政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/54011
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113318/144297 (79%)
Visitors : 50960849      Online Users : 950
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大典藏 > College of Commerce > Department of MIS > Theses >  Item 140.119/54011
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/54011


    Title: 服務導向企業入口網站
    Building Security Services Architecture for
    Authors: 黃邦平
    Huang, Pang Ping
    Contributors: 余千智
    Yu, Chien Chih
    黃邦平
    Huang, Pang Ping
    Keywords: 服務導向架構
    企業入口網站安全
    安全服務
    Service-Oriented Architecture
    Enterprise Portal Security
    Security Services
    Date: 2010
    Issue Date: 2012-10-24 16:08:59 (UTC+8)
    Abstract: 現今企業在建置企業入口網站時,往往面臨到入口網站相關安全標準與技術眾多且繁雜,缺乏一個整合式安全機制建置解決方案來遵從,造成企業在規劃與佈署入口網站之安全性時,產生巨大成本及導入障礙。而服務導向架構概念的出現,其分散性、組合式、標準化之特色,使得企業入口網站安全機制可以在使用網路服務技術的服務導向架構環境中,被當成一種服務呈現,並透過網際網路來公布、發現與利用。

    本研究的主要探討分析服務導向架構安全性與安全服務之相關文獻,針對企業入口網站之安全需求與現有安全性基礎結構做整合,提出一個服務導向企業入口網站安全服務架構,並利用二個企業入口網站個案來檢視此架構的安全涵蓋範圍,使企業能將服務導向式安全服務導入企業入口網站整合應用,拉高安全層級,建立一個備受使用者安全信賴的企業入口網站,進而提升企業競爭力。

    本研究的成果及效益包括:(1)分析探討企業入口網站在服務導向架構應用下所衍生的不同安全需求(2)提出一個以服務導向企業入口網站為主的安全服務架構。(3)此架構可完整支援服務導向企業入口網站安全功能,並具有因應日後企業安全需求增加的擴充彈性,能持續強化企業入口網站安全性。
    To develop Enterprise Portal System, most enterprises always meet the problem of satisfying numerous security standards and dealing with complicated programming languages. It still lacks an integrated security solution which could provide enterprises an easy way to complete this task. Therefore, this technical problem leads to an entrance barrier and significant corresponding cost to enterprises when deploying their portal. Service-Oriented Architecture is a promising framework to improve the situation. Service-Oriented Architecture framework is distributed, combinable, standardized which and develop the security mechanisms security mechanisms in Service-Oriented Architecture environment. Considering the advantage of Service-Oriented Architecture, this study explores the possibility of building Security Services for Service-Oriented Enterprise Portal. This study analyzes Service-Oriented Architecture security and security services. In addition, the authors propose a Service-Oriented security service prototype architecture for enterprise portal to meet its security requirements. This architecture can integrate service-oriented security services into enterprise portal applications and improve security level. Accordingly, it could develop a highly reliable enterprise portal and create a better competitiveness. The work done by this study includes (1) analyzes the security requirements in a service-oriented enterprise portal, (2) proposes a new framework for enterprise portal service-oriented security services, and (3) demonstrate this framework can support complete security functions for enterprise portal, be flexibility to increase security functions for demands in the future and continue to strengthen the enterprise portal security. By considering this new framework, the design a Enterprise Portal System could be more convenient and secure and it will benefit the development of enterprise in the future.
    Reference: [1.] 黃朗倩,(民國96年3月8日),台灣網路最毒駭客入侵每天5件亞洲第二,聯合晚報/3版/話題。
    [2.] 陳志誠、曾章瑞、劉用貴,2007,「企業入口網站安全議題及強化措施」,資通安全專論T96011。
    [3.] 李宜儒,2004,「Web Services應用在企業資訊整合的安全性議題及解決方案之研究」,國立台灣大學資訊管理學研究所碩士論文。
    [4.] 余千智, (2002), “第三章網路安全防護方法,“ 電子商務總論, (余千智主編), 第二版, 智勝文化事業有限公司。
    [5.] Akram, D., X. D. Chohan, X. Wang, X. Yang and R. Allan, (2005). “A Service Oriented Architecture for Portals Using Portlets.” UK e-Science AHM2005, Nottingham, UK.
