1 |
可動態調整的電子病歷存取控管機制 / A Dynamically Configurable Access Control Mechanism for Electronic Medical Records許原瑞, Hsu,Yuan Jui Unknown Date (has links)
在醫療系統中,存取控管是電子病歷安全防護的核心。針對這樣的議題,我們實驗室已經有設計出一種安全的架構,利用最新的程式開發技術,剖面導向程式設計為基礎,設計出一種宣告式電子病歷安全控管的方法。這樣的設計讓安全管理者可以有系統化的控制整個系統的安全存取。但是這樣的架構下,安全規則的變動必須經過好幾道複雜的手續,造成使用上彈性不足。
本研究針對這樣的架構提出幾種改進的方式,使安全規則更動更具有彈性。主要分為兩方面,第一,針對安全規則的變數,設計可以彈性更動的方式,不需要為了更動變數而重複整個安全控管規則產生流程。第二,利用動態載入的功能,提出可以由外部Java程式寫好安全控管規則,在執行時候將該規則載入來判斷,如此對於複雜的安全控管規則也有修改的彈性。希望藉由這樣彈性的設計使我們設計的安全控管架構更能符合實際使用的需求。 / Maintaining proper access control to Electronic Medical Records (EMR) is essential to protecting patients’ privacy. However, the fine-grained and dynamic nature of access control rules for EMR has imposed great challenges on the healthcare information system developers. This thesis presents a dynamically configurable access control mechanism for Web-based EMR systems.It is an enhancement of a previous work in which static aspects are employed to enforce fine-grained access control for EMR. Specifically, we provide two additional kinds of dynamic adjustment mechanism to enhance the static access control aspects, namely dynamic parameters and dynamic constraints. If the scope of dynamic changes is small, dynamic parameters can realize the required changes. Otherwise, dynamic constraints can be used to support replacement of the access control enforcing code while allowing the EMR application running as usual. Consequently, system administrators have a fine range of choices with different trade-offs between flexibility and performance, namely fully static aspects, parameterized aspects using dynamic parameters and fully dynamic aspects using dynamic constraints. We have built a Web-based EMR prototype implementation using AspectJ to demonstrate our approach.
|
2 |
以SQL語句剖析結合剖面技術設計實作資料隱碼攻擊之防禦工具 / An Anti-SQLIA tool based on SQL parsing and aspect technology王瑛瑛, Wang, Ying Ying Unknown Date (has links)
資料隱碼攻擊(SQLIA)是一種Web應用程式弱點,這個弱點為Web客戶端輸入值隱藏攻擊字串而改變了動態產生的SQL語句結構。根據OWASP(Open Web Application Security Project)2010年的網站風險評鑑報告,資料隱碼攻擊被列為最嚴重的Web應用程式風險。資料隱碼攻擊的弱點可能讓攻擊者能夠直接存取資料庫,導致敏感性資料遭到修改或竊取,有經驗的攻擊者,甚至可以利用一個資料隱碼攻擊的漏洞,而接管整個應用系統。
在本篇論文中,我們基於資料隱碼攻擊的原理實作一個自動化的防禦工具。我們的工具以SQL語句剖析結合剖面技術實作,利用窮舉法,動態分析及動態監控應用程式所執行的SQL語句,毋須開發者學習新的程式寫法或修改應用程式,即能將防禦機制套用於應用程式(原始碼及中間碼),並透過使用者介面設定可動態調整防禦監控的範圍,提供一個有效保護WEB應用程式的資料隱碼攻擊防禦機制。 / SQL injection attack (SQLIA) is a type of attack on web applications that exploits the fact that input provided by web clients may be directly included in the dynamically generated SQL statements. According to the WASP Foundation, injection attacks, particularly SQL injection, were the most serious web application vulnerability type in 2010. By using SQLIA, an attacker may directly access the database underlying a web application and modify or expose sensitive information. A proficient attacker can even use an SQLIA to completely compromise the host system.
