EWfACL. This thesis describes the WfACL and the combination. It also show the interfaces to create workflows and constraints.
致謝
摘要
Abstract
目錄
第一章概論
第二章 相關研究
第三章 工作流程及WfACL模式
3.1工作流程的定義
3.2 WfACL模式
3.3 WfACL的應用
3.4 WfACL的安全存取控制
3.5 WfACL的特性
3.5.1 控制讀和寫的權限
3.5.2 交易公司的資訊不能被洩漏到其他公司
3.5.3 避免資訊洩漏到競爭對手
3.5.4 在公司內部避免資訊的洩漏
3.5.5 管理動態關連的改變
3.5.6 避免資料的間接洩漏
3.5.7 避免資料的直接洩漏
第四章 物件限制語言的引入
4.1物件限制語言OCL
4.2 OCL的特性
4.3 OCL的使用
4.4 OCL應用的例子
4.4.1 對角色(role)的限制
4.4.2 對資料(Data)的限制
4.4.3 對資源(Resource)的限制
4.4.4 對動作(Activity)的限制
4.5在WfACL中使用OCL(Object constraint Language)
第五章 EWfACL的實作
第六章� 結論及未來的發展
參考資料
附錄一 WfACL工作流程範例
附錄二� OCL語法
【1】Ahn, G. J., Sandhu, R., Kang, M., Park, J., 2000. Injecting RBAC to Secure a Web-Based Workflow System. In: Proceedings of the 5’th ACM Workshop on Role-Based Access Control.
【2】Atluri, V., Chun, S. A., Mazzoleni, P., 2001. A Chinese Wall Security Model for Decentralized Workflow Systems. In: Proceedings of the 8’th ACM Conference on Computing and Communication Security, 2001.
【3】Basin, D., Doser, J., Lodderstedt, T., 2003. Model Driven Security for Process-Oriented Systems. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Applications,100-109.
【4】Bertino, E., Ferrari, E., Atluri, V., 1997. A Flexible Model Supporting the Specification and Enforcement of Role-based Authorizations in Workflow Management Systems. In: Proceedings of the 2’nd ACM Workshop on Role-Based Access Control.
【5】Dong, X., Chen, G., Yin, J., Dong, J., 2002. Petri-net-based Context-related Access Control in Workflow Environment. In: Proceedings of the 7’th International Conference on Computer Suported Cooperative Work in Design.
【6】Ford, W., Baum, M. S., 2001. Secure Electronic Commerce, second edition. Prantice-Hall.
【7】Georgakopoulos, D., Hornick, M., Sheth, A., 1995. An Overview of Workflow Management: From Process Modeling to Workflow Automation Infrastructure. Distributed and Parallel Databases, 3, 119-153.
【8】Harrison, M. H., Ruzzo, W. L., Ullman, J. D., 1976. Protection in Operating Systems. Communications of the ACM, 19 (8), 461-471.
【9】Hung P. C. K., Karlapalem, K., 2003. A Secure Workflow Model. In:Proceedings of the 2003 Australasian Information Security Workshop, 33-41.
【10】Kang, M. H., Eppinger, B. J., Froscher, J. N., 1999a. Tools to Support Secure Enterprise Computing. In: Proceedings of the 15’th Annual Computer Security Application Conference.
【11】Kang, M. H., Froscher, J. N., Sheth, A. P., Kochut, K. J., 1999b. A Multilevel Secure Workflow Management System. In: Proceedings of 11’th Conference on Advanced Information Systems Engineering.
【12】Kang, M. H., Park, J. S., Froscher, J. N., 2001. Access Control Mechanisms for Inter-Organizational Workflow. In: Proceeding of the 6’th ACM symposium on Access Control Methods and Technologies.
【13】Knorr, K., 2000. Dynamic Access Control through Petri Net Workflows. In: Proceedings of the 16’th Annual Conference on Computer Security Application.
【14】Myers, A.C., 1999. JFlow: Practical Mostly-Static Information Flow Control. In: Proceedings of the 26’th ACM Symposium on Principles of Programming Language, 228-241.