    [6.] Ammon, R.v., W. Pausch and M. Schimmer, (2005). “Realisation of Service-Oriented Architecture (SOA) Using Enterprise Portal Plattforms taking the Example of Multi-Channel Sales in Banking Domains.” Wirtschaftsinformatik 2005, Ferstl et al. (Publ.), Heidelberg, Physica-Verlag, 1503-1518
    [7.] Baker, W., M. Goudie, A. Hutton, C.D. Hylender, J. Niemantsverdriet, C. Novak, D. Ostertag, C. Porter, M. Rosen, B. Sartin, P. Tippertt, (2010). ”2010 Data Breach Investigations report.” retrieved December 2010 from http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf.
    [8.] Benbya, H., G. Passiante, and N. Belbaly, (2004). “Corporate portal: a tool for knowledge management synchronization”, International Journal of Information Management, 243: 201-220.
    [9.] Beznosov, K., D.J. Flinn, S. Kawamoto, and B. Hartman, (2005) "Introduction to Web services and their security," Information Security Technical Report, 10(1): 2-14.
    [10.] Boehmer, W. (2008). “Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001.” The Second International Conference on Emerging Security Information, Systems and Technologies, 224-231.
    [11.] Breu, K. and C. J. Hemingway, (2001). “Creating the Agile Workforce.” Cranfield School of Management and Microsoft.
    [12.] Buecker, A., P. Ashley, M. Borrett, M. Lu, S. Muppidi, and N. Readshaw, (2007). “Understanding SOA Security Design and Implementation,” IBM Redbook Publication.
    [13.] Chan, E. H. W. and C. Liu, (2007). “Corporate Portals as Extranet Support for the Construction Industry in Hong Kong and Nearby Regions of China.” ITConb, 12: 181-192.
    [14.] Chappell, D. A. and T. Jewell, (2002). “Java Web Services,” O’REILLY Publications Co.
    [15.] Collins, H., (2003). “Enterprise Knowledge Portals: Next-Generation Portal Solutions for Dynamic Information Access, Better Decision Making, and Maximum Results.” American Management Association(AMACOM). 430.
    [16.] Daniel, E. M. and J. M. Ward, (2005). “Enterprise Portals: Addressing the Organisational and Individual Perspectives of Information Systems.” Proceedings of the 13th European Conference on Information Systems (ECIS 05) Regensburg, Germany., 26-28.
    [17.] Deltor, B., (2000). “The Corporate Portal as Information Infrastructure: Towards a Framework for Portal Design.” International Journal of Information Management, 20(2): 91-101.
    [18.] Dias, C., (2001). “Corporate Portals: A Literature Review of a New Concept in Information Management.” International Journal of Information Management, 21: 269-287.
    [19.] Ferguson, D.F. and M. L. Stockton (2005). “Service-Oriented Architecture: Programming Model and Product Architecture.” IBM Systems Journal, 44(4): 753–780.
    [20.] Firestone, J. M., (2003). “Enterprise Information Portals and Knowledge Management.” KMCI Press/Butterworth-Heinemann, Burlington, MA.
    [21.] Fisher, R., (1984). “Information Systems Security.” Prentice-Hall.
    [22.] Gable, J. (2004), “Innovations in Information Management Technologies.” Information Management Journal, 38(1): 28-34.
    [23.] Gartner. (2007). “Gartner Says Worldwide Portals, Process and Middleware Market Revenue Increased 16 Percent in 2006,” in Nashville, Tenn, Press Release. retrieved December 2010 from http://www.gartner.com/it/page.jsp?id=506881.
    [24.] Gollmann, D., (2006). “Computer Security, 2nd edition.” John Wiley and Sons, Inc.
    [25.] Haas, H. and A. Brown, "Web Services Glossary," retrieved June 2008 from http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/.
    [26.] Hafner, M. and R. Breu, (2008). “Security Engineering for Service-Oriented Architectures.” Springer, Berlin.
