發(fā)布時間：2018-10-09 07:30

【摘要】：隨著生物信息學(xué)的發(fā)展、后基因組學(xué)時代的來臨，醫(yī)療、生命科學(xué)的研究越來越需要一個完善的生物樣本庫的支撐。一個基于多領(lǐng)域、多機(jī)構(gòu)、分布式的生物樣本庫信息管理系統(tǒng)也呼之欲出。目前國內(nèi)的生物樣本庫信息管理系統(tǒng)還停留在小規(guī)模、封閉式的管理模式之上，各機(jī)構(gòu)之間的生物樣本信息不能互通，研究資源不能充分利用。造成需要研究資源的機(jī)構(gòu)沒有樣本可用，而研究力量薄弱的機(jī)構(gòu)有樣本不能很好地管理或利用，這樣的樣本分布不均衡給生物、醫(yī)學(xué)領(lǐng)域帶來很大的損失。 本文基于上述基本情況，提出利用SOA架構(gòu)，建設(shè)一個本地管理、多機(jī)構(gòu)合作、區(qū)域共享的生物樣本庫信息管理系統(tǒng)。利用SOA架構(gòu)的開放性、松散耦合性等優(yōu)點(diǎn)有效解決目前樣本庫管理分散和管理混亂的現(xiàn)實(shí)情況。 SOA的開發(fā)性、松散耦合的特點(diǎn)給BIMS帶來了革命性的進(jìn)步，但是也給BIMS系統(tǒng)的安全性帶來了隱患。 SOA架構(gòu)下的系統(tǒng)是一個分布式的系統(tǒng)，在SOA架構(gòu)下，資源處于不同的安全域中，通過企業(yè)服務(wù)總線進(jìn)行連接，資源不屬于一個統(tǒng)一的管理中心，而一個服務(wù)要能夠與不同的安全域進(jìn)行對話，這就要求訪問控制能夠克服這種分布性，使請求能夠在不同系統(tǒng)中自由流動，提供訪問控制執(zhí)行服務(wù)和通用的訪問控制決策服務(wù)。自主訪問控制模型、強(qiáng)制訪問控制模型和基于角色的訪問控制模型等傳統(tǒng)模型采用的執(zhí)行和決策單元應(yīng)用到SOA架構(gòu)中會將系統(tǒng)的安全邏輯和業(yè)務(wù)邏輯緊密結(jié)合，，破壞SOA松耦合性的特點(diǎn)，失去了SOA架構(gòu)的意義，因此這些傳統(tǒng)的訪問訪問控制模型都不能為SOA架構(gòu)下訪問控制策略提供支持。 一個系統(tǒng)的安全性是其賴以存在的基本所在，沒有可靠的安全策略，BIMS系統(tǒng)根本無法在醫(yī)療科研領(lǐng)域立足。本文基于ABAC、RBAC模型，分析系統(tǒng)在SOA架構(gòu)下訪問控制的特點(diǎn)，引入RABAC訪問控制模型，提出面向服務(wù)的基于角色-屬性的安全訪問控制模型RABAC新的概念。定義了模型的關(guān)系、規(guī)則、約束條件，介紹了模型的構(gòu)成，并對模型的復(fù)雜度和特點(diǎn)進(jìn)行了分析，充分證明RABAC模型對于RBAC和ABAC模型的優(yōu)越性和對SOA架構(gòu)的適應(yīng)性。 文章最后通過介紹RABAC實(shí)現(xiàn)的技術(shù)基礎(chǔ)、實(shí)現(xiàn)框架和流程，闡述了RABAC模型在基于SOA框架的樣本庫信息管理系統(tǒng)中的應(yīng)用，實(shí)證了RABAC模型的優(yōu)勢，證明了RABAC模型在保障生物樣本庫的信息系統(tǒng)安全的可行性。整篇論文為基于SOA架構(gòu)的系統(tǒng)安全奠定了基礎(chǔ)，也為RABAC模型的推廣做了一個很好的表率。
[Abstract]:With the development of bioinformatics and the coming of post-genomics, the research of medical and life sciences needs a perfect biological sample library. A multi-domain, multi-organization, distributed biological sample database information management system is also coming forward. At present, the domestic information management system of biological sample database is still on a small scale, closed management mode, the biological sample information between institutions can not be exchanged, research resources can not be fully utilized. As a result, there are no samples available to the institutions that need research resources, while those with weak research power can not be well managed or utilized. Such uneven distribution of samples brings great losses in the field of medicine. Based on the above basic situation, this paper proposes to construct a local management, multi-agency cooperation and regional sharing information management system of biological sample base using SOA architecture. Using the advantages of open and loose coupling of SOA architecture, we can effectively solve the current situation of decentralized and chaotic management of sample base. The development and loose coupling of SOA bring revolutionary progress to BIMS, but also bring hidden trouble to the security of BIMS system. The system under the SOA architecture is a distributed system. Under the SOA architecture, the resources are in different security domains and connected through the enterprise service bus, so the resources do not belong to a unified management center. A service must be able to communicate with different security domains, which requires that access control can overcome this distribution, enable requests to flow freely in different systems, provide access control execution services and common access control decision services. The execution and decision unit used in traditional models such as autonomous access control model, mandatory access control model and role-based access control model, which are applied to the SOA architecture, will combine the security logic and business logic of the system closely. Because of destroying the loose coupling of SOA and losing the significance of SOA architecture, these traditional access control models can not provide support for access control policy under SOA architecture. The security of a system is the basis of its existence. Without a reliable security policy, BIMS system can not be established in the field of medical research. Based on ABAC,RBAC model, this paper analyzes the characteristics of system access control under SOA architecture, introduces RABAC access control model, and proposes a new concept of Service-Oriented role-based secure access control model (RABAC). The relationship, rules and constraints of the model are defined, and the structure of the model is introduced. The complexity and characteristics of the model are analyzed. The superiority of the RABAC model to the RBAC and ABAC models and the adaptability to the SOA architecture are fully proved. In the end, the paper introduces the technical foundation, the implementation framework and the flow of RABAC implementation, expounds the application of RABAC model in the information management system of sample base based on SOA framework, and demonstrates the advantages of RABAC model. The feasibility of RABAC model in ensuring the information system security of biological sample database is proved. The whole thesis lays a foundation for system security based on SOA architecture, and also makes a good example for the promotion of RABAC model.
【學(xué)位授予單位】：上海交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 關(guān)智華;;面向?qū)ο蠹軜?gòu)模式研究[J];佛山科學(xué)技術(shù)學(xué)院學(xué)報(自然科學(xué)版);2006年01期

