| dc.contributor.advisor | 陳恭 | zh_TW |
| dc.contributor.advisor | Chen,Kung | en_US |
| dc.contributor.author (Authors) | 林經緯 | zh_TW |
| dc.contributor.author (Authors) | Lin,Ching Wei | en_US |
| dc.creator (作者) | 林經緯 | zh_TW |
| dc.creator (作者) | Lin,Ching Wei | en_US |
| dc.date (日期) | 2004 | en_US |
| dc.date.accessioned | 17-Sep-2009 14:08:54 (UTC+8) | - |
| dc.date.available | 17-Sep-2009 14:08:54 (UTC+8) | - |
| dc.date.issued (上傳時間) | 17-Sep-2009 14:08:54 (UTC+8) | - |
| dc.identifier (Other Identifiers) | G0927530321 | en_US |
| dc.identifier.uri (URI) | https://nccur.lib.nccu.edu.tw/handle/140.119/32728 | - |
| dc.description (描述) | 碩士 | zh_TW |
| dc.description (描述) | 國立政治大學 | zh_TW |
| dc.description (描述) | 資訊科學學系 | zh_TW |
| dc.description (描述) | 92753032 | zh_TW |
| dc.description (描述) | 93 | zh_TW |
| dc.description.abstract (摘要) | 存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中,具有橫跨(cross-cutting)的特性,卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管,對於較細緻化(fine-grained)的資料存取(data-level)控管,並未提供設定式的控管方式,還是得透過程式化(programmatic)的方式處理,所以仍然有程式橫跨性的問題。最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns),針對像安全橫跨性的需求,倡議在原有的物件或函式模組外,另以剖面作為這些橫跨性需求的模組單位,既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。 | zh_TW |
| dc.description.abstract (摘要) | Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance. Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective. | en_US |
| dc.description.tableofcontents | 第一章 導論 11.1 研究動機 11.2 研究目標 61.3 本論文的貢獻 61.4 本論文的限制 71.5 論文章節架構 7第二章 技術背景與相關研究 82.1 可設定式存取控管介紹 82.2 可設定式存取控管之系統設計 92.3 根據角色之存取控管(Role-Based Access Control) 92.4 Java Authentication and Authorization Service (JAAS) 102.5 J2EE Declarative Security 122.6 Java Architecture for XML Binding (JAXB) 13第三章 可設定式存取控管服務之實現方式 15第四章 存取控管規則語言 214.1 設計目標 214.2 規則設計 234.2.1 AccessControl 244.2.2 SystemMapping 304.3 規則訂定實務 394.3.1 存取控管的層次 394.3.2 取得存取控管所需的資料 424.3.3 存取控管規則的檢查方式 42第五章 存取控管規則的轉換 445.1 轉換流程 445.1.1 剖面框架樣版的選擇 475.1.2 覆寫模式的選擇 495.2 轉換實例 53第六章 結論 62第七章 參考文獻 64附錄A : AccessControl.xsd 67附錄B : SystemMapping.xsd 69附錄C : 剖面導向程式樣版 73C.1認證框架 73C.2授權框架 74附錄D : 存取控管剖面程式覆寫範例 77D.1認證剖面程式“PWD" 77D.2授權剖面程式“ViewOrder” 78 | zh_TW |
| dc.format.extent | 45227 bytes | - |
| dc.format.extent | 90760 bytes | - |
| dc.format.extent | 97619 bytes | - |
| dc.format.extent | 104777 bytes | - |
| dc.format.extent | 162891 bytes | - |
| dc.format.extent | 191887 bytes | - |
| dc.format.extent | 178215 bytes | - |
| dc.format.extent | 216582 bytes | - |
| dc.format.extent | 237168 bytes | - |
| dc.format.extent | 110975 bytes | - |
| dc.format.extent | 74311 bytes | - |
| dc.format.extent | 105304 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.format.mimetype | application/pdf | - |
| dc.language.iso | en_US | - |
| dc.source.uri (資料來源) | http://thesis.lib.nccu.edu.tw/record/#G0927530321 | en_US |
| dc.subject (關鍵詞) | 網路應用程式 | zh_TW |
| dc.subject (關鍵詞) | 宣告式存取控管機制 | zh_TW |
| dc.subject (關鍵詞) | 以角色為基礎之存取控管 | zh_TW |
| dc.subject (關鍵詞) | 資料層次存取控管 | zh_TW |
| dc.subject (關鍵詞) | 剖面導向程式設計 | zh_TW |
| dc.subject (關鍵詞) | web applications | en_US |
| dc.subject (關鍵詞) | data-level access control | en_US |
| dc.subject (關鍵詞) | Role-based access control | en_US |
