Global ETD Search

1	應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管林經緯, Lin,Ching Wei Unknown Date (has links) 存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中，具有橫跨(cross-cutting)的特性，卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管，對於較細緻化(fine-grained)的資料存取(data-level)控管，並未提供設定式的控管方式，還是得透過程式化(programmatic)的方式處理，所以仍然有程式橫跨性的問題。最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns)，針對像安全橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面作為這些橫跨性需求的模組單位，既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。 / Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance. Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective. 網路應用程式宣告式存取控管機制以角色為基礎之存取控管資料層次存取控管剖面導向程式設計 web applications data-level access control Role-based access control MVC Aspect-oriented programming
2	設計易調整的電子病歷存取控管機制 / Using Aspects to Implement Adaptable Access Control for Electronic Medical Records 張淵鈞, Chang, Yuan-chun Unknown Date (has links) 存取控管是電子病歷 (Electronic Medical Records, EMR)安全防護的核心課題。為了因應醫病關係的變動及確保病患隱私，EMR的存取控管必須滿足動態和細緻化這兩大需求。但這樣的需求並不容易實現，因為負責存取控管的程式碼具有橫跨 (cross-cutting)的特性，必須嵌入到應用系統的各個模組，很容易與應用邏輯發生夾雜不清的現象。礙於現有的程式機制和開發工具對於這樣的安全需求無法提供有效的支援，因此本研究將以剖面導向程式設計 (Aspect Oriented Programming，AOP)技術為基礎，設計一個宣告式EMR安全控管方法，。在我們的方法中，安全控管邏輯將從EMR系統的核心抽離，並且匯集到單一的剖面 (Aspect)模組，使原有的系統更加模組化 (modularity)。此外，利用我們開發的存取控管程式碼產生器，安全管理者可以藉由宣告組態檔的方式產生EMR的存取控管程式碼。如此一來，安全管理者不僅可以容易地掌握全局、減少分散管理可能造成的疏失，更可以大幅減少維護EMR存取安全所需的時間及成本。 / This paper presents an aspect-oriented approach to providing adaptable access control framework for Electronic Medical Records (EMR) on Web-based platform. In our scheme, access control logic is decoupled from the core of application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying application using standard aspect tools. At runtime, these aspect codes will be executed to enforce the required access control without any runtime interpretation overhead. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. This will not only improve the system’s modularity but also make the task of enforcing comprehensive access control more adaptable. 剖面導向程式設計電子病歷存取控管 Aspect Oriented Programming Electronic Medical Records Access Control
3	應用動態剖面導向技術實現用戶之間的委任權限管理 / Using Dynamic Aspects to Implement User-to-User Delegation 黃啟峰 Unknown Date (has links) 對大部分的應用系統來說，在實施系統功能存取控管的同時，若沒有搭配適當的委任或委派權限的機制，將會大大影響系統用戶對存取控管限制的接受度，故本論文針對如何實現用戶間的權限委派進行探討。我們選擇以剖面導向技術開發的存取控管框架為標的，設計出一套模組化的權限委派機制，可以在不改變既有的存取控管剖面的情況下，進行用戶間的權限委派。我們採用動態剖面的技術，並結合個體層次的剖面功能，發展出可以在使用應用系統的交談期間，由用戶動態進行權限委派的啟動與關閉。此一操作方式不僅方便系統管理者進行存取控管與權限委派的設定，也讓用戶在使用上享有相當程度的彈性。我們以AspectWerkz的剖面框架為實驗平台，製作一個用戶間權限委派的展示系統。 / For many systems, access control without proper support for delegation is simply impractical. While access control has gained a considerable attention in the aspect-oriented community recently, delegation has not been properly addressed yet using aspects. This paper presents a simple yet novel approach to implementing delegation using dynamic aspects. This thesis shows that a proper combination of instance-level aspects and dynamic deployment can be used to enhance an aspect-based access control system with dynamic and fine-grained delegation effectively in a highly modular manner. We developed a prototype implementation using the per instance interception mechanism of AspectWerkz to illustrate our approach. 剖面導向動態剖面存取控管委任 Aspect Oriented Programming Dynamic Aspect Access Control Delegation
