【作者】 刘广钰；

【导师】 张永胜；

【作者基本信息】 山东师范大学 ， 计算机应用技术， 2010， 硕士

【摘要】 面向服务计算是当前工业界与学术界备受关注的主题,也是未来的发展趋势。它倡导以服务及其组合为基础构造应用的开发模式,标准化、松耦合及透明的应用集成方式是其重要特征,这些特征有助于提高应用系统的互操作能力、敏捷性及集成能力。服务计算是基于面向服务架构的计算模式,面向服务架构将应用程序的不同功能单元划分为服务,这些服务之间通过定义良好的接口和契约联系起来,这使得构建在各种这样的系统中的服务可以以一种统一和通用的方式进行交互,而且可以支持企业随需应变的敏捷性和先进的软件外包管理模式。面向服务计算是以标准的方式支持系统的开放性,进而使相关技术与系统具有长久的生命力。随着面向服务架构技术的发展,面向服务计算的安全性已经成为重要问题。安全性和开放性本质上的对立,限定了可实现的安全性的程度,因此如何在可访问性与访问限制之间建立一个合理的平衡是面向服务计算的安全策略迫切需要研究的问题。?随着面向服务架构的分布式计算的发展,对访问控制也提出了新的要求。访问控制是最重要的安全技术之一,也是可信计算机系统评估标准(TESEC)中评价系统安全的主要指标之一。与传统的分布式系统相比,面向服务架构的分布式系统,由于计算环境的异构性和主体操作方式的多样性,提出请求的主体和提供服务资源的客体都具有较高的动态特性。这就要求访问控制机制应该能够动态地适应这种变化,能够根据安全相关的环境做出其访问控制决策。?本文的主要工作:1.对面向服务计算的安全性需求进行了分析,结合访问控制技术的发展趋势,对基于角色的访问控制、基于团队的访问控制和基于任务的访问控制进行了细致的研究,总结分析了各模型的优缺点及其局限性。?2.重点对现有的面向服务的访问控制进行了研究,提出了一个面向服务计算的新的访问控制模型(RH-SOCAC)。该模型将服务间交互看作是双方平等地服务于应用系统的一个过程,而非直接地调用与被调用。3.在模型中引入了角色分层的概念,通过鉴别机制为服务赋予不同层次的角色,作为绑定上下文的参数,为细粒度策略的实施提供了支持,从而简化了管理,增强了系统的可理解性,并将模型应用于实例加以说明。?4.阐述了语义Web服务对于面向服务计算的安全方面的影响。通过基于本体的方式来描述Web服务的安全策略,为服务计算的安全提供了语义描述,从而能够提供在语义层次上对安全性的推理,同时也符合语义Web的发展趋势,不仅使网络面向服务,而且可以使服务具有机器可理解的语义。?5.通过分析面向服务环境中本体在安全方面所起到的积极的作用,本文用安全本体来实现一种表示安全需求和安全能力的方法,对Web服务和代理进行访问控制、数据的完整性、授权等安全描述。并且对安全本体进行了扩展,在安全本体中添加了策略说明,使得在描述语义Web服务的安全需求时具有更好的灵活性、多样性以及互操作性。?更多还原

【Abstract】 The subject of Service-Oriented Computing (SOC) receives a wide publicity of the industrial and the academia. SOC is a new computing paradigm that utilizes services as the basic constructs to support the development of rapid, low-cost and easy composition of distributed applications even in heterogeneous environments. SOC relies on the Service Oriented Architecture (SOA), which is a way of reorganizing software applications and infrastructure into a set of interacting services. SOA is a flexible set of design principles used during the phases of systems development and integration. A deployed SOA-based architecture will provide a loosely-integrated suite of services that can be used within multiple business domains. SOA defines how to integrate widely disparate applications for an application that is Web based and uses multiple implementation platforms. Rather than defining an API, SOA defines the interface in terms of protocols and functionality. An endpoint is the entry point for such an SOA implementation.SOC supports openness of system in the form of standard. With the development of SOA, the security of SOC becomes a key problem. In nature, security is opposite to openness, so how to build a reasonable balance between accessibility and access restriction is the problem cry for solve to security policy of SOC.With the development of SOA, make a claim for access control. Access control is one of the security technologies and one of the crucial targets of TESEC. Compared with the traditional distributed systems, distributed systems based-SOA possesses a high dynamic performance for tactility of computing environment and the multiformity of the main mode of operation. This asks for access control mechanism can make a decision according to the security environment.The mainly innovative work as followings:1.Analyzed security demands of the SOC,On the basis of the present access control models to be researched,this thesis analyzes the superiorities and its limitations of each kind of model, and make a intensive study for RBAC、TMAC and TBAC.2.According to the characteristics and the demands of access control under the enterprise environment, priority of research is service-oriented access control. Proposed a new service oriented computing access control model based on RBAC (RH-SOCAC).3.This model considers web-based service access control, introduced role hierarchy and depends on the strengths of identification mechanisms as a context-dependent parameter. Furthermore shows how to model for this context-dependent access control by using role-based concepts. By using a BindingContext matching mechanism supported a fine-grained access control.4.Expound the significant effects of the semantic web service for the security of SOC. Characteristic the security policy of web service in the form of ontology, provide semantic description for the security of service computing, so that provides security reasoning and made services have machine understandable semantics.5.This thesis through analysis the security ontology illustrated the description of the semantic web services and extended the OWL-S. And with the policy illustration that implement semantic description of the security services.更多还原