【作者】 张帅；

【导师】 李善平； 孙建伶；

【作者基本信息】 浙江大学 ， 计算机科学与技术， 2011， 博士

【摘要】 随着经济全球化的迅猛发展以及信息技术的不断进步,大型企业级应用系统在社会经济中扮演着越来越重要的地位。当今竞争激烈的商业社会,要求企业对瞬息万变的市场做出迅速反应,不断地调整自身业务形态；如何实现企业应用系统以服务为导向、随需应变成为了当今软件产业的焦点问题,而面向服务的架构与Web服务技术正是在这样的背景下应运而生。由于Web服务的平台无关、松耦合以及可复用性等特点,使得它在企业遗留系统改造、异构系统应用集成乃至实现跨企业的业务流程协作等方面存在着巨大的应用价值。当前,Web服务的相关标准已经逐渐成熟,服务组合的构建技术也已受到相当广泛的关注。然而在实际应用过程中,要使其正确、安全而又高效地为企业服务,仍然存在着较多问题有待解决。本文以基于服务组合的跨企业协作为应用背景,围绕着组合服务运行时支撑保障相关问题,从正确性验证、访问控制以及性能优化等几个方面展开研究。本文的主要工作与贡献如下：1)提出了基于Petri网的服务流程建模与验证方法。合作伙伴之间业务协作常常包含复杂的业务逻辑和消息交互。仅仅依靠静态的接口匹配的约束方法,无法保证流程的动态行为正确性。本文以Petri网理论为基础,提出一种服务控制与数据接口一致性Web服务建模方法,形式化地描述了组合服务基本构建单元及其构建过程；针对组合服务的正确性验证问题,提出了基于服务工作流网合理性的正确性定义,以此为基础对多个组合服务之间的业务流程协作进行建模,提出了流程正确性及兼容性分析算法,通过案例分析验证了算法的有效性。2)提出了基于RBAC的权限最小化动态访问控制授权机制。企业的业务过程从原有的单域环境向跨企业的多域环境迁移时,其原有的针对单域的访问控制策略无法很好地满足新环境的需求。提出一种以基于角色访问控制(RBAC)为基础的多域动态访问授权模型,根据组合服务的流程结构分析服务执行所需的权限,提出一个权限最小化的角色集挖掘算法,从原有的面向单域的角色授权关系中挖掘满足服务执行的角色集。针对组合服务中的跨域操作进行端对端的域间自主授权协商,并根据挖据出的角色集建立最小成本的跨域角色映射以满足跨域访问授权需求。在此基础上提出一套与现有的工业标准相结合运行时框架,实现了根据组合服务实际运行状态进行授权的动态访问控制机制,并通过模拟实验证明了算法的有效性。3)提出了一种面向跨企业组合服务性能优化的服务部署策略。跨企业的业务协作以公共网络作为信息传输的基础架构,网络本身的不稳定性以及各企业地理位置、网络位置的分布以及安全策略的部署等因素,对组合服务性能带来难以忽视的影响。本文以组合服务分布式执行为讨论基础,以服务执行成本作为组合服务性能优化指标,提出了服务间交互强度的概念,并通过对企业内服务部署区间的调整来达到降低服务执行成本的目的。通过将服务可部署区域的作为限制条件,将问题转化为多约束条件的下的最优化问题,并提出了一个基于遗传算法建模方法对这一优化问题进行求解。模拟实验表明算法在不同场景下均对组合服务执行成本有较大的优化。更多还原

【Abstract】 As the development of economic globalization and the progress of information technologies, large scale information applications are taking a more and more important character in the economic society. Enterprises need to align themselves to the rapid changing market and adjust their business destinations. How to turn enterprise applications into services oriented and to be changed dynamically becomes the dominating problem in today’s software industry. Service oriented architecture and Web Service technology come into real in such background. Web services have the advantages of platform independence, loosely coupling and reusability so that they have very large of application values in enterprises including legacy system migration, heterogeneous systems integrations and crossing enterprises business cooperation.Currently, the industry standards of Web services are being continuously improved; methods and technologies for services composition are receiving considerable attentions. However, it still remains a lot of unresolved problems while adopting them into enterprise applications to make them work correctly, safely and efficiently. The researches in this paper take cross enterprises business cooperation based on services composition as the application background, focus on the runtime problems of service composition execution such as correctness verification, access control and performance optimization. Major work and contributions include:1) A formalized modeling and verification method for business processes based on Petri Net is proposed. The business cooperation between businesses partners usually contain complicated business logics and message exchanges. The static restriction methods based on interface compatibility cannot guarantee the correctness of dynamic behaviors of processes. This paper proposed a consistent model for control and data interface of web services based on Petri Net theory. The basic construction units of services composition is formalized descripted with this model. The soundness of service workflow net is defined to descript the correctness of composited services. The business cooperation process is modeling based on this definition and an analysis algorithm for the verification of correctness and compatibility for composite services is proposed. Availability of the algorithm is evaluated by several cases.2) A dynamic multiple domains access control model base on role based access control (RBAC) was proposed. The existing single domain based access control model cannot fulfill the authorization requirements for service compositions cross multiple enterprises. The process structures of composite services were analyzed and a role mining algorithm was proposed to find the role set with minimized permissions that meet the access requirements of composite services. Authorization negotiations were set up among relevant domains for each cross domain operation in composite services and cross domain role mappings were built according the mined role sets with minimized cost to fulfill the cross domain operations. Based on this model, a runtime framework aligned with current industry standard was proposed to authorize dynamically based on the current running status of composite services. Simulation experiments showed the effectiveness of key part of the role mining algorithm.3) A services deployment strategy is proposed for performance optimization of cross enterprise service compositions. The cross enterprise business cooperation uses public network as its information delivery infrastructure. The unstable nature of public network, the geographical and network locations distributions and the deployment of security policies of each enterprise brings non negligible effect on the performance of composited services. Execution cost of composited services is considered as the optimization objective and a concept named interaction dependency is proposed. The performance is optimized based on adjusting the deployment domains of component services in order to reduce the overall execution costs. With the limitation of deployable domains of services, the problem is converted into an optimization problem under multiple restrictions, and a genetic algorithm based method is proposed to resolve this problem. The simulation experiments show the algorithm has considerable improvement in different scenarios.更多还原