Global ETD Search

1	以SQL語句剖析結合剖面技術設計實作資料隱碼攻擊之防禦工具 / An Anti-SQLIA tool based on SQL parsing and aspect technology 王瑛瑛, Wang, Ying Ying Unknown Date (has links) 資料隱碼攻擊（SQLIA）是一種Web應用程式弱點，這個弱點為Web客戶端輸入值隱藏攻擊字串而改變了動態產生的SQL語句結構。根據OWASP(Open Web Application Security Project）2010年的網站風險評鑑報告，資料隱碼攻擊被列為最嚴重的Web應用程式風險。資料隱碼攻擊的弱點可能讓攻擊者能夠直接存取資料庫，導致敏感性資料遭到修改或竊取，有經驗的攻擊者，甚至可以利用一個資料隱碼攻擊的漏洞，而接管整個應用系統。在本篇論文中，我們基於資料隱碼攻擊的原理實作一個自動化的防禦工具。我們的工具以SQL語句剖析結合剖面技術實作，利用窮舉法，動態分析及動態監控應用程式所執行的SQL語句，毋須開發者學習新的程式寫法或修改應用程式，即能將防禦機制套用於應用程式(原始碼及中間碼)，並透過使用者介面設定可動態調整防禦監控的範圍，提供一個有效保護WEB應用程式的資料隱碼攻擊防禦機制。 / SQL injection attack (SQLIA) is a type of attack on web applications that exploits the fact that input provided by web clients may be directly included in the dynamically generated SQL statements. According to the WASP Foundation, injection attacks, particularly SQL injection, were the most serious web application vulnerability type in 2010. By using SQLIA, an attacker may directly access the database underlying a web application and modify or expose sensitive information. A proficient attacker can even use an SQLIA to completely compromise the host system. In this thesis, we study SQL injection attacks and develop a fully automated, configurable tool for protecting web applications against SQLIA. Our tool uses a heuristic method that combines runtime learning and runtime monitoring of valid/legal SQL statements, by parsing them to calculate and verify MD5 represented patterns (called SQL fingerprints) respectively, and is implemented in Java and AspectJ in order to achieve the goal that requires no training of developers and no modification of the legacy applications. Our evaluation results have shown this tool to be highly effective at protecting web applications from all types of SQL injection attacks. 剖面導向程式設計剖面資料隱碼攻擊 AOP Aspect SQLIA
2	設計易調整的電子病歷存取控管機制 / Using Aspects to Implement Adaptable Access Control for Electronic Medical Records 張淵鈞, Chang, Yuan-chun Unknown Date (has links) 存取控管是電子病歷 (Electronic Medical Records, EMR)安全防護的核心課題。為了因應醫病關係的變動及確保病患隱私，EMR的存取控管必須滿足動態和細緻化這兩大需求。但這樣的需求並不容易實現，因為負責存取控管的程式碼具有橫跨 (cross-cutting)的特性，必須嵌入到應用系統的各個模組，很容易與應用邏輯發生夾雜不清的現象。礙於現有的程式機制和開發工具對於這樣的安全需求無法提供有效的支援，因此本研究將以剖面導向程式設計 (Aspect Oriented Programming，AOP)技術為基礎，設計一個宣告式EMR安全控管方法，。在我們的方法中，安全控管邏輯將從EMR系統的核心抽離，並且匯集到單一的剖面 (Aspect)模組，使原有的系統更加模組化 (modularity)。此外，利用我們開發的存取控管程式碼產生器，安全管理者可以藉由宣告組態檔的方式產生EMR的存取控管程式碼。如此一來，安全管理者不僅可以容易地掌握全局、減少分散管理可能造成的疏失，更可以大幅減少維護EMR存取安全所需的時間及成本。 / This paper presents an aspect-oriented approach to providing adaptable access control framework for Electronic Medical Records (EMR) on Web-based platform. In our scheme, access control logic is decoupled from the core of application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying application using standard aspect tools. At runtime, these aspect codes will be executed to enforce the required access control without any runtime interpretation overhead. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. This will not only improve the system’s modularity but also make the task of enforcing comprehensive access control more adaptable. 剖面導向程式設計電子病歷存取控管 Aspect Oriented Programming Electronic Medical Records Access Control