In this thesis, we study SQL injection attacks and develop a fully automated, configurable tool for protecting web applications against SQLIA. Our tool uses a heuristic method that combines runtime learning and runtime monitoring of valid/legal SQL statements, by parsing them to calculate and verify MD5 represented patterns (called SQL fingerprints) respectively, and is implemented in Java and AspectJ in order to achieve the goal that requires no training of developers and no modification of the legacy applications. Our evaluation results have shown this tool to be highly effective at protecting web applications from all types of SQL injection attacks.
|
3 |
設計易調整的電子病歷存取控管機制 / Using Aspects to Implement Adaptable Access Control for Electronic Medical Records張淵鈞, Chang, Yuan-chun Unknown Date (has links)
存取控管是電子病歷 (Electronic Medical Records, EMR)安全防護的核心課題。為了因應醫病關係的變動及確保病患隱私,EMR的存取控管必須滿足動態和細緻化這兩大需求。但這樣的需求並不容易實現,因為負責存取控管的程式碼具有橫跨 (cross-cutting)的特性,必須嵌入到應用系統的各個模組,很容易與應用邏輯發生夾雜不清的現象。礙於現有的程式機制和開發工具對於這樣的安全需求無法提供有效的支援,因此本研究將以剖面導向程式設計 (Aspect Oriented Programming,AOP)技術為基礎,設計一個宣告式EMR安全控管方法,。
在我們的方法中,安全控管邏輯將從EMR系統的核心抽離,並且匯集到單一的剖面 (Aspect)模組,使原有的系統更加模組化 (modularity)。此外,利用我們開發的存取控管程式碼產生器,安全管理者可以藉由宣告組態檔的方式產生EMR的存取控管程式碼。如此一來,安全管理者不僅可以容易地掌握全局、減少分散管理可能造成的疏失,更可以大幅減少維護EMR存取安全所需的時間及成本。 / This paper presents an aspect-oriented approach to providing adaptable access control framework for Electronic Medical Records (EMR) on Web-based platform. In our scheme, access control logic is decoupled from the core of application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying application using standard aspect tools. At runtime, these aspect codes will be executed to enforce the required access control without any runtime interpretation overhead. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. This will not only improve the system’s modularity but also make the task of enforcing comprehensive access control more adaptable.
|
4 |
應用剖面樣板於模型驅動開發之研究 / A Study on Realizing Model-Driven Development using Aspect Templates楊世睿, Yang, Sir-Jur Unknown Date (has links)
近年來,模型驅動的軟體開發方式已在軟體開發社群引起廣泛的討論與研究。知名的物件管理組織並提出模型驅動架構來推廣這種新的軟體開發方式。一般使用模型驅動架構觀念的開發方法多著重在模型交換、模型變更及產生程式碼的精準度,但對於應用樣板程式在產生程式的使用上卻很少有特別的規範,故本研究選擇樣板程式的應用進行探討。在模型建構方面,我們依循一般將業務性及非業務性的模型分開設計及管理的方式,以方便系統開發人員在設計模型時,可以專注於業務性的功能設計,非業務性的功能便可依系統的需求選擇特定的組合;但在程式碼產生部分,本研究則應用剖面導向程式設計中的織入方式來產生程式碼。我們以Orr, Doug所製作的原型程式為基礎,建立一個應用剖面樣板於模型驅動開發的流程,並且以一個應用實例及使用工具來闡明整體導入的過程及運用價值。經由這樣的實例,可以讓系統開發者感受應用剖面樣板於模型驅動開發所帶來的方便及效率的提昇。 / Recently, model-driven software development has attracted great attention from the software development community. The Object Management Group (OMG) has also proposed the so-called Model-Driven Architecture (MDA) to promote it. As far as we know, most system development approaches using the MDA concept emphasize on model exchange, model change and degree of preciseness on code generation and do not discuss much about the usage of templates for code generation. Therefore, this research proposes to study the code generation part of MDA using templates. Like other MDA-based approaches, our development process also design and manage functional models and non-functional models separately, allowing system developers to focus on functional models design and to easily choose existing functions for non-functional models by requirements. What makes our approach different is we add an attachment model which facilitates the code generation steps by using the weaving mechanism found in aspect-oriented programming (AOP). In this study, we elaborate the attachment model proposed by Orr, Doug and propose an example of model-driven development process using it for code generation. Moreover, we utilize the prototype of Orr, Doug’s to create a complete example which re-engineers an existing application by replacing its system platform and extending its business functions using this process.
