本文選題：協(xié)同設(shè)計(jì) + 訪問(wèn)控制��； 參考：《太原科技大學(xué)》2014年碩士論文

【摘要】：網(wǎng)絡(luò)化協(xié)同設(shè)計(jì)(CSCD，CSCW in Design)是計(jì)算機(jī)支持的協(xié)同工作在產(chǎn)品設(shè)計(jì)領(lǐng)域的重要應(yīng)用技術(shù)。協(xié)同設(shè)計(jì)支持多個(gè)時(shí)間上分離，空間上分布，工作上又相互依賴(lài)的協(xié)同設(shè)計(jì)成員間的相互協(xié)作。在設(shè)計(jì)過(guò)程中，設(shè)計(jì)任務(wù)狀態(tài)是動(dòng)態(tài)變化的，任務(wù)操作之間具有任務(wù)狀態(tài)遷移和依賴(lài)約束的特點(diǎn)。協(xié)同設(shè)計(jì)系統(tǒng)必須保證合法用戶(hù)在恰當(dāng)?shù)娜蝿?wù)時(shí)間段具備動(dòng)態(tài)訪問(wèn)和操作對(duì)象的能力。與設(shè)計(jì)任務(wù)狀態(tài)關(guān)聯(lián)的協(xié)同設(shè)計(jì)過(guò)程動(dòng)態(tài)訪問(wèn)控制成為協(xié)同設(shè)計(jì)管理的重要研究?jī)?nèi)容之一。 訪問(wèn)控制技術(shù)主要包括基于角色的訪問(wèn)控制（Role Based Access Control， RBAC）、基于任務(wù)的訪問(wèn)控制（Task Based Access Control， TBAC）、基于屬性的訪問(wèn)控制（Attribute BasedAccess Control，ABAC）。RBAC適用于系統(tǒng)相對(duì)穩(wěn)定的靜態(tài)訪問(wèn)控制，但是對(duì)于復(fù)雜的分布式環(huán)境，缺乏對(duì)主客體的動(dòng)態(tài)描述以及對(duì)上下文環(huán)境的關(guān)聯(lián)。TBAC不能夠細(xì)粒度的實(shí)現(xiàn)分布式環(huán)境下的訪問(wèn)控制問(wèn)題。與其它訪問(wèn)控制模型相比，ABAC能夠解決開(kāi)放網(wǎng)絡(luò)環(huán)境下資源保護(hù)所面臨的細(xì)粒度問(wèn)題以及網(wǎng)絡(luò)系統(tǒng)所面臨的大規(guī)模用戶(hù)問(wèn)題。本文對(duì)基于屬性訪問(wèn)控制進(jìn)行擴(kuò)展，，應(yīng)用于協(xié)同設(shè)計(jì)訪問(wèn)控制中，主要工作如下。 （1）在分析了網(wǎng)絡(luò)化產(chǎn)品協(xié)同設(shè)計(jì)訪問(wèn)控制中所具有的設(shè)計(jì)任務(wù)狀態(tài)遷移與依賴(lài)約束關(guān)系特點(diǎn)基礎(chǔ)上，提出了基于屬性擴(kuò)展的ABAC訪問(wèn)控制模型CSCD—ABAC模型，給出了模型中的設(shè)計(jì)主體、設(shè)計(jì)客體、設(shè)計(jì)環(huán)境以及設(shè)計(jì)動(dòng)作之間的形式化描述，定義了訪問(wèn)控制規(guī)則以及訪問(wèn)控制策略。通過(guò)引入任務(wù)實(shí)例DTI，將任務(wù)實(shí)例狀態(tài)遷移對(duì)訪問(wèn)權(quán)限的影響，動(dòng)態(tài)描述為ABAC的上下文環(huán)境屬性，通過(guò)環(huán)境屬性的變化，來(lái)動(dòng)態(tài)確定訪問(wèn)控制權(quán)限。將任務(wù)實(shí)例中設(shè)計(jì)任務(wù)間的依賴(lài)約束關(guān)系，描述為權(quán)限分配的策略判定規(guī)則，從而能夠適應(yīng)協(xié)同設(shè)計(jì)訪問(wèn)控制權(quán)限動(dòng)態(tài)變化的特點(diǎn)，能夠較好的解決協(xié)同設(shè)計(jì)過(guò)程中的動(dòng)態(tài)訪問(wèn)控制問(wèn)題。 （2）在對(duì)模型訪問(wèn)控制流程分析的基礎(chǔ)上，對(duì)ABAC擴(kuò)展模型中的策略執(zhí)行點(diǎn)PEP、策略判定點(diǎn)PDP、策略管理點(diǎn)PAP以及策略信息點(diǎn)PIP等各個(gè)功能模塊進(jìn)行詳細(xì)設(shè)計(jì)，給出各功能單元的工作流程形式化描述。同時(shí)對(duì)于屬性存儲(chǔ)、判定規(guī)則描述以及判定過(guò)程進(jìn)行研究。 （3）在Web Service開(kāi)源環(huán)境下，用SOAP協(xié)議，結(jié)合SAML、XACML在客戶(hù)端通過(guò)SOAP來(lái)遠(yuǎn)程調(diào)用Web Service服務(wù)。實(shí)現(xiàn)了屬性、規(guī)則的創(chuàng)建、以及PEP、PDP的執(zhí)行策略，進(jìn)行了測(cè)試與驗(yàn)證。
[Abstract]:CSCD / CSCW in Design is an important application technology of computer supported collaborative work in the field of product design.Collaborative design supports the cooperation of multiple collaborative design members, which are separated in time, distributed in space, and interdependent in work.In the design process, the design task state is dynamic, and the task operation has the characteristics of task state migration and dependency constraints.Collaborative design systems must ensure that legitimate users have the ability to access and manipulate objects dynamically at the appropriate task time.Dynamic access control of collaborative design process associated with design task state has become one of the important research contents of collaborative design management.Access control techniques include role Based Access control, task-based access control Based Access control, attribute-based access control, attribute BasedAccess control, ABAC. RBAC is suitable for static access control, which is relatively stable in the system.However, for complex distributed environments, there is a lack of dynamic description of the subject and object and the relevance of context. TBAC can not implement access control problem in distributed environment with fine granularity.Compared with other access control models, ABAC can solve the fine-grained problem of resource protection in open network environment and the large-scale user problem faced by network system.In this paper, attribute based access control is extended and applied to collaborative design access control. The main work is as follows.1) based on the analysis of the characteristics of design task state migration and dependency constraint in networked product collaborative design access control, the CSCD-ABAC model of ABAC access control model based on attribute extension is proposed.The formal description of the design subject, the design object, the design environment and the design action in the model is given, and the access control rules and access control policies are defined.By introducing the task instance, the influence of task instance state migration on access rights is dynamically described as the context attribute of ABAC, and the access control authority is dynamically determined by the change of environment attribute.This paper describes the dependency constraints between tasks in a task instance as a policy decision rule for privilege allocation, which can adapt to the dynamic change of access control rights in collaborative design.It can solve the problem of dynamic access control in collaborative design process.2) based on the analysis of the model access control flow, the function modules such as the policy execution point, the policy decision point, the policy management point PAP and the policy information point PIP in the extended ABAC model are designed in detail.The formal description of the workflow of each function unit is given.At the same time, the attribute storage, the description of decision rules and the process of decision are studied.In the open source environment of Web Service, the Web Service service is called remotely by the client through SOAP with the SOAP protocol and the SAMLO XACML.Property, rule creation, and PEPPDP execution strategy are implemented, tested and verified.
【學(xué)位授予單位】：太原科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 徐洪學(xué);;一種面向協(xié)同設(shè)計(jì)系統(tǒng)的訪問(wèn)控制模型[J];東北大學(xué)學(xué)報(bào)(自然科學(xué)版);2007年12期