| dc.subject (關鍵詞) | MVC | en_US |
| dc.subject (關鍵詞) | Aspect-oriented programming | en_US |
| dc.title (題名) | 應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管 | zh_TW |
| dc.type (資料類型) | thesis | en |
| dc.relation.reference (參考文獻) | 【1】 Mark. Curphey. 2002. A Guide to Building Secure Web Applications. The Open Web Applications Security Project Version 1.1. | zh_TW |
| dc.relation.reference (參考文獻) | 【2】Open Web Applications Security Project: The Top Ten Most Critical Web Applications Security Vulnerabilities. http://www.owasp.org/documentation/topten | zh_TW |
| dc.relation.reference (參考文獻) | 【3】Ross J. Anderson. 2001. Security Engineering: A Guide to Build Dependable Distributed Systems. | zh_TW |
| dc.relation.reference (參考文獻) | 【4】S Probst, J Kueng, The Need for Declarative Security Mechanisms, IEEE. September, 2004. Proceedings of the 30th EUROMICRO Conference (EUROMICRO’04) , August 31 | zh_TW |
| dc.relation.reference (參考文獻) | 【5】 JBoss Group, LLC2520 Sharondale Dr.Atlanta. GA 30305 USAsales@jbossgroup.com. JBoss Administration and DevelopmentSecond Edition. 237-283. | zh_TW |
| dc.relation.reference (參考文獻) | 【6】 Harold Ossher and Peri Tarr. October 2001. Using multidimensional separation of concerns to (re)shape evolving software. Communications of the ACM vol. 44.10: 43-50 | zh_TW |
| dc.relation.reference (參考文獻) | 【7】 C. Lai, L. Gong, L. Koved, A. Nadalin, and R. Schemers.1999. User Authentication And Authorization In The Java Platform. Proceedings of Annual Computer Security Applications Conference, Phoenix, Arizona, USA. 285-290. | zh_TW |
| dc.relation.reference (參考文獻) | 【8】 G. Kiczales, J. Lamping, A. Menhdhekar, C. Maeda, C. Lopes, J.-M. Loingtier, and J. Irwin. 1997. Aspect-oriented programming, in ECOOP `97 Object-Oriented Programming 11th European Conference, Finland (M. Aksit and S. Matsuoka, eds.), vol. 1241. 220-242. | zh_TW |
| dc.relation.reference (參考文獻) | 【9】 Mohamed Fayad and Douglas Schmidt. October 1997. Object-Oriented Application Frameworks. Communications of the ACM, Vol. 40. 10 : 32-38. | zh_TW |
| dc.relation.reference (參考文獻) | 【10】 B. Vanhaute, B. De Win, and B. De Decker. July 2001. Building frameworks in AspectJ. Report CW 318, Department of Computer Science, K.U.Leuven, Leuven, Belgium. | zh_TW |
| dc.relation.reference (參考文獻) | 【11】 Carlos A. Fonseca. April 2002. Extending JAAS for Class Instance-Level Authorization. IBM developerWorks, http://www-106.ibm.com/developerworks/java/library/j-jaas/. | zh_TW |
| dc.relation.reference (參考文獻) | 【12】 R. Goodwin, S.F. Goh, and F.Y. Wu. 2002. “Instance-level access control for business-to-business electronic commerce,” IBM System Journal, vol. 41. no2. | zh_TW |
| dc.relation.reference (參考文獻) | 【13】 Sun Microsystems, Inc., Java Authentication and Authorization Services, http://developer.java.sun.com/developer/technicalArticles/Security/jaasv2/ . | zh_TW |
| dc.relation.reference (參考文獻) | 【14】 K. Chen and C.M. Huang. April.2005. A Practical Aspect Framework for Enforcing Fine-Grained Access Control in Web Applicationss. First Information Security Practice and Experience Conference (ISPEC 05). LNCS 3439.156-167. | zh_TW |