|
5 |
以型態推演技術製作AspectFun語言編譯器 / Implementing a Type-Directed Translator for AspectFun陳忠信, Chen, Chung Hsin Unknown Date (has links)
AspectFun是一個實驗性的剖面導向函式語言,它主要的特色在於具備能以靜態織入方式實現的多型剖面、高階剖面以及依據動態流程觸發的剖面。 本論文提出一個AspectFun語言的編譯器,其編譯過程分為四個主要步驟:語法結構轉換、剖面織入、剖面轉函式與整合動態流程判斷資訊。其中剖面織入是最複雜的步驟,必須仰賴可能是多型的型態資訊,選取適當的剖面整合到程式指定的切點處。這部份的織入工作,我們的編譯器是依據一套以靜態型態推論規則發展而來的轉譯規則,先將AspectFun程式轉譯成的剖面與函式整合在一起的中介格式,再翻譯為可執行的Haskell程式來完成。此外,本系統也是使用Haskell程式語言開發,並採用Monad技術將系統模組化,以達到最佳的可維護性、擴充性與閱讀性。本論文介紹系統的實作面,解釋AspectFun系統架構、語法、原理和實作帶來的貢獻以及限制。 / AspectFun is an experimental aspect-oriented functional language. Its main features include polymorphic aspects via static weaving, second-order aspects and control-flow triggered aspects. This thesis presents a type-directed compiler for AspectFun. Our compilation processes consists of four major steps: syntax de-sugaring, aspect weaving, translating aspects to normal functions, and integrating control flow information. The most complicated one is aspect weaving. Due to polymorphism in aspects, it is completely dependent on type information inferable from the aspects and the context they are used. We base our weaving step on a set of type-directed translation rules. In particular, the weaving step is further divided into two stages. First, an AspectFun program is translated into an intermediate form in which all aspects applicable at a context are chained together and integrated with context. Second, all aspects are translated into ordinary functions and any chain of aspects are transformed to a sequence of function calls in as an executable Haskell program. Moreover, the complier itself is implemented in Haskell. We fully utilize the monad mechanism of Haskell to modularize our compiler and achieve the goals of good maintainability, extensibility and readability.
|
6 |
應用動態剖面導向技術實現用戶之間的委任權限管理 / Using Dynamic Aspects to Implement User-to-User Delegation黃啟峰 Unknown Date (has links)
對大部分的應用系統來說,在實施系統功能存取控管的同時,若沒有搭配適當的委任或委派權限的機制,將會大大影響系統用戶對存取控管限制的接受度,故本論文針對如何實現用戶間的權限委派進行探討。我們選擇以剖面導向技術開發的存取控管框架為標的,設計出一套模組化的權限委派機制,可以在不改變既有的存取控管剖面的情況下,進行用戶間的權限委派。我們採用動態剖面的技術,並結合個體層次的剖面功能,發展出可以在使用應用系統的交談期間,由用戶動態進行權限委派的啟動與關閉。此一操作方式不僅方便系統管理者進行存取控管與權限委派的設定,也讓用戶在使用上享有相當程度的彈性。我們以AspectWerkz的剖面框架為實驗平台,製作一個用戶間權限委派的展示系統。 / For many systems, access control without proper support for delegation is simply impractical. While access control has gained a considerable attention in the aspect-oriented community recently, delegation has not been properly addressed yet using aspects. This paper presents a simple yet novel approach to implementing delegation using dynamic aspects. This thesis shows that a proper combination of instance-level aspects and dynamic deployment can be used to enhance an aspect-based access control system with dynamic and fine-grained delegation effectively in a highly modular manner. We developed a prototype implementation using the per instance interception mechanism of AspectWerkz to illustrate our approach.
|
7 |
設計與實作工作流程引擎之剖面導向擴充機制 / Enhancing Workflow Engines with Aspectual Processes鍾政憲, Chung,Cheng Hsien Unknown Date (has links)
根據應用系統的功能特性可將其劃分為功能性需求(Functional Requirements)及非功能性需求(Non-functional Requirements)。功能性需求定義了系統的核心功能,而非功能性需求為系統層面的需求,且為核心模組所共用,例如logging、 authorization。雖然物件導向程式設計是目前最常被用來管理核心功能的方法論,但其對於橫跨(crosscutting)的非功能性需求則缺乏適當的模組化機制。剖面導向程式設計(Aspect-Oriented Programming)是一種新興的程式語言方法論,能夠利用新的模組化單位—aspect—有效處理橫跨性需求的模組化問題,因此本研究將剖面導向程式設計的觀念與技術運用在工作流程(Workflow)的領域中,並且以JBoss jBPM(Java Business Process Management)為基礎,設計jPDL(jBPM Process Definition Language)的剖面導向擴充語言AO4JPDL(Aspect-Oriented for jPDL),並擴充jBPM工作流程引擎(jBPM Workflow Engine),使流程設計人員能利用AO4JPDL解決橫跨性需求的模組化問題。 / Software-system is composed of functional requirements and non-functional requirements. Functional requirements define core functions of software-system. Non-functional requirements are crosscutting concerns such as logging, authorization and other elements common to many of the core modules. While object-oriented programming (OOP) is the most common methodology employed today to manage core functions, it is not enough to manage crosscutting concerns. Aspect-Oriented Programming (AOP) is a relative new methodology that specifically targeted the management of crosscutting concerns by introducing a new unit of modularization—an aspect—that realizes the concept of Separation of Concerns. Our research is to apply Aspect-Oriented Programming in the field of workflow. We implement Aspect-Oriented for jBPM Process Definition Language (AO4JPDL) and extend jBPM workflow Engine to support Aspect-Oriented Programming. AO4JPDL is a aspect-oriented extension to the jBPM Process Definition Language(jPDL). With AO4JPDL process designer can implement crosscutting concerns in aspects instead of fusing them in the core modules, resulting in a system that is easier to design, implement, and maintain.
|
8 |
剖面導向函數語言之模組化狀態處理 / Design and Implementation of Aspects for Localizing Side-Effects林佳瑩, Lin, Jia Yin Unknown Date (has links)
剖面所進行的運算通常都牽涉到狀態處理。在純粹函數式語言中,利用monadification技術添加狀態處理的剖面必須對程式碼做橫跨性的修改。本論文提出讓純粹函數式語言的剖面具備狀態處理功能,而使用者不須額外改寫既有程式碼的方法。我們提出了簡單直接的狀態操作語言機制,可以用來開發狀態處理剖面;並且設計出系統化的monadification規則,讓編譯器自動對程式碼做轉換,並維持惰性求值的特性。 / Computations performed in many typical aspects involve side effects. In a purely functional setting, adding such aspects using techniques such as monadification will generally lead to crosscutting changes. This thesis presents an approach to provide side-effecting aspects for purely lazy functional languages in a user transparent fashion. We propose a simple yet direct state manipulation construct for developing side-effecting aspects and devise a systematic monadification scheme to translate the woven code to a purely monadic style functional code. To maintain the lazy evaluation feature, the monad employed is extended with cache functionality.
