標題: 一個基於位置與角色的網頁服務動態信譽存取控制模式
A Dynamically Reputational Access Control Model Based on Location and Role for Web services
作者: 李芳儀
Lee, Fang-Yi
羅濟群
Lo, Chi-Chun
資訊管理研究所
關鍵字: 網路服務;信譽管理;以角色為基底存取控制機制;延伸存取控制標記語言;Web servicess;Reputation Management;Role-based access control;Extensible access control markup language
公開日期: 2010
摘要: 近年來服務導向架構(Service-Oriented Architecture, SOA)越來越熱門,越來越多的系統開發建置在上面。為支援服務導向架構,可藉由網路服務(Web servicess)提供一個具跨平台、整合性強、彈性大且語言獨立的系統整合環境。以網路服務做為系統應用環境的資訊安全需求,資源的存取控制是一項非常重要的安全議題。由於目前OASIS發表的XACML標準提供網路服務存取控制的方法只能單純透過辨識使用者的相關屬性、環境參數來決定是否允許存取網路服務,缺少信譽管理能力。本論文提出一個以位置為基底並兼具動態信譽管理的存取模式。Web services伺服器依據目前需求者所在之位置資訊、該需求者的角色、該需求者在此位置下信譽度、結合所有該使用者曾經拜訪過位置的整體信譽度計算、每個領域的安全度及資料傳送路徑之信賴度等參數結合政策定義之資料庫,做為存取控制之基礎。
In recent years, the Service-Oriented Architecture (SOA) has become more and more popular. Many systems have been developed architecture on SOA. To support SOA, Web servicess provide a highly integrated system environment, which fulfills the following characteristics: 1) language independence 2) multi-platforms 3) flexibility. Access control is an important security issue in Web servicess. XACML (eXtensible Access Control Language) ratified by OASIS (Organization for the Advancement of Structured Information Standards) declares access control policies which identify access authority by analyzing user attributions and environment parameters without reputation management ability. To provide more secure access control, we proposed a model which is a combination of requester’s role, location, requester’s reputation, and the trust degree of the routing path. The service provider easily calculates the requester’s access privilege with respect to a specific resource. If a requester is in an unsecure network domain, the routing path is not trusted by the service provider, or the requester’s reputation is significantly low, the requester’s access privilege will be less than the role which was initially assigned. The implementation results show that the proposed mechanism is feasible.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT079834531
http://hdl.handle.net/11536/47939
顯示於類別:畢業論文