| dc.contributor.advisor | 陳恭 | zh_TW |
| dc.contributor.advisor | Chen , Kung | en_US |
| dc.contributor.author (Authors) | 黃植懋 | zh_TW |
| dc.contributor.author (Authors) | Huang , Chih-Mao | en_US |
| dc.creator (作者) | 黃植懋 | zh_TW |
| dc.creator (作者) | Huang , Chih-Mao | en_US |
| dc.date (日期) | 2004 | en_US |
| dc.date.accessioned | 17-Sep-2009 14:08:32 (UTC+8) | - |
| dc.date.available | 17-Sep-2009 14:08:32 (UTC+8) | - |
| dc.date.issued (上傳時間) | 17-Sep-2009 14:08:32 (UTC+8) | - |
| dc.identifier (Other Identifiers) | G0927530241 | en_US |
| dc.identifier.uri (URI) | https://nccur.lib.nccu.edu.tw/handle/140.119/32725 | - |
| dc.description (描述) | 碩士 | zh_TW |
| dc.description (描述) | 國立政治大學 | zh_TW |
| dc.description (描述) | 資訊科學學系 | zh_TW |
| dc.description (描述) | 92753024 | zh_TW |
| dc.description (描述) | 93 | zh_TW |
| dc.description.abstract (摘要) | 隨著網路應用的發達與普及,應用系統的安全防護非常重要,但是要將安全方防護方面的設計與製作做好,卻不容易。因為與安全相關的程式碼必須嵌入到應用系統的各個模組中去執行,具有橫跨(cross-cutting)的特性。在設計時,若不加以區分,仍然以一般的物件或是函式模組來將其模組化的話,往往造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象,當系統愈趨複雜時,這些問題就愈顯嚴重,結果導致系統不易維護且錯誤頻仍。最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns),針對像安全這類橫跨性的需求,倡議在原有的物件或函式模組外,另以剖面(aspect)作為這些橫跨性需求的模組單位,以大幅改善應用系統的模組性。近兩三年來,這方面的發展迅速,各種支援方面導向的程式語言與相關工具相繼推出,美國全錄公司柏拉圖實驗室發展的AspectJ語言就是一個具代表性的成果。本論文以剖面導向的原則,以AspectJ及JBossAOP為主要工具,針對Web應用程式在認證與存取控管方面的安全需求,設計與製作一套具重用性且可處理資料內容相關、細緻層級的存取控管框架。 | zh_TW |
| dc.description.abstract (摘要) | Access control is a system-wide concern that has both a generic nature and an application dependent characteristic. It is generic as many functions must be protected with restricted access, yet the rule to grant a request is highly dependent on the application state. Hence it is common to see the code for implementing access control scattered over the system and tangled with the functional code, making the system difficult to maintain. This thesis addresses this issue for Web applications by presenting a practical access control framework based on aspect-oriented programming (AOP). Our approach accommodates a wide range of access control requirements of different granularity. AOP supports the modular implementation of access control while still enables the code to get a hold of the application state. Moreover, framework technology offers a balanced view between reuse and customization. As a result, our framework is able to enforce fine-grained access control for Web applications in a highly adaptable manner. | en_US |
| dc.description.tableofcontents | 第一章 導論 .................................... 11.1 研究動機 ...................................... 11.2 研究目標 ...................................... 31.3 本論文的貢獻 .................................. 31.4 本論文的限制 .................................. 41.5 論文章節架構 .................................. 4第二章 相關研究與技術背景 ...................... 62.1 存取控管(Access Control)..................... 62.2 根據角色之存取控管(Role-Based Access Control) 72.3 存取控管架構—Reference Monitor ............... 92.4 其他相關研究 .................................. 102.5 Java認證授權服務(JAAS)....................... 102.6 剖面導向程式設計(Aspect-Oriented Programming) 122.6.1 AspectJ ..................................... 132.6.2 JBossAOP .................................... 162.7 研究平台:JPetStore電子寵物商店 ............... 18第三章 存取控管分析與Web應用程式架構 ........... 