2 王小明,趙宗濤,馬建峰;基于承諾-擔(dān)保的訪問(wèn)控制模型[J];電子學(xué)報(bào);2003年08期

3 邢光林;洪帆;;基于角色和任務(wù)的工作流授權(quán)模型及約束描述[J];計(jì)算機(jī)研究與發(fā)展;2005年11期

4 葉春曉;吳中福;符云清;鐘將;馮永;;基于屬性的擴(kuò)展委托模型[J];計(jì)算機(jī)研究與發(fā)展;2006年06期

5 宋海剛,陳學(xué)廣;計(jì)算機(jī)支持的協(xié)同工作(CSCW)發(fā)展述評(píng)[J];計(jì)算機(jī)工程與應(yīng)用;2004年01期

6 許峰;林果園;黃皓;;Web Services的訪問(wèn)控制研究綜述[J];計(jì)算機(jī)科學(xué);2005年02期

7 郭銀章;曾建潮;;基于TRBAC混合模型的協(xié)同設(shè)計(jì)過(guò)程動(dòng)態(tài)訪問(wèn)控制[J];計(jì)算機(jī)集成制造系統(tǒng);2012年02期

8 王雅哲;馮登國(guó);;一種XACML規(guī)則沖突及冗余分析方法[J];計(jì)算機(jī)學(xué)報(bào);2009年03期

9 沈海波,洪帆;訪問(wèn)控制模型研究綜述[J];計(jì)算機(jī)應(yīng)用研究;2005年06期

10 李成鍇,dislab.nju.edu.cn,詹永照,茅兵,謝立;基于角色的CSCW系統(tǒng)訪問(wèn)控制模型[J];軟件學(xué)報(bào);2000年07期

本文編號(hào)：1763752