|
9 |
具會談概念的網路應用程式記錄工具 / Session-aware logging utility for web applications周彥江, Chou, Yann Jiang Unknown Date (has links)
目前許多網路應用程式(web application),遵循三層式開發架構,並藉由「會談」(session)營造出具有狀態機制的環境。雖然會談能將流程串起,其重要性無庸置疑,卻因分層的關係,造成想要在任一記錄點上,取得會談資訊的困難。
本研究的目的,即在嘗試以「剖面導向程式設計」(Aspect-Oriented Programming)為基礎,希望能打造一個簡單易用的工具,將「記錄」(log)這種非功能性,屬於橫切面考量的需求,暫時排除在開發階段外,到事後再以挑選的方式,更輕鬆地加入或修改。更重要的是,將會談資訊中的使用者帳號,或可資識別的序號,內嵌在每行記錄裏,因此稱為「具會談概念的記錄」。讓記錄內容的設計者,不需再為了如何封裝、傳遞、拆解而浪費時間。因為記錄與系統開發是獨立的,即使上線後,臨時性的記錄修改需求,也不至於對既有的穩定與效能,造成重大影響,或不可復原的災難性結果。 / Logging is an important part to application development for purposes such as debugging and auditing. While there are many good frameworks and utilities for assisting logging in application development, it is still not an easy task for the logging action to provide enough information for those purposes. Specifically, the user account information in particular or the session information in general is not easy to obtain when we perform logging for a designated backend operation such as database query. The reasons are twofold. Firstly, applications do not use user accounts, but have their own accounts to access database. Secondly, the three-tiered structure of an application makes it difficult to thread the user accounts to the backend for logging.
This thesis presents an aspect-based utility for Java-based Web applications that enables developer to generate customizable logs with session information, including user accounts. Our tool employs two aspects: one predefined aspect for collecting session information and the other is generic one for producing user-defined logs at designated application points. Specifically, the tool takes a wizard-based approach that guides the user to customize the second aspect for its own target points in a user-friendly manner.
|
10 |
應用剖面技術支援病人隱私偏好的系統框架 / An aspect-based approach to supporting patients' privacy preferences李浩誠, Lee, Hao Cheng Unknown Date (has links)
近來,隨著電子病歷的日漸普及,大眾對病人隱私的關注也隨之增加。在現行的醫療資訊系統 (Healthcare Information System, HIS) 中,透過適當的權限控管機制以保障電子病歷隱私是相當普遍的作法。然而,此機制並沒有考慮到病人對於隱私資訊用途的偏好不同。因此,擴充現行醫療資訊系統的權限控管機制,以處理病人隱私偏好的需求相當迫切。
針對此議題,我們認為剖面導向程式設計 (Aspect-Oriented Programming) 技術可以成為其解決方案的重要一環。本研究試著實作一個剖面導向的管理框架,在無需大幅度改寫系統的前提之下,能夠和現有的醫療資訊系統整合,達到讓病人自訂及管理隱私偏好。該框架和現行系統的關係是鬆散耦合 (loosely coupled) 的,因此,能夠輕易地用來擴充現行的系統,以便達到支援病人自定隱私偏好的目的。 / Electronic health records are getting more and more popular these days, however, concerns for patients' privacy also increase greatly. Currently, it's not unusual for Healthcare Information System (HIS) to adopt a proper access
control mechanism to protect patients' electronic health records. Nonetheless, this design did not consider the requirements of supporting patients’ preferences regarding the use of their privacy information. Hence, it is desirable to extend the original access control system to handle patients' privacy preferences.
For this issue, we argue that Aspect-Oriented Programming (AOP) can be an important part of the solutions. This thesis presents an aspect-based preference management framework that collects and manages patients' preferences. It can be integrated with the existing HIS to support patients' privacy preferences without rewriting from scratch. The proposed mechanisms are loosely coupled
with the underlying system. It is therefore easier to use it to improve existing systems to support patients’ privacy preferences.
|
Page generated in 0.0178 seconds