203.1 存取控管特徵分析 .............................. 203.2 存取控管aspect選擇pointcut的評估準則 .......... 233.3 Web應用程式架構中pointcut的抉擇 ............... 24第四章 使用AspectJ實做之存取控管控管框架 ....... 274.1對應存取控管之三個aspects ...................... 274.1.1 認證(Authentication aspect)................ 284.1.2 授權檢查(Precheck aspect).................. 304.1.3 資料過濾(Postfilter aspect)................ 314.2 aspect 組合之議題 ............................. 344.3 aspect組合議題下之另一組實做方式 .............. 35第五章 Aspect重用及組合機制之探討 .............. 415.1 AspectJ的限制 ................................. 415.1.1 AspectJ advice的重用性 ...................... 415.1.2 AspectJ pointcut的重用性 .................... 445.2使用JBossAOP設計之存取控管...................... 47第六章 結論..................................... 53參考文獻 .......................................... 55程式碼列表 ........................................ 59 | zh_TW |
| dc.format.extent | 79747 bytes | - |
| dc.format.extent | 110892 bytes | - |
| dc.format.extent | 106360 bytes | - |
| dc.format.extent | 107823 bytes | - |
| dc.format.extent | 152041 bytes | - |
| dc.format.extent | 337636 bytes | - |
| dc.format.extent | 168121 bytes | - |
| dc.format.extent | 215127 bytes | - |
| dc.format.extent | 191242 bytes | - |
| dc.format.extent | 109513 bytes | - |
| dc.format.extent | 103207 bytes | - |
| dc.format.extent | 113575 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.language.iso | en_US | - |
| dc.source.uri (資料來源) | http://thesis.lib.nccu.edu.tw/record/#G0927530241 | en_US |
| dc.subject (關鍵詞) | 存取控管 | zh_TW |
| dc.subject (關鍵詞) | 剖面導向程式設計 | zh_TW |
| dc.subject (關鍵詞) | 框架 | zh_TW |
| dc.subject (關鍵詞) | 網頁應用程式 | zh_TW |
| dc.subject (關鍵詞) | Access Control | en_US |
| dc.subject (關鍵詞) | Aspect-Oriented Programming | en_US |
| dc.subject (關鍵詞) | Framework | en_US |
| dc.subject (關鍵詞) | Web Applications | en_US |
| dc.title (題名) | 建構可重用與細緻化的剖面導向存取控管框架 | zh_TW |
| dc.title (題名) | Building a Reusable and Fine-grained Aspect-Oriented Access Control Framework | en_US |
| dc.type (資料類型) | thesis | en |
| dc.relation.reference (參考文獻) | 【1】ACM, Proceedings of the 1st International Conference on Aspect-Oriented Software Development, 2001, ACM Press. | zh_TW |
| dc.relation.reference (參考文獻) | 【2】ACM, Proceedings of the 2nd International Conference on Aspect-Oriented Software Development, 2002, ACM Press. | zh_TW |
| dc.relation.reference (參考文獻) | 【3】ACM, Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, 2003, ACM Press. | zh_TW |
| dc.relation.reference (參考文獻) | 【4】ACM, Proceedings of the 4th International Conference on Aspect-Oriented Software Development, 2004, ACM Press. | zh_TW |
| dc.relation.reference (參考文獻) | 【5】ACM, Proceedings of the 5th International Conference on Aspect-Oriented Software Development, 2005, ACM Press. | zh_TW |
| dc.relation.reference (參考文獻) | 【6】AOSD Tools Practitioners: | zh_TW |
| dc.relation.reference (參考文獻) | http://www.aosd.net/technology/practitioners.php | zh_TW |
| dc.relation.reference (參考文獻) | 【7】Apache Struts Web Application Framework: http://struts.apache.org/ | zh_TW |
| dc.relation.reference (參考文獻) | 【8】AspectJ website: http://www.eclipse.org/aspectj/ | zh_TW |
| dc.relation.reference (參考文獻) | 【9】AspectWerkz website: http://aspectwerkz.codehaus.org/index.html | zh_TW |