3	應用剖面樣板於模型驅動開發之研究 / A Study on Realizing Model-Driven Development using Aspect Templates 楊世睿, Yang, Sir-Jur Unknown Date (has links) 近年來，模型驅動的軟體開發方式已在軟體開發社群引起廣泛的討論與研究。知名的物件管理組織並提出模型驅動架構來推廣這種新的軟體開發方式。一般使用模型驅動架構觀念的開發方法多著重在模型交換、模型變更及產生程式碼的精準度，但對於應用樣板程式在產生程式的使用上卻很少有特別的規範，故本研究選擇樣板程式的應用進行探討。在模型建構方面，我們依循一般將業務性及非業務性的模型分開設計及管理的方式，以方便系統開發人員在設計模型時，可以專注於業務性的功能設計，非業務性的功能便可依系統的需求選擇特定的組合；但在程式碼產生部分，本研究則應用剖面導向程式設計中的織入方式來產生程式碼。我們以Orr, Doug所製作的原型程式為基礎，建立一個應用剖面樣板於模型驅動開發的流程，並且以一個應用實例及使用工具來闡明整體導入的過程及運用價值。經由這樣的實例，可以讓系統開發者感受應用剖面樣板於模型驅動開發所帶來的方便及效率的提昇。 / Recently, model-driven software development has attracted great attention from the software development community. The Object Management Group (OMG) has also proposed the so-called Model-Driven Architecture (MDA) to promote it. As far as we know, most system development approaches using the MDA concept emphasize on model exchange, model change and degree of preciseness on code generation and do not discuss much about the usage of templates for code generation. Therefore, this research proposes to study the code generation part of MDA using templates. Like other MDA-based approaches, our development process also design and manage functional models and non-functional models separately, allowing system developers to focus on functional models design and to easily choose existing functions for non-functional models by requirements. What makes our approach different is we add an attachment model which facilitates the code generation steps by using the weaving mechanism found in aspect-oriented programming (AOP). In this study, we elaborate the attachment model proposed by Orr, Doug and propose an example of model-driven development process using it for code generation. Moreover, we utilize the prototype of Orr, Doug’s to create a complete example which re-engineers an existing application by replacing its system platform and extending its business functions using this process. 模型驅動開發剖面導向程式設計樣板程式 Model-Driven Development Aspect Oriented Programming Templates
4	以型態推演技術製作AspectFun語言編譯器 / Implementing a Type-Directed Translator for AspectFun 陳忠信, Chen, Chung Hsin Unknown Date (has links) AspectFun是一個實驗性的剖面導向函式語言，它主要的特色在於具備能以靜態織入方式實現的多型剖面、高階剖面以及依據動態流程觸發的剖面。本論文提出一個AspectFun語言的編譯器，其編譯過程分為四個主要步驟：語法結構轉換、剖面織入、剖面轉函式與整合動態流程判斷資訊。其中剖面織入是最複雜的步驟，必須仰賴可能是多型的型態資訊，選取適當的剖面整合到程式指定的切點處。這部份的織入工作，我們的編譯器是依據一套以靜態型態推論規則發展而來的轉譯規則，先將AspectFun程式轉譯成的剖面與函式整合在一起的中介格式，再翻譯為可執行的Haskell程式來完成。此外，本系統也是使用Haskell程式語言開發，並採用Monad技術將系統模組化，以達到最佳的可維護性、擴充性與閱讀性。本論文介紹系統的實作面，解釋AspectFun系統架構、語法、原理和實作帶來的貢獻以及限制。 / AspectFun is an experimental aspect-oriented functional language. Its main features include polymorphic aspects via static weaving, second-order aspects and control-flow triggered aspects. This thesis presents a type-directed compiler for AspectFun. Our compilation processes consists of four major steps: syntax de-sugaring, aspect weaving, translating aspects to normal functions, and integrating control flow information. The most complicated one is aspect weaving. Due to polymorphism in aspects, it is completely dependent on type information inferable from the aspects and the context they are used. We base our weaving step on a set of type-directed translation rules. In particular, the weaving step is further divided into two stages. First, an AspectFun program is translated into an intermediate form in which all aspects applicable at a context are chained together and integrated with context. Second, all aspects are translated into ordinary functions and any chain of aspects are transformed to a sequence of function calls in as an executable Haskell program. Moreover, the complier itself is implemented in Haskell. We fully utilize the monad mechanism of Haskell to modularize our compiler and achieve the goals of good maintainability, extensibility and readability. 型態系統型態推論剖面導向程式設計 Type system Type inference Aspect-oriented programming