【15】Myers, A.C., Liskov, B., 1997. A Decentralized Model for Information Flow Control. In: Proceedings of the 17’th ACM Symposium on Operating Systems Principles, 129-142.
【16】Myers, A., Liskov, B., 1998. Complete, Safe Information Flow with Decentralized Labels. In: Proceedings of the 14’th IEEE Symposium on Security and Privacy, 186-197.
【17】Myers, A., Liskov, B., 2000. Protecting Privacy using the Decentralized Label Model. ACM Transactions on Software Engineering and Methodology, 9 (4), 410-442.
【18】Nyanchama, M., Osborn, S., 1994. Access rights in Role-Based Security Systems. Database Security VIII: Status and Prospects, 37-56.
【19】Olivier, M. S., van de Riet, R. T., Gudes, E., 1998. Specifying Application-level Security in Workflow Systems. In: Proceeding of the 9’th International Workshop on Database and Expert Systems Applications, 346-351.
【20】Oracle, 2003a. http://www.oracle.com.
【21】Oracle, 2003b. http://sqlzoo.napier.ac.uk/big/B10501_01/workflow.920/a95265/toc.htm.
【22】Park J. S., Hwang, J., 2003. Role-Based Access Control for Collaborative Enterprise in Peer-to-Peer Computing Environments. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Applications, 93-99.
【23】Payne, C., Thomsen, D., Bogle, J., O’Brien, R., 1999. Napoleon: A Recipe for Workflow. In: Proceedings of the 15’th Computer Security Applications Conference, 134-142.
【24】Rumbaugh, J., Jacobson, I., Booch, G., 1999. The Unified Modeling Language Reference Manual.Addison-Wesley.
【25】Sandhu, R., 1996. Role Hierarchies and Constraints for Lattice-Based Access Controls. In: Proceedings of the Fourth European Symposium on Research in Computer Security, 65-79.
【26】Sandhu, R., Bhamidipati, V., Munawer, Q., 1999. The ARBAC97 Model for Role-Based Administration of Roles. ACM Transaction on Information and System Security, 2 (1), 105-135.
【27】Sandhu, R. S., Coyne, E. J., Feinstein, H. L., Youman, C. E., 1996. Role-Based Access Control Models. IEEE Computer, 29 (2), 38-47.
【28】SAP, 2003. http://www.sap.com.
【29】Silberschatz, A., Galvin, P. B., Gagne, G., 2002. Operating System Concepts, Sixth Edition. John Wiley & Sons.
【30】Thatte, S., 2002. Specification: Business Process Execution Language for Web Services Version 1.1.
http://www-106.ibm.com/developerworks/webservices/library/ws-bpel/.
【31】Thomas R. K., Sandhu, R. S., 1997. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. In: Proceedings of the IFIP WG11.3 Workshop on Database Security.
【32】Thomsen, D. J., 1991. Role-Based Application Design and Enforcement. Database Security IV: Status and Prospects, 151-168.
【33】Thomsen, D., O’Brien, D., Bogle, J., 1998. Role Based Access Control Framework for Network Enterprises. In: Proceedings of the 14’th Annual Computer Security Applications Conference.
【34】WfMC, 2003. http://www.wfmc.org.
【35】Wietrzyk, V. I., Takazawa, M., Orgun, M. A., Varadharajan, V., 2001. A Secure Transaction Environment for Workflows in Distributed Systems. In: Proceedings of the Eighth International Conference on Parallel and Distributed Systems, 198-205.
【36】WSBEPL, 2003. http://www.collaxa.com/home.index.jsp.
【37】Yu, M., Liu, P., Zang, W., 2003. Multi-Version Attack Recovery for Workflow Systems. In: Proceedings of the 19’th annul Computer Security Applications Conference, 142-151.
【38】Shih-Chien Chou, An-Feng Liu, and Chien-Jung Wu,2004. Preventing Information Leakage within Workflows That Execute among Competing Organizations
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top