雲端環境中為服務導向架構支援安全性, 可信任及協同合作
No Thumbnail Available
Date
2014
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
隨著服務導向架構(SOA)及雲端運算等技術的誕生,網路應用迎接了革命性的演進,除了發展出在Web以及雲端環境的新系統及軟體外,也同時產生了需要面對的新問題,使得近代的資訊工程領域有了新的研究方向,例如: 服務導向架構的安全性設置,雲端服務的可信任性以及協同合作,執行流程的同步控制等。
在服務導向架構處理安全性及權限控制相關的標準規範中,並沒有設計如何與整個SOA系統的整合應用,此論文中提出了兩個新的語言,能使系統開發者動態且有效地部署其安全性策略到系統中的Web服務上。除了安全性問題之外,我們也發現傳統資料庫系統的ACID特性,在SOA系統中是需要被釋放的,我提出了一個新的架構,能有效的同步控制複數的執行流程在整個系統中的運作狀態,且支援其同步控制規則的動態更新。
協同合作是雲端服務中一個新的應用,它讓使用者們可以透過網路來異地共同編輯一份文件或交換意見,此論文提出了一個新的工作流程描述語言及雲端服務,使用者能透過語言來提出需求,並提交給服務來共同定義一個工作流程。
一個雲端服務是否值得相信,需要有辦法能證明參與者們是否有違反的行為,除了數位簽章提供的不可否認性外,我發現還需要確保雲端資源存取的循序性,才能消除資源在大量使用時可能發生的爭議,此論文最後提出一個新的溝通協議,能證明服務提供者是否有違反循序性,來確保此雲端服務是值得相信的。
With the birth of Cloud and service-oriented architecture (SOA), there are various new issues discovered in computer science and information engineering domain, for example: the deployment of security and access control policies and the concurrency control of long-running transactions in SOA system, the cloud collaboration of defining a workflow definition, and the proof of violations of services in the cloud. The related security and access control standards of Web service lack the integration with SOA system. This paper proposed two new languages to help the system developer dynamically deploy the security and access control policies. The separate of concern is convenient for the administrator to handle the quality of system. A transaction of SOA system needs to relax the ACID properties since it can be long-running. A proposed new model can deal with the concurrent control of them by exploring the global context, and support the dynamic modification of control rules. We also proposed a novel language for defining workflow in the working model of cloud collaboration. The language enables the distributed definition and concurrent revision of a workflow by multiple users from different places in the cloud. For a trustworthy cloud service, it is necessary to have a scheme to detect or proof any probable violation from transaction participants. In the last topic of this paper, we proposed a novel scheme which can let SOA system provide the non-repudiation and serializability. Users and the service provider exchange attestations for every request. The user only has to store the last attestation it received, and the service provider keeps all the attestations, so that they can be used when proving is required.
With the birth of Cloud and service-oriented architecture (SOA), there are various new issues discovered in computer science and information engineering domain, for example: the deployment of security and access control policies and the concurrency control of long-running transactions in SOA system, the cloud collaboration of defining a workflow definition, and the proof of violations of services in the cloud. The related security and access control standards of Web service lack the integration with SOA system. This paper proposed two new languages to help the system developer dynamically deploy the security and access control policies. The separate of concern is convenient for the administrator to handle the quality of system. A transaction of SOA system needs to relax the ACID properties since it can be long-running. A proposed new model can deal with the concurrent control of them by exploring the global context, and support the dynamic modification of control rules. We also proposed a novel language for defining workflow in the working model of cloud collaboration. The language enables the distributed definition and concurrent revision of a workflow by multiple users from different places in the cloud. For a trustworthy cloud service, it is necessary to have a scheme to detect or proof any probable violation from transaction participants. In the last topic of this paper, we proposed a novel scheme which can let SOA system provide the non-repudiation and serializability. Users and the service provider exchange attestations for every request. The user only has to store the last attestation it received, and the service provider keeps all the attestations, so that they can be used when proving is required.
Description
Keywords
服務導向架構, Web服務, 業務過程執行語言, 安全性策略, 存取控制模型, 雲端協同合作, 同步控制, 可廢止邏輯, 工作流程描述語言, 不可否認性, 循序性, 證明違約, SOA, Web Services, BPEL, security policy, access control model, cloud collaboration, concurrency control, defeasible logic, Workflow definition language, nonrepudiation, serializability, proof of violation