4	建構可重用與細緻化的剖面導向存取控管框架 / Building a Reusable and Fine-grained Aspect-Oriented Access Control Framework 黃植懋, Huang , Chih-Mao Unknown Date (has links) 隨著網路應用的發達與普及，應用系統的安全防護非常重要，但是要將安全方防護方面的設計與製作做好，卻不容易。因為與安全相關的程式碼必須嵌入到應用系統的各個模組中去執行，具有橫跨（cross-cutting）的特性。在設計時，若不加以區分，仍然以一般的物件或是函式模組來將其模組化的話，往往造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象，當系統愈趨複雜時，這些問題就愈顯嚴重，結果導致系統不易維護且錯誤頻仍。最近興起的剖面導向程式設計（Aspect-Oriented Programming）基於關注分離的原則（Separation of Concerns），針對像安全這類橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面（aspect）作為這些橫跨性需求的模組單位，以大幅改善應用系統的模組性。近兩三年來，這方面的發展迅速，各種支援方面導向的程式語言與相關工具相繼推出，美國全錄公司柏拉圖實驗室發展的AspectJ語言就是一個具代表性的成果。本論文以剖面導向的原則，以AspectJ及JBossAOP為主要工具，針對Web應用程式在認證與存取控管方面的安全需求，設計與製作一套具重用性且可處理資料內容相關、細緻層級的存取控管框架。 / Access control is a system-wide concern that has both a generic nature and an application dependent characteristic. It is generic as many functions must be protected with restricted access, yet the rule to grant a request is highly dependent on the application state. Hence it is common to see the code for implementing access control scattered over the system and tangled with the functional code, making the system difficult to maintain. This thesis addresses this issue for Web applications by presenting a practical access control framework based on aspect-oriented programming (AOP). Our approach accommodates a wide range of access control requirements of different granularity. AOP supports the modular implementation of access control while still enables the code to get a hold of the application state. Moreover, framework technology offers a balanced view between reuse and customization. As a result, our framework is able to enforce fine-grained access control for Web applications in a highly adaptable manner. 存取控管剖面導向程式設計框架網頁應用程式 Access Control Aspect-Oriented Programming Framework Web Applications
5	建構電子病歷存取控管規則之可設定式編輯環境 / A Configurable Editor for Specifying Access Control Rule In Electronic Medical Records 王心怡, Wang,Hsin-Yi Unknown Date (has links) 在「設計易調整的電子病歷存取控管機制」論文中，針對病患隱私的保障，設計了一套XML格式的存取控管規則語言，讓安全管理者可以藉由設計安全組態檔，動態並細緻化地切換電子病歷的存取控管程式碼。根據前述論文的需求，我們建構出一套可融合於Eclipse開發平台中的存取規則編輯環境。除了具備XML編輯器的基本功能外，我們的編輯環境針對此存取控管規則語言提供使用者自訂屬性與規則變數的機制，以半自動化的方式免去記憶屬性值的困擾；並在存取規則的限制條件編修畫面當中，加入語法解析功能與基本格式驗證功能，協助使用者編輯限制條件，早期發現錯誤，大幅簡化安全管理人員設計存取控管規則的工作。 / This thesis presents a Configurable Editor for Specifying Access Control Rule in Electronic Medical Records based on the XML rule schema designed in another thesis, "Using Aspects to Implement Adaptable Access Control for Electronic Medical Records". Our editor is developed as a plug-in in the Eclipse development platform. It has three distinguished features. First, the user can configure the specific attributes and rule variables referenced in the rule schema and rule instances. Second, the user can edit access control rules as any XML documents and view the rules in multiple views, such as tree view. Third, the editor performs static checks on the constraints specified in the rules to provide early error detection. Thus, we argue that the editor will of significant help to the security administrators. 存取控管規則語言延申標記語言編輯器規則語言編輯器 Eclipse外掛程式 Access Control Rule Language XML Editor Rule Editor Eclipse plug-in

1

Page generated in 0.0207 seconds