| dc.relation.reference (參考文獻) | 【10】R. Anderson, Security Engineering: A Guide to Build Dependable Distributed Systems, John Wiley & Sons, 2001. | zh_TW |
| dc.relation.reference (參考文獻) | 【11】K. Beznosov, Y. Deng, Engineering Access Control in Distributed Applications, PhD thesis, Florida International University, Miami, FL, 2000. | zh_TW |
| dc.relation.reference (參考文獻) | 【12】A. Clement, A. Colyer and M. Kersten, Aspect-Oriented Programming with AJDT, Workshop on Analysis of Aspect-Oriented Software, ECOOP 2003. | zh_TW |
| dc.relation.reference (參考文獻) | 【13】M. Curphey, et al., A Guide to Building Secure Web Applications, The Open Web Application Security Project, Version 1.1, 2002. | zh_TW |
| dc.relation.reference (參考文獻) | http://www.cgisecurity.com/owasp/html/ | zh_TW |
| dc.relation.reference (參考文獻) | 【14】B. De Win and B. De Decker, Building Frameworks in AspectJ, ECOOP 2001, Workshop on Advanced Separation of Concerns, pp.1-6. | zh_TW |
| dc.relation.reference (參考文獻) | 【15】B. De Win, W. Joosen and F. Piessens, AOSD & Security:a practical assessment, Workshop on Software engineering Properties of Languages for Aspect Technologies (SPLAT03), 2003, pp. 1-6 | zh_TW |
| dc.relation.reference (參考文獻) | 【16】B. De Win, F. Piessens, W. Joosen and T. Verhanneman, On the importance of the separation-of-concerns principle in secure software engineering, Workshop on the Application of Engineering Principles to System Security Design, 2002. | zh_TW |
| dc.relation.reference (參考文獻) | 【17】B. De Win, B. Vanhaute and B. De Decker, How Aspect oriented programming can help to build secure software, Informatica vol.26(2), 2002, pp. 141-149. | zh_TW |
| dc.relation.reference (參考文獻) | 【18】B. De Win, B. Vanhaute, B. and De Decker, Security Through Aspect-Oriented Programming, Advances in Network and Distributed Systems Security, Kluwer Academic, pp. 125-138, 2001. | zh_TW |
| dc.relation.reference (參考文獻) | 【19】M. Fayad and D. Schmidt, Object-Oriented Application Frameworks, Communications of the ACM. Vol. 40. No. 10, October 1997, pp. 32-38. | zh_TW |
| dc.relation.reference (參考文獻) | 【20】E. Gamma, R. Helm, R. Johnson, J. Vlissides: Design Patterns. A.W. L., 1995. ISBN 0-201-63361-2. | zh_TW |
| dc.relation.reference (參考文獻) | 【21】L. Giuri, and P. Iglio, Role Templates for Content-Based Access Control, Proceedings, 2nd ACM Workshop on Role-Based Access Control, Fairfax, VA (October 28–29, 1997), pp. 153-59. | zh_TW |
| dc.relation.reference (參考文獻) | 【22】R. Goodwin, S. F. Goh and F. Y. Wu, Instance-level access control for business-to-business electronic commerce, IBM System Journal, vol. 41, no. 2, 2002. | zh_TW |
| dc.relation.reference (參考文獻) | 【23】S. Hanenberg and A. Schmidmeier, Idioms for Building Software Frameworks in AspectJ, 2nd AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software (ACP4IS), Boston, MA, March 17, 2003 | zh_TW |
| dc.relation.reference (參考文獻) | 【24】S. Hanenberg and R. Unland, Using and Reusing Aspects in AspectJ, Workshop on Advanced Separation of Concerns in Object-Oriented Systems, OOPSLA, Oct. 2001 | zh_TW |
| dc.relation.reference (參考文獻) | 【25】W. Hürsch and C. Videira Lopes, Separation of Concerns, Technical Report, no. NU-CCS-95-03, 1995. | zh_TW |
| dc.relation.reference (參考文獻) | 【26】JBoss AOP website: http://www.jboss.org/products/aop, | zh_TW |