2 肖偉平,何宏,諶新年,廖毅;基于XML的Web服務(wù)構(gòu)造動態(tài)電子商務(wù)[J];湖南工程學(xué)院學(xué)報(自然科學(xué)版);2004年04期

3 傅明;張瑋;;基于J2EE開源工作流引擎JBPM的設(shè)計實(shí)現(xiàn)[J];計算技術(shù)與自動化;2008年04期

4 包潔嬌;范菁;熊麗榮;;基于EJB的Web Service部署模型的研究[J];計算機(jī)與數(shù)字工程;2006年03期

5 李荒原,何明德;基于Java的Web服務(wù)解決方案的研究[J];計算機(jī)應(yīng)用研究;2004年07期

6 曹寶香;劉陽;;基于中間件的企業(yè)計算模型[J];計算機(jī)應(yīng)用研究;2007年02期

7 張紅兵;劉明;;云南郵政人力資源管理信息系統(tǒng)的設(shè)計與實(shí)現(xiàn)[J];昆明冶金高等�？茖W(xué)校學(xué)報;2006年05期

8 李蘭友;胡誠皓;張春華;;基于SOA和SSH的網(wǎng)絡(luò)設(shè)備管理系統(tǒng)設(shè)計與研究[J];南京工程學(xué)院學(xué)報(自然科學(xué)版);2011年04期

9 孫安琪;;電子病歷的安全管理策略分析[J];中外醫(yī)療;2012年17期

10 姜皇勤;張紅旗;任志宇;單棣斌;;組合Web服務(wù)訪問控制策略合成[J];計算機(jī)應(yīng)用;2012年12期

本文編號：2258489