Please use this identifier to cite or link to this item: http://rportal.lib.ntnu.edu.tw:80/handle/20.500.12235/106946
Title: 工作流程管理系統與呼叫鍊的安全性架構
The Security Framework for WfMS and Calling Chain
Authors: 黃冠寰
Gwan-Hwan Hwang
蕭宇程
Hsiao Yu-Cheng
Keywords: 工作流程系統
中國牆安全性模型
安全性
雲端運算
服務導向架構
呼叫鍊
Workflow management system (WfMS)
Chinese wall security model (CWSM)
Security
Cloud
SOA
Calling chain
Issue Date: 2013
Abstract: 安全的工作流程系統(Workflow Management System, WfMS)與服務導向架構(Service-oriented architecture, SOA)必須要支援像是身分驗證機制、資料保密性、資料完整性以及不可否認性等安全性需求。中國牆安全模型(Chinese wall security model)主要用於提供商業組織中避免利益衝突的存取控制,在大型跨企業的工作流程中顯得特別重要。本論文的第一個部份提出如何將中國牆安全模型實作於工作流程系統中,我們先展示現有的存取控制模型由於沒有考慮到執行時期的歷史紀錄與公司組織資訊的變動性而不足以支援此安全性架構,而提出了一組應用程式介面並支援動態存取控制對象與公司資料的繫結。此應用程式介面也可用於定義動態的安全性政策來達成將中國牆安全模型實作於工作流程系統的安全性需求,並討論如何將這些特性實作於執行時期的工作流程系統。 雲端運算(Cloud computing)技術目前不論是在學術或是業界都引起了很大的注意,越來越多使用者與企業都將資料與應用程式搬移到雲端上。雲端運算提供可擴充性、支援大型資料數據、依據需求來調整的資源分配技術,這些特性對於如何將工作流程系統實作於雲端上是相當有挑戰性的。要建立一個可擴充性高的跨企業工作流程系統需要將現有流程管理的概念加以運用及擴展,本論文的第二個部份提出一個工作流程的安全性架構如何被安全有彈性地實作於跨企業的工作流程中,並提出現有以工作流程引擎為基礎的工作流程系統難以達成不可否認性的安全性需求。我們提出的系統架構為一個文件傳遞式並支援主要安全性需求的雲端環境系統,它運用了元素式加密法和鏈狀數位簽章等技術讓工作流程程序實例擁有自我保護的能力,並可以滿足身分驗證機制、資料保密性、資料完整性以及不可否認性等安全性需求。而且工作流程程序實例可以備份及遷移至其他相容的平台而不必依靠雲端服務提供者的支援。在本研究中,我們實作了整個系統的雛型並進行相關的實驗與研究,並提供了充分的實驗結果。 在服務導向架構的系統中,應用程式通常會以網路服務(Web service)來進行實作,而網路服務的呼叫常會產生動態的呼叫鍊(Calling chain)。現有的服務導向架構安全性機制像是WS-Security、WS-SecurityPolicy及WS-Trust都只支援點對點式的安全性。在本論文中的第三個部份中,我們首先說明了需要呼叫鍊動態資訊的存取控制情境,並提出一個滿足主要安全性需求的以服務導向架構為基礎的安全性架構,此架構會在每個服務呼叫時產生呼叫記錄(Calling record)並且將此資訊加入到呼叫中,藉此建立可以用來支援基於呼叫鍊存取控制的呼叫鍊圖型(Calling-chain graph),我們也設計了一組安全性政策應用程式介面來讓服務提供者制定基於呼叫鍊的存取控制,並提供了實作與實驗結果以展示本研究所提出之系統的可行性。
Secure workflow management systems (WfMSs) and SOA (service-oriented architecture) system are required to support major security features such as authentication, confidentiality, data integrity, and nonrepudiation. The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. The first part of this dissertation describes how to implement the CWSM in a WfMS. We first demonstrate situations in which an access control model is not sufficient for this if the WfMS does not keep the run-time history of data accesses and company information is mutable, and we then propose an application programming interface (API) to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This API can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Then we discuss how to implement a run-time system to implement CWSM policies specified by this API in a WfMS. Cloud computing is gaining tremendous momentum in both academia and industry, with more and more people and enterprises migrating their data and applications into the cloud. Cloud computing provides a new computing model with elastic scaling, a resource pool of unprecedented size, and the on-demand resource provisioning mechanism, which bring numerous challenges in implementing workflow management systems (WfMSs) in the cloud. Establishing scalable and cross-enterprise WfMSs in the cloud requires the adaptation and extension of existing concepts for process management. The second part of this dissertation presents a framework for how cross-enterprise processes can be implemented, secured, controlled, and scaled. We also explain why existing engine-based centralized and distributed WfMSs cannot guarantee the nonrepudiation requirement. The proposed framework is a document-routing system that implements major required security features in the cloud computing environment. Its security framework is built by applying element-wise encryption and a cascade-based method of embedding digital signatures. The implementation and experimental results demonstrate the feasibility of the proposed framework. In an SOA (service-oriented architecture) system such as an application implemented by Web services, the invocations of services often form dynamic calling chains. Existing security standards of an SOA such as WS-Security, WS-SecurityPolicy, and WS-Trust only support the point-to-point security requirements of individual Web services. In the third part of this dissertation. We first show some scenarios in which the access control and data security must consult the structure of a dynamically formed calling chain in a wide-open distributed environment. We then propose a security framework for SOA-based systems in which the access control and data security can be performed dynamically according to the formed calling chain in serviceinvocations. The proposed framework satisfies security requirements in a service invocation. A calling record is embedded in each service invocation and response, and these calling records are used when building a calling-chain graph that can be used to implement the calling-chain-based access control. In addition, we design a security policy API that the service provider can use to specify the access control and data security according to the formed calling chain. The implementation and experimental results demonstrate the feasibility of the proposed system.
URI: http://etds.lib.ntnu.edu.tw/cgi-bin/gs32/gsweb.cgi?o=dstdcdr&s=%22http://etds.lib.ntnu.edu.tw/cgi-bin/gs32/gsweb.cgi?o=dstdcdr&s=id=%22GN0896470031%22.&%22.id.&
http://rportal.lib.ntnu.edu.tw:80/handle/20.500.12235/106946
Other Identifiers: GN0896470031
Appears in Collections:學位論文

Files in This Item:
File SizeFormat 
n089647003101.pdf2.5 MBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.