5	具會談概念的網路應用程式記錄工具 / Session-aware logging utility for web applications 周彥江, Chou, Yann Jiang Unknown Date (has links) 目前許多網路應用程式（web application），遵循三層式開發架構，並藉由「會談」（session）營造出具有狀態機制的環境。雖然會談能將流程串起，其重要性無庸置疑，卻因分層的關係，造成想要在任一記錄點上，取得會談資訊的困難。本研究的目的，即在嘗試以「剖面導向程式設計」（Aspect-Oriented Programming）為基礎，希望能打造一個簡單易用的工具，將「記錄」（log）這種非功能性，屬於橫切面考量的需求，暫時排除在開發階段外，到事後再以挑選的方式，更輕鬆地加入或修改。更重要的是，將會談資訊中的使用者帳號，或可資識別的序號，內嵌在每行記錄裏，因此稱為「具會談概念的記錄」。讓記錄內容的設計者，不需再為了如何封裝、傳遞、拆解而浪費時間。因為記錄與系統開發是獨立的，即使上線後，臨時性的記錄修改需求，也不至於對既有的穩定與效能，造成重大影響，或不可復原的災難性結果。 / Logging is an important part to application development for purposes such as debugging and auditing. While there are many good frameworks and utilities for assisting logging in application development, it is still not an easy task for the logging action to provide enough information for those purposes. Specifically, the user account information in particular or the session information in general is not easy to obtain when we perform logging for a designated backend operation such as database query. The reasons are twofold. Firstly, applications do not use user accounts, but have their own accounts to access database. Secondly, the three-tiered structure of an application makes it difficult to thread the user accounts to the backend for logging. This thesis presents an aspect-based utility for Java-based Web applications that enables developer to generate customizable logs with session information, including user accounts. Our tool employs two aspects: one predefined aspect for collecting session information and the other is generic one for producing user-defined logs at designated application points. Specifically, the tool takes a wizard-based approach that guides the user to customize the second aspect for its own target points in a user-friendly manner. 網路應用程式會談記錄剖面導向程式設計 web application session log aspect-oriented programming
6	建構可重用與細緻化的剖面導向存取控管框架 / Building a Reusable and Fine-grained Aspect-Oriented Access Control Framework 黃植懋, Huang , Chih-Mao Unknown Date (has links) 隨著網路應用的發達與普及，應用系統的安全防護非常重要，但是要將安全方防護方面的設計與製作做好，卻不容易。因為與安全相關的程式碼必須嵌入到應用系統的各個模組中去執行，具有橫跨（cross-cutting）的特性。在設計時，若不加以區分，仍然以一般的物件或是函式模組來將其模組化的話，往往造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象，當系統愈趨複雜時，這些問題就愈顯嚴重，結果導致系統不易維護且錯誤頻仍。最近興起的剖面導向程式設計（Aspect-Oriented Programming）基於關注分離的原則（Separation of Concerns），針對像安全這類橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面（aspect）作為這些橫跨性需求的模組單位，以大幅改善應用系統的模組性。近兩三年來，這方面的發展迅速，各種支援方面導向的程式語言與相關工具相繼推出，美國全錄公司柏拉圖實驗室發展的AspectJ語言就是一個具代表性的成果。本論文以剖面導向的原則，以AspectJ及JBossAOP為主要工具，針對Web應用程式在認證與存取控管方面的安全需求，設計與製作一套具重用性且可處理資料內容相關、細緻層級的存取控管框架。 / Access control is a system-wide concern that has both a generic nature and an application dependent characteristic. It is generic as many functions must be protected with restricted access, yet the rule to grant a request is highly dependent on the application state. Hence it is common to see the code for implementing access control scattered over the system and tangled with the functional code, making the system difficult to maintain. This thesis addresses this issue for Web applications by presenting a practical access control framework based on aspect-oriented programming (AOP). Our approach accommodates a wide range of access control requirements of different granularity. AOP supports the modular implementation of access control while still enables the code to get a hold of the application state. Moreover, framework technology offers a balanced view between reuse and customization. As a result, our framework is able to enforce fine-grained access control for Web applications in a highly adaptable manner. 存取控管剖面導向程式設計框架網頁應用程式 Access Control Aspect-Oriented Programming Framework Web Applications
7	利用剖面織入技術偵測Java程式中的記憶體漏失 / Aspect-Based Instrumentation for Locating 陳鉅秉, Chen,Ju-Bing Unknown Date (has links) Despite the built-in garbage collector, Java programs can still suffer the memory leak problem resulted from the unhealthy programming style of retaining unwanted references. This paper presents an aspect-based tool for assisting programmers in locating such references to fix the problem. This tool, FindLeaks, utilizes an aspect to collect memory consumption statistics and object references created during a program’s execution and analyzes them for detecting memory leaks. The distinctive feature of FindLeaks is that it reports not only suspected classes of leaked objects but also where in the source the unwanted references were created. Besides, this paper also reports our experience with FindLeaks on three open source Java programs and how we enhanced it to lower its overhead. 記憶體漏失垃圾回收器程式織入剖面導向程式設計 memory leak garbage collection code instrumentation aspect-oriented programming AspectJ
8	以靜態織入方法實現剖面導向工作流程 / Design and Implementation of a Static Weaver for Aspectual Workflow 許朝傑, Hsu, Chao Chieh Unknown Date (has links) 現今的應用系統中常會有橫跨性(Cross-Cutting)的程式模組存在，這類程式模組包括：日誌記錄、授權認證、資料永存性等，而這種程式模組在系統中若沒有被區分抽離出來，常常會導致系統重複出現與主要功能需求無關的程式碼，除此之外，這些橫跨性需求的程式碼還會與主要功能需求程式碼糾結在一起，造成程式碼夾雜不清的現象。在工作流程(Workflow)的開發過程中也有著相同的問題。為了解決上述的問題，本研究以JBoss jBPM(Java Business Process Manage- ment)為基礎平台，將剖面導向程式設計(Aspect-Oriented Progra- mming)的觀念與技術運用在工作流程的領域中，使流程設計人員能夠利用AOP的方式來解決橫跨性需求的模組化問題，並且利用靜態織入方法，改善jBPM工作流程引擎進行剖面流程在織入時的效能。 / Cross-cutting concerns are those system design issues that cut across the various modules of an application and are typically foundational system services that we need to consider before diving into building an application. Most common among these are logging, authentication, authorization, and persistence. Cross-cutting concerns always cause program code to be scattered and tangled, and therefore make it harder to understand and maintain. Similar problem also occurs in the field of workflow. In our research, we apply the concept of aspect-oriented programming(AOP) to the field of workflow system, and implement a static weaver for jBPM. With static weaver, process designer can use the facilities of AOP, and the performance is also improved via static weaving . 剖面導向程式設計工作流程流程描述語言靜態織入橫跨性流程 aspect-oriented programming workflow jPDL static weaving cross-cutting concerns
9	應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管林經緯, Lin,Ching Wei Unknown Date (has links) 存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中，具有橫跨(cross-cutting)的特性，卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管，對於較細緻化(fine-grained)的資料存取(data-level)控管，並未提供設定式的控管方式，還是得透過程式化(programmatic)的方式處理，所以仍然有程式橫跨性的問題。最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns)，針對像安全橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面作為這些橫跨性需求的模組單位，既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。 / Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance. Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective. 網路應用程式宣告式存取控管機制以角色為基礎之存取控管資料層次存取控管剖面導向程式設計 web applications data-level access control Role-based access control MVC Aspect-oriented programming