| dc.relation.reference (參考文獻) | 【15】 The Struts Framework. a sub-project of Apache project. http://jakarta.apache.org/struts/ | zh_TW |
| dc.relation.reference (參考文獻) | 【16】 S. Hanenberg and A. Schmidmeier. March 17, 2003. Idioms for Building Software Frameworks in AspectJ. The 2nd AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software (ACP4IS), Boston, MA. | zh_TW |
| dc.relation.reference (參考文獻) | 【17】 T. Verhanneman, L. Jaco, B. De Win, F. Piessens, and W. Joosen. November 2003. Adaptable Access Control Policies for Medical Information Systems, Distributed Applications and Interoperable Systems. 4th IFIP WG 6.1 International Conference, DAIS 2003, Paris, France, 2003, Proceedings (Stefani, J.-B. and Demeure, I. and Hagimont, D., eds.), vol 2893. 133-140. | zh_TW |
| dc.relation.reference (參考文獻) | 【18】 Sun Microsystems, Inc., Java Authentication and Authorization Services. http://developer.java.sun.com/developer/technicalArticles/Security/jaasv2/ | zh_TW |
| dc.relation.reference (參考文獻) | 【19】 JPetStore, http://www.ibatis.com/jpetstore/jpetstore.html . | zh_TW |
| dc.relation.reference (參考文獻) | 【20】 James B. D. Joshi, Walid G. Aref, Arif Ghafoor, Eugene H. Spafford. 2001. Security Models for Web-based Applications. Communications of the ACM, vol. 44. 2 : 38-44. | zh_TW |
| dc.relation.reference (參考文獻) | 【21】 R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. February 1996. Role-Based Access Control Models. IEEE Computer vol.29. 2: 38–47. | zh_TW |
| dc.relation.reference (參考文獻) | 【22】 R. Goodwin, S.F. Goh, and F.Y. Wu. 2002. “Instance-level access control for business-to-business electronic commerce,” IBM System Journal, vol. 41. no. 2, | zh_TW |
| dc.relation.reference (參考文獻) | 【23】 R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, Role-Based Access Control Models. IEEE Computer 29, No. 2, 38–47 (February 1996). | zh_TW |
| dc.relation.reference (參考文獻) | 【24】 JBoss Group LLC2520 Sharondale Dr.Atlanta. JBoss Administration and DevelopmentSecond Edition .237-283. | zh_TW |
| dc.relation.reference (參考文獻) | 【25】 Filter code with Servlet 2.3 model. http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters.html . | zh_TW |
| dc.relation.reference (參考文獻) | 【26】 K. Beznosov, and Y. Deng. 2002. “Engineering Application-level Access Control in Distributed Systems,” in Handbook of Software Engineering and Knowledge Engineering. vol. 1. | zh_TW |
| dc.relation.reference (參考文獻) | 【27】 J. L. Abad-Peiro, H. Debar, T. Schweinberger, and P. Trommler.1999. PLAS - Policy Language for Authorizations. IBM Research Report RZ3126. | zh_TW |
| dc.relation.reference (參考文獻) | 【28】 Damianou, N., N. Dulay, E. Lupu, and M. Sloman. Ponder: A Language for Specifying Security and Management Policies for Distributed Systems. The Language Specification - Version 2.2. Research Report DoC 2000/1, Imperial College of Science Technology and Medicine, Department of Computing. | zh_TW |
| dc.relation.reference (參考文獻) | 【29】 E. Gamma, R. Helm, R. Johnson, J. Vlissides: Design Patterns. A.W. L. 1995. ISBN 0-201-63361-2. | zh_TW |
| dc.relation.reference (參考文獻) | 【30】 Scott Fordin.2004.Java Architecture for XML Binding http://java.sun.com/xml/jaxb/about.html. | zh_TW |
