基于UCON的Web Services访问控制的研究

【作者】 王新辉；

【导师】 周兰江；

【作者基本信息】 昆明理工大学 ， 计算机应用技术， 2008， 硕士

【摘要】 随着信息技术的发展,基于Internet的应用系统在各个领域、各个行业中的应用已经非常普遍。SOA是目前最流行的话题之一。它是电子商务中的一项重要的架构技术。这种技术可以使电子商务平台对相应的服务进行安全控制和服务状态监控。由于可以实现跨平台的软件服务的整合,解放软件服务的传输协议的限制,Web Services成为了SOA的首选技术。Web Services具有适合异构系统、易于开发和部署、易于发现和调用等优势,因此它近些年非常流行并被广泛的应用。Web Services安全问题由于其在电子商务中的应用而变得非常重要,其中的一个重要部分就是访问控制。一个完善的访问控制策略是保证Web Services安全的重要因素之一。本文主要研究了Web Services体系的访问控制问题。首先,对Web Services体系的特点以及对访问控制的要求进行了分析,并对传统的访问控制模型如DAC、RBAC模型的优缺点和Web Services的访问控制要求做了比较。其次,对新一代的访问控制概念模型UCON做了研究,对UCON模型中的核心模型ABC模型进行了详细分析,并在UCON概念模型的基础上结合传统访问控制模型的优点和Web Services体系对访问控制的需求,建立了适合于Web Services的访问控制模型。接下来本文通过对理论的分析和研究,通过建立的访问控制模型设计相应的访问控制系统模块。本文的访问控制系统分为认证和授权两个主要部分。认证部分主要采用SRP安全协议实现,授权部分主要利用UCON模型的核心模型ABC模型的思想来设计和实现。本模型主要采用Java技术来实现Web Services的访问控制,采用xfire作为SOAP引擎对SOAP消息进行控制。本文最后对研究和实验的结果作了分析总结,指出了本访问控制模型的优点,同时说明了模型的不足之处和需改进的方面,并提出今后的研究重点和需要继续完成的工作。更多还原

【Abstract】 With the development of information technology, the application of application system based internet is very prevalent in every field and industry. SOA is a very popular topic now. It is an important framing technology of Electronic Commerce. Using this technology, an E-commerce platform could control the services in security and listen their state. Web Services can achieve the union of software services without platform limit and make the software services can’t be restricted by transmission protocol. In this condition, Web Services becomes the first choice in SOA.Web Services has the following benefits including suitable to integrate completely different computing systems, fast and cheap to develop and easy to deploy, so it becomes very popular and widely used in many fields in these years. The security of Web Services becomes very important because of its application in E-commerce. One important part of it is access control. A good access control method is one of the important factors to protect Web Services in security.This paper discusses the access control of Web Services. First, it analyzes the characteristics of Web Services, the request of its access control, and compare it with traditional access control models such as DAC and RBAC. Second, it researches the UCON access control model, which is the new generation access control model, and builds a Web Services access control model based on the idea of UCON and the merits of the traditional access control models according to the requirement of the Web Services access control. Then, we design the Web Services access control system module based on this access control model. The access control module has two modules, authentication module and authorization module. The authentication module uses SRP protocol to achieve, and the authorization module uses ABC model to design and achieve. We use Java to achieve the model and use xfire, which is a popular SOAP engine, to control the SOAP message.At last, this paper analyzes and summarizes the result, points out the advantages and the shortage of the access control model, and show what we should do next step.更多还原