    [27.] Hafner, M., (2009). “SeAAS-A Reference Architecture for Security Services in SOA.” J.UCS Journal of Universal Computer Science, 15(15): 2916.
    [28.] Hall, C., (2000). “Enterprise Information Portals: Hot Air or Hot Technology,” Cutter Information Corp., retrieved March 2010 from http://researchindex.techrepublic.com/data/detail?id=948217627_569&type=RES&x=1392576421
    [29.] Kearney, P., “An Overview of Web Services Security,” BT Technology Journal, 22(1): 27-42.
    [30.] Kim, Y. J, A. Chaudhury, and H. R. Rao, (2002). “A Knowledge Management Perspective to Evaluation of Enterprise Portals.” Knowledge and Process Management, 9(2): 57-71.
    [31.] Kotorov, R., E. Hsu, (2001). “A model for enterprise portal management. Journal of Knowledge Management.” 5(1): 86-93.
    [32.] Krafzig, D., K. Banke, and D. Slama, (2005). “Enterprise SOA: Service Oriented Architecture Best Practices,” Prentice-Hall.
    [33.] Lillywhite, T. (1999), "How to protect your information – an introduction to BS7799." Management Services, 43(1): 20-21.
    [34.] Lim, B., Y. Sun, and J. Vila, (2004). “Incorporating WS-Security into a Web services-based Portal,” Information Management & Computer Security, 12(3): 206-217.
    [35.] Mack, R., Y. Ravin, and R. J. Byrd, (2001). “Knowledge Portals and The Emerging Digital Knowledge Workplace.” IBM Systems Journal, 40(4): 925-955.
    [36.] MacKenzie, C.M., K. Laskey, F. McCabe, P.F. Brown, R. Metz, (2006) "OASIS-Reference Model for Service Oriented Architecture 1.0.” Committee Specification 1.
    [37.] Mahmoud, Q. (2005). “Service-Oriented Architecture (SOA) and Web Services: The Road to Enterprise Application Integration (EAI).” retrieved April 2010 from http://java.sun.com/developer/technicalArticles/We-bServices/soa/
    [38.] Microsoft. (2009). "什麼是服務導向架構 (SOA)?" retrieved April 2010 fromhttp://www.microsoft.com/taiwan/soa/about/whatis.htm.
    [39.] Murray, G., (1999). "The Portal is the Desktop," Intraspect, Inc., Los Altos, CA.
    [40.] Natis, Y.V. (2003). "Service-Oriented Architecture Scenario," Gartner ID AV-19-6751.
    [41.] Neto, M., C. A., Fernandes, A. S. Ferreira, and L. M. Fernandes, (2010). “Enterprise Information Portals: Potential for Evaluating Research for Knowledge Management and Human Capital Assets Using Social Network Analysis.” 11th European Conference on Knowledge Management(ECKM 2010).
    [42.] OASIS. (2006). “Reference Model for Service Oriented Architecture 1.0,” retrieved April 2008 from http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf.
    [43.] Opincaru, C. and G. Gheorghe, (2009). “Service Oriented Security Architecture.” Enterprise Modelling and Information Systems Architectures Journal, 4(1): 39–48.
    [44.] Orrin, S. (2007). “The SOA/XML Threat Model and New XML/SOA/Web 2.0 Attacks & Threats.“, RSACONFERENCE 2008. retrieved December 2010 from http://www.lsec.be/upload_directories/documents/RSAConference2008/pdf/DEV-302.pdf
    [45.] Papazoglou, M.P., P. Traverso, S. Dustdar, and F. Leymann, (2008) “Service-Oriented Computing: a Research Roadmap,” International Journal of Cooperative Information Systems, 17(2): 223–255.
    [46.] Payne, K. P. and J. Kamruzzman, (2007). ”Services Oriented Architecture for Legal Web Portal.” 6th IEEE/ACIS International Conference on Computer and Information Science.
    [47.] Peterson, G. (2005). “Service Oriented Security Architecture.” Information Security Bulletin.
    [48.] Phifer, G. (2005). "A Portal May Be Your First Step to Leverage SOA," Gartner ID G00130149.
    [49.] Priebe, T., G. Pernul, (2003) “Towards Integrative Enterprise Knowledge Portals.” Twelfth International Conference on Information and Knowledge Management (CIKM 2003), New Orleans, LA, USA.
    [50.] Pulier, E. and H. Taylor (2006). Understanding Enterprise SOA. Manning Publications Co.
    [51.] Raol, J. M., K. S. Koong, L. C. Liu, and C. S. Yu, (2002). “An Identification and Classification of Enterprise Portal Functions and Features.” Industrial Management + Data Systems, 102(7): 390-399.
    [52.] Ratnasingam, P., (2002). “The Importance of Technology Trust in Web Services Security,” Information Management & Computer Security, 10(5):255-260.
    [53.] Sedukhin, I. (2003). “End-to-End Security for Web Services and Services Oriented Architectures.” Computer Associates, Inc.
    [54.] Sidharth, N. and J. Liu, (2007). “IAPF: A framework for enhancing web services security,” in 31st Annual International Computer Software and Applications Conference (COMPSAC), Beijing, 23–30.
    [55.] Singhal, A., T. Winograd, and K. Scarfone, (2007). "Guide to Secure Web Services," Recommendations of the National Institute of Standards and Technology (NIST). 800-895.
    [56.] Solms, V., (2000). “Information Security – The Third Wave?” Computers and Security, 19(7): 615–620.
    [57.] Terra, J. C. and C. Gordon, (2003). “Realizing the promise of corporate portals: leveraging knowledge for business success.” ButterworthHeinemann.
    [58.] Thomas, M. P., J. Burruss, L. Cinquini, G. Fox, D. Gannon, L. Gilbert, G. V. Laszewski, K. Jackson, D. Middleton, R. Moore, M. Pierce, B. Plale, A. Rajasekar, R. Regno, E. Roberts, D. Schissel, A. Seth, and W. Schroeder, (2005). “Grid Portal Architechures for Scientific Applications.” Journal of Physics: Conference Series 16, 596-600.
    [59.] Vernadat F. B., (2007). “Interoperable Enterprise Systems: Principles, Concepts and Methods.” Annual Reviews in Control 31, 237-145.
    [60.] Vo, H. T. K., C. Weinhardt and R. Wojciechowski, (2006). “Corporate Portals from A Service-Oriented Perspective the CoFiPot Implementation.” The 8th IEEE International Conference on and Enterprise Computing, E-Commerce, and E-Services(CEC/EEE’06).
    [61.] Wang W. and Y. Wang, (2009). “Research on Architecture of Information Security in Enterprise Portal,” Software Engineering, 2009. WCSE `09, 420-424.
    [62.] Washington State Department of Information Services.(2009). "Enterprise Service-Oriented Architecture (SOA) Domain Document", retrieved December 6, 2010 from http://www.dis.wa.gov/initiatives/enterprisearch/soa_intiative_domain.doc.
    [63.] Wojtkowski, W., (2007). “Collaborative Enterprise Portals, Encyclopaedia of Portal Technology and Applications.” Hershey, PA, Information Science Reference.
    [64.] Woods, D. and T. Mattern.(2006). “Enterprise SOA:Designing IT for Business Innovation.” O’Reilly.
    [65.] Yang, S., M. Yang, and J.T.B. Wu, (2005). “The impacts of establishing enterprise information portals on e-business performance. Industrial Management.” Data Systems, 105(3): 349-368.
    [66.] Youn C., (2003). “Web Services Based Architecture in Computational Web Portals,” The thesis for the degree of Doctoral of Syracuse University.
    [67.] Ziane, S. and H. Bacha, (2006). "Availability and Security for Complex Enterprise Web Services”, The Business Review, Cambridge, 5(1): 325-329.
    Description: 碩士
    國立政治大學
    資訊管理研究所
    94356042
    99
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0943560421
    Data Type: thesis
    Appears in Collections:[Department of MIS] Theses

    Files in This Item:

    File SizeFormat
    index.html0KbHTML2252View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback