政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/32728
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113648/144635 (79%)
Visitors : 51685958      Online Users : 504
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/32728


    Title: 應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管
    Authors: 林經緯
    Lin,Ching Wei
    Contributors: 陳恭
    Chen,Kung
    林經緯
    Lin,Ching Wei
    Keywords: 網路應用程式
    宣告式存取控管機制
    以角色為基礎之存取控管
    資料層次存取控管
    剖面導向程式設計
    web applications
    data-level access control
    Role-based access control
    MVC
    Aspect-oriented programming
    Date: 2004
    Issue Date: 2009-09-17 14:08:54 (UTC+8)
    Abstract: 存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中,具有橫跨(cross-cutting)的特性,卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管,對於較細緻化(fine-grained)的資料存取(data-level)控管,並未提供設定式的控管方式,還是得透過程式化(programmatic)的方式處理,所以仍然有程式橫跨性的問題。
    最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns),針對像安全橫跨性的需求,倡議在原有的物件或函式模組外,另以剖面作為這些橫跨性需求的模組單位,既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。
    Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance.
    Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective.
    Reference: 【1】 Mark. Curphey. 2002. A Guide to Building Secure Web Applications. The Open Web Applications Security Project Version 1.1.
    【2】Open Web Applications Security Project: The Top Ten Most Critical Web Applications Security Vulnerabilities. http://www.owasp.org/documentation/topten
    【3】Ross J. Anderson. 2001. Security Engineering: A Guide to Build Dependable Distributed Systems.
    【4】S Probst, J Kueng, The Need for Declarative Security Mechanisms, IEEE. September, 2004. Proceedings of the 30th EUROMICRO Conference (EUROMICRO’04) , August 31
    【5】 JBoss Group, LLC2520 Sharondale Dr.Atlanta. GA 30305 USAsales@jbossgroup.com. JBoss Administration and DevelopmentSecond Edition. 237-283.
    【6】 Harold Ossher and Peri Tarr. October 2001. Using multidimensional separation of concerns to (re)shape evolving software. Communications of the ACM vol. 44.10: 43-50
    【7】 C. Lai, L. Gong, L. Koved, A. Nadalin, and R. Schemers.1999. User Authentication And Authorization In The Java Platform. Proceedings of Annual Computer Security Applications Conference, Phoenix, Arizona, USA. 285-290.
    【8】 G. Kiczales, J. Lamping, A. Menhdhekar, C. Maeda, C. Lopes, J.-M. Loingtier, and J. Irwin. 1997. Aspect-oriented programming, in ECOOP `97 Object-Oriented Programming 11th European Conference, Finland (M. Aksit and S. Matsuoka, eds.), vol. 1241. 220-242.
    【9】 Mohamed Fayad and Douglas Schmidt. October 1997. Object-Oriented Application Frameworks. Communications of the ACM, Vol. 40. 10 : 32-38.
    【10】 B. Vanhaute, B. De Win, and B. De Decker. July 2001. Building frameworks in AspectJ. Report CW 318, Department of Computer Science, K.U.Leuven, Leuven, Belgium.
    【11】 Carlos A. Fonseca. April 2002. Extending JAAS for Class Instance-Level Authorization. IBM developerWorks, http://www-106.ibm.com/developerworks/java/library/j-jaas/.
    【12】 R. Goodwin, S.F. Goh, and F.Y. Wu. 2002. “Instance-level access control for business-to-business electronic commerce,” IBM System Journal, vol. 41. no2.
    【13】 Sun Microsystems, Inc., Java Authentication and Authorization Services, http://developer.java.sun.com/developer/technicalArticles/Security/jaasv2/ .
    【14】 K. Chen and C.M. Huang. April.2005. A Practical Aspect Framework for Enforcing Fine-Grained Access Control in Web Applicationss. First Information Security Practice and Experience Conference (ISPEC 05). LNCS 3439.156-167.
    【15】 The Struts Framework. a sub-project of Apache project. http://jakarta.apache.org/struts/
    【16】 S. Hanenberg and A. Schmidmeier. March 17, 2003. Idioms for Building Software Frameworks in AspectJ. The 2nd AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software (ACP4IS), Boston, MA.
    【17】 T. Verhanneman, L. Jaco, B. De Win, F. Piessens, and W. Joosen. November 2003. Adaptable Access Control Policies for Medical Information Systems, Distributed Applications and Interoperable Systems. 4th IFIP WG 6.1 International Conference, DAIS 2003, Paris, France, 2003, Proceedings (Stefani, J.-B. and Demeure, I. and Hagimont, D., eds.), vol 2893. 133-140.
    【18】 Sun Microsystems, Inc., Java Authentication and Authorization Services. http://developer.java.sun.com/developer/technicalArticles/Security/jaasv2/
    【19】 JPetStore, http://www.ibatis.com/jpetstore/jpetstore.html .
    【20】 James B. D. Joshi, Walid G. Aref, Arif Ghafoor, Eugene H. Spafford. 2001. Security Models for Web-based Applications. Communications of the ACM, vol. 44. 2 : 38-44.
    【21】 R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. February 1996. Role-Based Access Control Models. IEEE Computer vol.29. 2: 38–47.
    【22】 R. Goodwin, S.F. Goh, and F.Y. Wu. 2002. “Instance-level access control for business-to-business electronic commerce,” IBM System Journal, vol. 41. no. 2,
    【23】 R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, Role-Based Access Control Models. IEEE Computer 29, No. 2, 38–47 (February 1996).
    【24】 JBoss Group LLC2520 Sharondale Dr.Atlanta. JBoss Administration and DevelopmentSecond Edition .237-283.
    【25】 Filter code with Servlet 2.3 model. http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters.html .
    【26】 K. Beznosov, and Y. Deng. 2002. “Engineering Application-level Access Control in Distributed Systems,” in Handbook of Software Engineering and Knowledge Engineering. vol. 1.
    【27】 J. L. Abad-Peiro, H. Debar, T. Schweinberger, and P. Trommler.1999. PLAS - Policy Language for Authorizations. IBM Research Report RZ3126.
    【28】 Damianou, N., N. Dulay, E. Lupu, and M. Sloman. Ponder: A Language for Specifying Security and Management Policies for Distributed Systems. The Language Specification - Version 2.2. Research Report DoC 2000/1, Imperial College of Science Technology and Medicine, Department of Computing.
    【29】 E. Gamma, R. Helm, R. Johnson, J. Vlissides: Design Patterns. A.W. L. 1995. ISBN 0-201-63361-2.
    【30】 Scott Fordin.2004.Java Architecture for XML Binding http://java.sun.com/xml/jaxb/about.html.
    Description: 碩士
    國立政治大學
    資訊科學學系
    92753032
    93
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0927530321
    Data Type: thesis
    Appears in Collections:[Department of Computer Science ] Theses

    Files in This Item:

    File Description SizeFormat
    53032101.pdf44KbAdobe PDF2847View/Open
    53032102.pdf88KbAdobe PDF2758View/Open
    53032103.pdf95KbAdobe PDF21295View/Open
    53032104.pdf102KbAdobe PDF2732View/Open
    53032105.pdf159KbAdobe PDF2981View/Open
    53032106.pdf187KbAdobe PDF21110View/Open
    53032107.pdf174KbAdobe PDF2973View/Open
    53032108.pdf211KbAdobe PDF2934View/Open
    53032109.pdf231KbAdobe PDF2927View/Open
    53032110.pdf108KbAdobe PDF2946View/Open
    53032111.pdf72KbAdobe PDF2882View/Open
    53032112.pdf102KbAdobe PDF2937View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback