Publications-Theses

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

題名 應用動態剖面導向技術實現用戶之間的委任權限管理
Using Dynamic Aspects to Implement User-to-User Delegation
作者 黃啟峰
貢獻者 陳恭
Chen, Kung
黃啟峰
關鍵詞 剖面導向
動態剖面
存取控管
委任
Aspect Oriented Programming
Dynamic Aspect
Access Control
Delegation
日期 2006
上傳時間 11-Sep-2009 16:04:51 (UTC+8)
摘要 對大部分的應用系統來說,在實施系統功能存取控管的同時,若沒有搭配適當的委任或委派權限的機制,將會大大影響系統用戶對存取控管限制的接受度,故本論文針對如何實現用戶間的權限委派進行探討。我們選擇以剖面導向技術開發的存取控管框架為標的,設計出一套模組化的權限委派機制,可以在不改變既有的存取控管剖面的情況下,進行用戶間的權限委派。我們採用動態剖面的技術,並結合個體層次的剖面功能,發展出可以在使用應用系統的交談期間,由用戶動態進行權限委派的啟動與關閉。此一操作方式不僅方便系統管理者進行存取控管與權限委派的設定,也讓用戶在使用上享有相當程度的彈性。我們以AspectWerkz的剖面框架為實驗平台,製作一個用戶間權限委派的展示系統。
For many systems, access control without proper support for delegation is simply impractical. While access control has gained a considerable attention in the aspect-oriented community recently, delegation has not been properly addressed yet using aspects. This paper presents a simple yet novel approach to implementing delegation using dynamic aspects. This thesis shows that a proper combination of instance-level aspects and dynamic deployment can be used to enhance an aspect-based access control system with dynamic and fine-grained delegation effectively in a highly modular manner. We developed a prototype implementation using the per instance interception mechanism of AspectWerkz to illustrate our approach.
參考文獻 [1] Mark. Curphey, et al., A Guide to Building Secure Web Applications, The Open Web Application Security Project, Version 1.1, 2002.
[2] I. Ray, R. France, N. Li, and G.. Georg, “An aspect-based approach to modeling access control concern, ”Information and Software Technology, July 2004,pp.557-587.
[3] G.. Zhang, H. Baumeister, N. Koch, and A. Knapp, “Aspect-Oriented Modeling of Access Control in Web Applications,”6th International Workshop on Aspect-Oriented Modeling, Mar. 2005; http://dawis.informatik.uni-essen.de/events/AOM_AOSD2005/papers.shtml
[4] B. De Win, B. Vanhaute, and B. De Decker, “Security Through Aspect-Oriented Programming,” Advances in Network and Distributed Systems Security, Kluwer Academic, 2001, pp.125-138.
[5] G.. George, I. Ray, and R. France, “Using Aspects to Design a Secure System,” Proc. the 8th IEEE Int’l Conf. on Engineering of Complex Computer Systems. IEEE CS Press, Dec.2002.
[6] K. Chen and C.M. Huang, ”A practical Aspect Framework for Enforcing Fine-Grained Access Control in Web Applications,”Proc. of First Information Security Practice and Experience Conference(ISPEC 2005), LNCS 3439, Springer-Verlag, 2005,pp.156-167.
[7] L. Zhang, G.. Ahn, and B. Chu, “A Rule-Based Framework for Role-Based Delegation and Revocation,” ACM Transactions on Information and System Security, Aug. 2003,pp.404-441.
[8] H. Rajan and K. Sullivan, “Eis:Instance-Level Aspects for Integrated System Design”, Proc. of the 2003 Joint European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2003),Sept. 2003.
[9] JBoss AOP project; http://www.jboss.org/products/aop
[10]. AspectWerkz project; http://aspectwerkz.codehaus.org
[11] R. Sandhu, E. Coyne, H. Feinstein, and c. Youman, “Role-based access control model,” IEEE Computer, Feb.1996,pp.38-47.
[12] K. Chen and C.M. Huang, “On Designing Access Control Aspect for Web Applications”, Workshop on Software-engineering Properties of Languages and Aspect Technologies(SPLAT 05), Mar.2005; http://www.daimi.au.dk/~eernst/splat05/.
[13] S. Hanenberg and A. Schmidmeier, “Idioms for Building Software Frameworks in AspectJ,”2nd AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software(ACP4IS), Mar. 2003; http://www.cs.ubc.ca/~ycoady/acp4is03/.
[14]. X. Zhang, S. Oh, and R. Sandhu, “PBDM:A Flexible Delegation Model in RBAC,” Proc. 8th Symposium on Access Control Models and Technologies, 2003,pp.149-157.
[15] The Apache Struts Web Application Framework:http://struts.apache.org/
描述 碩士
國立政治大學
資訊科學學系
92753016
95
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0927530161
資料類型 thesis
dc.contributor.advisor 陳恭zh_TW
dc.contributor.advisor Chen, Kungen_US
dc.contributor.author (Authors) 黃啟峰zh_TW
dc.creator (作者) 黃啟峰zh_TW
dc.date (日期) 2006en_US
dc.date.accessioned 11-Sep-2009 16:04:51 (UTC+8)-
dc.date.available 11-Sep-2009 16:04:51 (UTC+8)-
dc.date.issued (上傳時間) 11-Sep-2009 16:04:51 (UTC+8)-
dc.identifier (Other Identifiers) G0927530161en_US
dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/29698-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊科學學系zh_TW
dc.description (描述) 92753016zh_TW
dc.description (描述) 95zh_TW
dc.description.abstract (摘要) 對大部分的應用系統來說,在實施系統功能存取控管的同時,若沒有搭配適當的委任或委派權限的機制,將會大大影響系統用戶對存取控管限制的接受度,故本論文針對如何實現用戶間的權限委派進行探討。我們選擇以剖面導向技術開發的存取控管框架為標的,設計出一套模組化的權限委派機制,可以在不改變既有的存取控管剖面的情況下,進行用戶間的權限委派。我們採用動態剖面的技術,並結合個體層次的剖面功能,發展出可以在使用應用系統的交談期間,由用戶動態進行權限委派的啟動與關閉。此一操作方式不僅方便系統管理者進行存取控管與權限委派的設定,也讓用戶在使用上享有相當程度的彈性。我們以AspectWerkz的剖面框架為實驗平台,製作一個用戶間權限委派的展示系統。zh_TW
dc.description.abstract (摘要) For many systems, access control without proper support for delegation is simply impractical. While access control has gained a considerable attention in the aspect-oriented community recently, delegation has not been properly addressed yet using aspects. This paper presents a simple yet novel approach to implementing delegation using dynamic aspects. This thesis shows that a proper combination of instance-level aspects and dynamic deployment can be used to enhance an aspect-based access control system with dynamic and fine-grained delegation effectively in a highly modular manner. We developed a prototype implementation using the per instance interception mechanism of AspectWerkz to illustrate our approach.en_US
dc.description.tableofcontents 第一章 導論 1
     1.1 研究動機 2
     1.2 研究目的 3
     1.3 本論文之研究成果 5
     1.4 本論文之章節架構 5
     第二章 相關研究與技術背景 6
     2.1 AOP Framework:AspectWerkz 2.0 6
     2.2 存取控管模組化 8
     2.3 存取控管的Aspects 9
     2.4 細緻化權限控管的需求 14
     2.5 研究平台:JPetStore 電子寵物商店 15
     第三章 系統設計概觀 16
     3.1 系統設計概觀 16
     3.2 Delegation Manager 18
     3.3 Delegate Factory 21
     第四章 實作展示 30
     4.1實作流程說明 30
     4.2 AspectWerkz的Mixins機制運用 33
     第五章 系統實作展示 37
     5.1 系統管理介面 37
     5.2 效能測試 37
     第六章 結論與未來研究方向 40
     6.1 結論 40
     6.2未來研究方向 40
     第七章 參考文獻 41
     
     
     
     
     
     
     
     
     圖表目錄
     
     圖2.1:The Precheck aspect and the DeleteRecord aspect. 11
     圖2.2:aop.xml descriptor file. 12
     圖2.3:The Postfilter aspect. 13
     圖2.4:The ListRecords aspect. 14
     圖3.1:Struts-based Web applications. 17
     圖3.2:Delegation framework overview. 18
     圖3.3:Generic structure of the DelegatedRights class. 20
     圖3.4:service functions. 21
     圖3.5:Delegate Factory 的結構. 22
     圖3.6:AbstractDelegateFactory class. 22
     圖3.7:Concrete Factory class. 23
     圖3.8:PromoteRightsAction class 的method. 24
     圖3.9:RoleDelegate aspect (interceptor). 25
     圖3.10:PermissionDelegate aspect (interceptor). 26
     圖3.11:存取控管檢查跟委派權限aspect的互動關係。 27
     圖3.12:RevokeRightsAction class的method. 28
     圖3.13:AbstractRevokeFactory. 28
     圖3.14:ConcreteRevokeFactory. 29
     圖4.1:測試流程。 30
     圖4.2:DeleteOrderAction. 31
     圖4.3:PromoteRights or not. 31
     圖4.4:promote rights successfully. 32
     圖4.5:Double Authentication. 32
     圖4.6:Mixins class. 34
     圖4.7:Mixins機制在aop.xml的設定。 35
     圖4.8:UsernameDelegate片斷的程式碼。 35
     圖4.9:設定userAccount flag 和aop.xml configuration. 36
     圖5.1:系統管理介面。 37
     表5.1:實驗的測量數據。 39
zh_TW
dc.language.iso en_US-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0927530161en_US
dc.subject (關鍵詞) 剖面導向zh_TW
dc.subject (關鍵詞) 動態剖面zh_TW
dc.subject (關鍵詞) 存取控管zh_TW
dc.subject (關鍵詞) 委任zh_TW
dc.subject (關鍵詞) Aspect Oriented Programmingen_US
dc.subject (關鍵詞) Dynamic Aspecten_US
dc.subject (關鍵詞) Access Controlen_US
dc.subject (關鍵詞) Delegationen_US
dc.title (題名) 應用動態剖面導向技術實現用戶之間的委任權限管理zh_TW
dc.title (題名) Using Dynamic Aspects to Implement User-to-User Delegationen_US
dc.type (資料類型) thesisen
dc.relation.reference (參考文獻) [1] Mark. Curphey, et al., A Guide to Building Secure Web Applications, The Open Web Application Security Project, Version 1.1, 2002.zh_TW
dc.relation.reference (參考文獻) [2] I. Ray, R. France, N. Li, and G.. Georg, “An aspect-based approach to modeling access control concern, ”Information and Software Technology, July 2004,pp.557-587.zh_TW
dc.relation.reference (參考文獻) [3] G.. Zhang, H. Baumeister, N. Koch, and A. Knapp, “Aspect-Oriented Modeling of Access Control in Web Applications,”6th International Workshop on Aspect-Oriented Modeling, Mar. 2005; http://dawis.informatik.uni-essen.de/events/AOM_AOSD2005/papers.shtmlzh_TW
dc.relation.reference (參考文獻) [4] B. De Win, B. Vanhaute, and B. De Decker, “Security Through Aspect-Oriented Programming,” Advances in Network and Distributed Systems Security, Kluwer Academic, 2001, pp.125-138.zh_TW
dc.relation.reference (參考文獻) [5] G.. George, I. Ray, and R. France, “Using Aspects to Design a Secure System,” Proc. the 8th IEEE Int’l Conf. on Engineering of Complex Computer Systems. IEEE CS Press, Dec.2002.zh_TW
dc.relation.reference (參考文獻) [6] K. Chen and C.M. Huang, ”A practical Aspect Framework for Enforcing Fine-Grained Access Control in Web Applications,”Proc. of First Information Security Practice and Experience Conference(ISPEC 2005), LNCS 3439, Springer-Verlag, 2005,pp.156-167.zh_TW
dc.relation.reference (參考文獻) [7] L. Zhang, G.. Ahn, and B. Chu, “A Rule-Based Framework for Role-Based Delegation and Revocation,” ACM Transactions on Information and System Security, Aug. 2003,pp.404-441.zh_TW
dc.relation.reference (參考文獻) [8] H. Rajan and K. Sullivan, “Eis:Instance-Level Aspects for Integrated System Design”, Proc. of the 2003 Joint European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2003),Sept. 2003.zh_TW
dc.relation.reference (參考文獻) [9] JBoss AOP project; http://www.jboss.org/products/aopzh_TW
dc.relation.reference (參考文獻) [10]. AspectWerkz project; http://aspectwerkz.codehaus.orgzh_TW
dc.relation.reference (參考文獻) [11] R. Sandhu, E. Coyne, H. Feinstein, and c. Youman, “Role-based access control model,” IEEE Computer, Feb.1996,pp.38-47.zh_TW
dc.relation.reference (參考文獻) [12] K. Chen and C.M. Huang, “On Designing Access Control Aspect for Web Applications”, Workshop on Software-engineering Properties of Languages and Aspect Technologies(SPLAT 05), Mar.2005; http://www.daimi.au.dk/~eernst/splat05/.zh_TW
dc.relation.reference (參考文獻) [13] S. Hanenberg and A. Schmidmeier, “Idioms for Building Software Frameworks in AspectJ,”2nd AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software(ACP4IS), Mar. 2003; http://www.cs.ubc.ca/~ycoady/acp4is03/.zh_TW
dc.relation.reference (參考文獻) [14]. X. Zhang, S. Oh, and R. Sandhu, “PBDM:A Flexible Delegation Model in RBAC,” Proc. 8th Symposium on Access Control Models and Technologies, 2003,pp.149-157.zh_TW
dc.relation.reference (參考文獻) [15] The Apache Struts Web Application Framework:http://struts.apache.org/zh_TW