1	以SQL語句剖析結合剖面技術設計實作資料隱碼攻擊之防禦工具 / An Anti-SQLIA tool based on SQL parsing and aspect technology 王瑛瑛, Wang, Ying Ying Unknown Date (has links) 資料隱碼攻擊（SQLIA）是一種Web應用程式弱點，這個弱點為Web客戶端輸入值隱藏攻擊字串而改變了動態產生的SQL語句結構。根據OWASP(Open Web Application Security Project）2010年的網站風險評鑑報告，資料隱碼攻擊被列為最嚴重的Web應用程式風險。資料隱碼攻擊的弱點可能讓攻擊者能夠直接存取資料庫，導致敏感性資料遭到修改或竊取，有經驗的攻擊者，甚至可以利用一個資料隱碼攻擊的漏洞，而接管整個應用系統。在本篇論文中，我們基於資料隱碼攻擊的原理實作一個自動化的防禦工具。我們的工具以SQL語句剖析結合剖面技術實作，利用窮舉法，動態分析及動態監控應用程式所執行的SQL語句，毋須開發者學習新的程式寫法或修改應用程式，即能將防禦機制套用於應用程式(原始碼及中間碼)，並透過使用者介面設定可動態調整防禦監控的範圍，提供一個有效保護WEB應用程式的資料隱碼攻擊防禦機制。 / SQL injection attack (SQLIA) is a type of attack on web applications that exploits the fact that input provided by web clients may be directly included in the dynamically generated SQL statements. According to the WASP Foundation, injection attacks, particularly SQL injection, were the most serious web application vulnerability type in 2010. By using SQLIA, an attacker may directly access the database underlying a web application and modify or expose sensitive information. A proficient attacker can even use an SQLIA to completely compromise the host system. In this thesis, we study SQL injection attacks and develop a fully automated, configurable tool for protecting web applications against SQLIA. Our tool uses a heuristic method that combines runtime learning and runtime monitoring of valid/legal SQL statements, by parsing them to calculate and verify MD5 represented patterns (called SQL fingerprints) respectively, and is implemented in Java and AspectJ in order to achieve the goal that requires no training of developers and no modification of the legacy applications. Our evaluation results have shown this tool to be highly effective at protecting web applications from all types of SQL injection attacks. 剖面導向程式設計剖面資料隱碼攻擊 AOP Aspect SQLIA
2	設計易調整的電子病歷存取控管機制 / Using Aspects to Implement Adaptable Access Control for Electronic Medical Records 張淵鈞, Chang, Yuan-chun Unknown Date (has links) 存取控管是電子病歷 (Electronic Medical Records, EMR)安全防護的核心課題。為了因應醫病關係的變動及確保病患隱私，EMR的存取控管必須滿足動態和細緻化這兩大需求。但這樣的需求並不容易實現，因為負責存取控管的程式碼具有橫跨 (cross-cutting)的特性，必須嵌入到應用系統的各個模組，很容易與應用邏輯發生夾雜不清的現象。礙於現有的程式機制和開發工具對於這樣的安全需求無法提供有效的支援，因此本研究將以剖面導向程式設計 (Aspect Oriented Programming，AOP)技術為基礎，設計一個宣告式EMR安全控管方法，。在我們的方法中，安全控管邏輯將從EMR系統的核心抽離，並且匯集到單一的剖面 (Aspect)模組，使原有的系統更加模組化 (modularity)。此外，利用我們開發的存取控管程式碼產生器，安全管理者可以藉由宣告組態檔的方式產生EMR的存取控管程式碼。如此一來，安全管理者不僅可以容易地掌握全局、減少分散管理可能造成的疏失，更可以大幅減少維護EMR存取安全所需的時間及成本。 / This paper presents an aspect-oriented approach to providing adaptable access control framework for Electronic Medical Records (EMR) on Web-based platform. In our scheme, access control logic is decoupled from the core of application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying application using standard aspect tools. At runtime, these aspect codes will be executed to enforce the required access control without any runtime interpretation overhead. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. This will not only improve the system’s modularity but also make the task of enforcing comprehensive access control more adaptable. 剖面導向程式設計電子病歷存取控管 Aspect Oriented Programming Electronic Medical Records Access Control