| dc.relation.reference (參考文獻) | Document download site: http://docs.jboss.org/aop/Aspectframework/ | zh_TW |
| dc.relation.reference (參考文獻) | 【27】G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm and W. Griswold, Getting Started with AspectJ, Communications of the ACM, vol. 44, no. 10, pp 59-65, October 2001. | zh_TW |
| dc.relation.reference (參考文獻) | 【28】G. Kiczales, J. Lamping, A. Menhdhekar , C. Maeda , C. Lopes, J.-M. Loingtier and J. Irwin, , Aspect-oriented programming, in ECOOP `97 Object-Oriented Programming 11th European Conference," Finland (M. Aksit and S. Matsuoka, eds.), vol. 1241, pp. 220-242, New York, NY: Springer-Verlag, 1997. | zh_TW |
| dc.relation.reference (參考文獻) | 【29】C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas, Flexible Team-based Access Control Using Contexts, Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, VA, USA, May 2001. | zh_TW |
| dc.relation.reference (參考文獻) | 【30】S. K. Tzelepi1, D. K. Koukopoulos, and G. Pangalos, A flexible Content and Contextbased Access Control Model for Multimedia Medical Image Database Systems. ACM SIGMM Electronic Proceedings, 2001. | zh_TW |
| dc.relation.reference (參考文獻) | 【31】C. Lai, L. Gong, L. Koved, A. Nadalin and R. Schemers, User Authentication And Authorization In The Java Platform, Proceedings of Annual Computer Security Applications Conference, Phoenix, Arizona, USA, 1999, pp. 285-290. | zh_TW |
| dc.relation.reference (參考文獻) | http://developer.java.sun.com/developer/technicalArticles/Security/jaasv2/ | zh_TW |
| dc.relation.reference (參考文獻) | 【32】I. Nagy, L. Bergmans, M. Aksit, Declarative Aspect Composition, Workshop on Software engineering Properties of Languages for Aspect Technologies (SPLAT04), 2004 | zh_TW |
| dc.relation.reference (參考文獻) | 【33】Open Web Application Security Project: The Top Ten Most Critical Web Application Security Vulnerabilities. | zh_TW |
| dc.relation.reference (參考文獻) | http://www.owasp.org/documentation/topten | zh_TW |
| dc.relation.reference (參考文獻) | 【34】H. Ossher and P. Tarr, Using multidimensional separation of concerns to (re)shape evolving software, Communications of the ACM, vol. 44, no. 10, pp 43-50, October 2001. | zh_TW |
| dc.relation.reference (參考文獻) | 【35】PROSE website: http://prose.ethz.ch/Wiki.jsp?page=Prose | zh_TW |
| dc.relation.reference (參考文獻) | 【36】R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, Role-Based Access Control Models, IEEE Computer, 29(2):38–47, 1996. | zh_TW |
| dc.relation.reference (參考文獻) | 【37】D. S. Goldberg, R. B. Findler, M. Flatt, Super and Inner — Together at Last!, OOPSLA 2004, October 2004 | zh_TW |
| dc.relation.reference (參考文獻) | 【38】T. Verhanneman, L. Jaco, B. De Win, F. Piessens and W. Joosen, Adaptable Access Control Policies for Medical Information Systems, Proc. of Distributed Applications and Interoperable Systems, 2003, Paris, France, LNCS 2893, pp.133-140 | zh_TW |
| dc.relation.reference (參考文獻) | 【39】E. Wohlstadter, A. Keen, S. Jackson and P. Devanbu, Accommodating Evolution in AspectJ, Workshop on Advanced Separation of Concerns in Object-Oriented Systems, OOPSLA 2001, October 2001 | zh_TW |
| dc.relation.reference (參考文獻) | 【40】林經緯, 陳恭, 運用剖面導向技術研製網路應用程式之可設定式細緻化存取控管, 第十五屆資訊安全會議(ISC2005),June 2005 | zh_TW |