3	應用剖面樣板於模型驅動開發之研究 / A Study on Realizing Model-Driven Development using Aspect Templates 楊世睿, Yang, Sir-Jur Unknown Date (has links) 近年來，模型驅動的軟體開發方式已在軟體開發社群引起廣泛的討論與研究。知名的物件管理組織並提出模型驅動架構來推廣這種新的軟體開發方式。一般使用模型驅動架構觀念的開發方法多著重在模型交換、模型變更及產生程式碼的精準度，但對於應用樣板程式在產生程式的使用上卻很少有特別的規範，故本研究選擇樣板程式的應用進行探討。在模型建構方面，我們依循一般將業務性及非業務性的模型分開設計及管理的方式，以方便系統開發人員在設計模型時，可以專注於業務性的功能設計，非業務性的功能便可依系統的需求選擇特定的組合；但在程式碼產生部分，本研究則應用剖面導向程式設計中的織入方式來產生程式碼。我們以Orr, Doug所製作的原型程式為基礎，建立一個應用剖面樣板於模型驅動開發的流程，並且以一個應用實例及使用工具來闡明整體導入的過程及運用價值。經由這樣的實例，可以讓系統開發者感受應用剖面樣板於模型驅動開發所帶來的方便及效率的提昇。 / Recently, model-driven software development has attracted great attention from the software development community. The Object Management Group (OMG) has also proposed the so-called Model-Driven Architecture (MDA) to promote it. As far as we know, most system development approaches using the MDA concept emphasize on model exchange, model change and degree of preciseness on code generation and do not discuss much about the usage of templates for code generation. Therefore, this research proposes to study the code generation part of MDA using templates. Like other MDA-based approaches, our development process also design and manage functional models and non-functional models separately, allowing system developers to focus on functional models design and to easily choose existing functions for non-functional models by requirements. What makes our approach different is we add an attachment model which facilitates the code generation steps by using the weaving mechanism found in aspect-oriented programming (AOP). In this study, we elaborate the attachment model proposed by Orr, Doug and propose an example of model-driven development process using it for code generation. Moreover, we utilize the prototype of Orr, Doug’s to create a complete example which re-engineers an existing application by replacing its system platform and extending its business functions using this process. 模型驅動開發剖面導向程式設計樣板程式 Model-Driven Development Aspect Oriented Programming Templates
4	以型態推演技術製作AspectFun語言編譯器 / Implementing a Type-Directed Translator for AspectFun 陳忠信, Chen, Chung Hsin Unknown Date (has links) AspectFun是一個實驗性的剖面導向函式語言，它主要的特色在於具備能以靜態織入方式實現的多型剖面、高階剖面以及依據動態流程觸發的剖面。本論文提出一個AspectFun語言的編譯器，其編譯過程分為四個主要步驟：語法結構轉換、剖面織入、剖面轉函式與整合動態流程判斷資訊。其中剖面織入是最複雜的步驟，必須仰賴可能是多型的型態資訊，選取適當的剖面整合到程式指定的切點處。這部份的織入工作，我們的編譯器是依據一套以靜態型態推論規則發展而來的轉譯規則，先將AspectFun程式轉譯成的剖面與函式整合在一起的中介格式，再翻譯為可執行的Haskell程式來完成。此外，本系統也是使用Haskell程式語言開發，並採用Monad技術將系統模組化，以達到最佳的可維護性、擴充性與閱讀性。本論文介紹系統的實作面，解釋AspectFun系統架構、語法、原理和實作帶來的貢獻以及限制。 / AspectFun is an experimental aspect-oriented functional language. Its main features include polymorphic aspects via static weaving, second-order aspects and control-flow triggered aspects. This thesis presents a type-directed compiler for AspectFun. Our compilation processes consists of four major steps: syntax de-sugaring, aspect weaving, translating aspects to normal functions, and integrating control flow information. The most complicated one is aspect weaving. Due to polymorphism in aspects, it is completely dependent on type information inferable from the aspects and the context they are used. We base our weaving step on a set of type-directed translation rules. In particular, the weaving step is further divided into two stages. First, an AspectFun program is translated into an intermediate form in which all aspects applicable at a context are chained together and integrated with context. Second, all aspects are translated into ordinary functions and any chain of aspects are transformed to a sequence of function calls in as an executable Haskell program. Moreover, the complier itself is implemented in Haskell. We fully utilize the monad mechanism of Haskell to modularize our compiler and achieve the goals of good maintainability, extensibility and readability. 型態系統型態推論剖面導向程式設計 Type system Type inference Aspect-oriented programming
5	具會談概念的網路應用程式記錄工具 / Session-aware logging utility for web applications 周彥江, Chou, Yann Jiang Unknown Date (has links) 目前許多網路應用程式（web application），遵循三層式開發架構，並藉由「會談」（session）營造出具有狀態機制的環境。雖然會談能將流程串起，其重要性無庸置疑，卻因分層的關係，造成想要在任一記錄點上，取得會談資訊的困難。本研究的目的，即在嘗試以「剖面導向程式設計」（Aspect-Oriented Programming）為基礎，希望能打造一個簡單易用的工具，將「記錄」（log）這種非功能性，屬於橫切面考量的需求，暫時排除在開發階段外，到事後再以挑選的方式，更輕鬆地加入或修改。更重要的是，將會談資訊中的使用者帳號，或可資識別的序號，內嵌在每行記錄裏，因此稱為「具會談概念的記錄」。讓記錄內容的設計者，不需再為了如何封裝、傳遞、拆解而浪費時間。因為記錄與系統開發是獨立的，即使上線後，臨時性的記錄修改需求，也不至於對既有的穩定與效能，造成重大影響，或不可復原的災難性結果。 / Logging is an important part to application development for purposes such as debugging and auditing. While there are many good frameworks and utilities for assisting logging in application development, it is still not an easy task for the logging action to provide enough information for those purposes. Specifically, the user account information in particular or the session information in general is not easy to obtain when we perform logging for a designated backend operation such as database query. The reasons are twofold. Firstly, applications do not use user accounts, but have their own accounts to access database. Secondly, the three-tiered structure of an application makes it difficult to thread the user accounts to the backend for logging. This thesis presents an aspect-based utility for Java-based Web applications that enables developer to generate customizable logs with session information, including user accounts. Our tool employs two aspects: one predefined aspect for collecting session information and the other is generic one for producing user-defined logs at designated application points. Specifically, the tool takes a wizard-based approach that guides the user to customize the second aspect for its own target points in a user-friendly manner. 網路應用程式會談記錄剖面導向程式設計 web application session log aspect-oriented programming
6	建構可重用與細緻化的剖面導向存取控管框架 / Building a Reusable and Fine-grained Aspect-Oriented Access Control Framework 黃植懋, Huang , Chih-Mao Unknown Date (has links) 隨著網路應用的發達與普及，應用系統的安全防護非常重要，但是要將安全方防護方面的設計與製作做好，卻不容易。因為與安全相關的程式碼必須嵌入到應用系統的各個模組中去執行，具有橫跨（cross-cutting）的特性。在設計時，若不加以區分，仍然以一般的物件或是函式模組來將其模組化的話，往往造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象，當系統愈趨複雜時，這些問題就愈顯嚴重，結果導致系統不易維護且錯誤頻仍。最近興起的剖面導向程式設計（Aspect-Oriented Programming）基於關注分離的原則（Separation of Concerns），針對像安全這類橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面（aspect）作為這些橫跨性需求的模組單位，以大幅改善應用系統的模組性。近兩三年來，這方面的發展迅速，各種支援方面導向的程式語言與相關工具相繼推出，美國全錄公司柏拉圖實驗室發展的AspectJ語言就是一個具代表性的成果。本論文以剖面導向的原則，以AspectJ及JBossAOP為主要工具，針對Web應用程式在認證與存取控管方面的安全需求，設計與製作一套具重用性且可處理資料內容相關、細緻層級的存取控管框架。 / Access control is a system-wide concern that has both a generic nature and an application dependent characteristic. It is generic as many functions must be protected with restricted access, yet the rule to grant a request is highly dependent on the application state. Hence it is common to see the code for implementing access control scattered over the system and tangled with the functional code, making the system difficult to maintain. This thesis addresses this issue for Web applications by presenting a practical access control framework based on aspect-oriented programming (AOP). Our approach accommodates a wide range of access control requirements of different granularity. AOP supports the modular implementation of access control while still enables the code to get a hold of the application state. Moreover, framework technology offers a balanced view between reuse and customization. As a result, our framework is able to enforce fine-grained access control for Web applications in a highly adaptable manner. 存取控管剖面導向程式設計框架網頁應用程式 Access Control Aspect-Oriented Programming Framework Web Applications
7	利用剖面織入技術偵測Java程式中的記憶體漏失 / Aspect-Based Instrumentation for Locating 陳鉅秉, Chen,Ju-Bing Unknown Date (has links) Despite the built-in garbage collector, Java programs can still suffer the memory leak problem resulted from the unhealthy programming style of retaining unwanted references. This paper presents an aspect-based tool for assisting programmers in locating such references to fix the problem. This tool, FindLeaks, utilizes an aspect to collect memory consumption statistics and object references created during a program’s execution and analyzes them for detecting memory leaks. The distinctive feature of FindLeaks is that it reports not only suspected classes of leaked objects but also where in the source the unwanted references were created. Besides, this paper also reports our experience with FindLeaks on three open source Java programs and how we enhanced it to lower its overhead. 記憶體漏失垃圾回收器程式織入剖面導向程式設計 memory leak garbage collection code instrumentation aspect-oriented programming AspectJ
8	以靜態織入方法實現剖面導向工作流程 / Design and Implementation of a Static Weaver for Aspectual Workflow 許朝傑, Hsu, Chao Chieh Unknown Date (has links) 現今的應用系統中常會有橫跨性(Cross-Cutting)的程式模組存在，這類程式模組包括：日誌記錄、授權認證、資料永存性等，而這種程式模組在系統中若沒有被區分抽離出來，常常會導致系統重複出現與主要功能需求無關的程式碼，除此之外，這些橫跨性需求的程式碼還會與主要功能需求程式碼糾結在一起，造成程式碼夾雜不清的現象。在工作流程(Workflow)的開發過程中也有著相同的問題。為了解決上述的問題，本研究以JBoss jBPM(Java Business Process Manage- ment)為基礎平台，將剖面導向程式設計(Aspect-Oriented Progra- mming)的觀念與技術運用在工作流程的領域中，使流程設計人員能夠利用AOP的方式來解決橫跨性需求的模組化問題，並且利用靜態織入方法，改善jBPM工作流程引擎進行剖面流程在織入時的效能。 / Cross-cutting concerns are those system design issues that cut across the various modules of an application and are typically foundational system services that we need to consider before diving into building an application. Most common among these are logging, authentication, authorization, and persistence. Cross-cutting concerns always cause program code to be scattered and tangled, and therefore make it harder to understand and maintain. Similar problem also occurs in the field of workflow. In our research, we apply the concept of aspect-oriented programming(AOP) to the field of workflow system, and implement a static weaver for jBPM. With static weaver, process designer can use the facilities of AOP, and the performance is also improved via static weaving . 剖面導向程式設計工作流程流程描述語言靜態織入橫跨性流程 aspect-oriented programming workflow jPDL static weaving cross-cutting concerns
9	應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管林經緯, Lin,Ching Wei Unknown Date (has links) 存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中，具有橫跨(cross-cutting)的特性，卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管，對於較細緻化(fine-grained)的資料存取(data-level)控管，並未提供設定式的控管方式，還是得透過程式化(programmatic)的方式處理，所以仍然有程式橫跨性的問題。最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns)，針對像安全橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面作為這些橫跨性需求的模組單位，既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。 / Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance. Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective. 網路應用程式宣告式存取控管機制以角色為基礎之存取控管資料層次存取控管剖面導向程式設計 web applications data-level access control Role-based access control MVC Aspect-oriented programming

Search results