【摘要】：Mashup應(yīng)用是與Web2.0技術(shù)應(yīng)運而生的聚合服務(wù),它可以通過利用來自于不同后端服務(wù)提供的信息源進行融合創(chuàng)建新的服務(wù)。然而,在該Mashup應(yīng)用中建立良好的訪問控制模型是極其復(fù)雜的。為了實現(xiàn)Mashup應(yīng)用從不同服務(wù)于應(yīng)用處獲取可利用的信息,用戶必須遵循Mashup站點提出的任何需求。但這些需求大多在缺乏隱私保護限制和標準的基礎(chǔ)上建立的。這樣的授權(quán)模式嚴重違反了隱私數(shù)據(jù)的最小暴露原則,并將用戶的隱私非常輕易地暴露給了惡意的Mashup站點,造成隱私信息的泄露或濫用。 為了解決這一問題,本文提出了面向Mashup應(yīng)用的隱私保護的授權(quán)訪問方法,在該方法中,在授權(quán)過程進行之前就根據(jù)用戶信息不同的隱私敏感度級別將服務(wù)提供端的數(shù)據(jù)進行封裝。極大的減小了用戶暴露過多信息給Mashup站點的風(fēng)險。為了使得該服務(wù)提供者端信息的封裝過程能夠自動化進行,我們還給出了數(shù)據(jù)-用戶關(guān)系模型來制定數(shù)據(jù)封裝過程中用戶信息與相應(yīng)隱私敏感級別的劃分標準。之后,授權(quán)文件根據(jù)已經(jīng)制定好的標準封裝文件來建立。最后,根據(jù)授權(quán)文件產(chǎn)生的授權(quán)單步還可以根據(jù)用戶在Mashup站點中的設(shè)定決定其在授權(quán)完成之后被直接刪除還是繼續(xù)存儲以供后續(xù)使用。 本問提出的隱私保護的授權(quán)訪問方法是完全以用戶為中心的授權(quán)訪問方法,整個方法主要以用戶和服務(wù)提供者的角度來進行研究和設(shè)計,因為服務(wù)提供者是用戶信息的第一持有人,也是最了解用戶信息隱私敏感度并對該隱私信息具有保護義務(wù)和責(zé)任的一方。所以,用戶的信息封裝應(yīng)該由服務(wù)提供者一方來完成。通過該隱私保護的授權(quán)訪問方法,用戶被賦予了監(jiān)控和管理Mashup應(yīng)用中所涉及到的個人信息的能力。同時,服務(wù)提供方也具備了保護用戶隱私信息的能力。在文章最后,通過實際場景的應(yīng)用實例以及一系列的實驗結(jié)果來證明該隱私保護的授權(quán)訪問方法的有效性及高效性,并展示了該方法對Mashup應(yīng)用未來發(fā)展具有的顯著推進作用。
[Abstract]:Mashup application is an aggregation service that comes into being with Web2.0 technology. It can create new services by using information sources from different back-end services. However, it is very complicated to establish a good access control model in this Mashup application. In order to obtain the available information from different service applications in Mashup applications, users must follow any requirements put forward by the Mashup site. But most of these needs are based on the lack of privacy protection restrictions and standards. This authorization mode seriously violates the principle of minimum exposure of privacy data, and exposes the privacy of users to malicious Mashup sites very easily, resulting in the disclosure or misuse of privacy information. In order to solve this problem, this paper proposes a privacy protection authorization access method for Mashup applications. Prior to the authorization process, the data of the service provider is encapsulated according to the different levels of privacy sensitivity of the user information. Significantly reduces the risk that users will expose too much information to Mashup sites. In order to automate the encapsulation process of the service provider information, we also present a data-user relationship model to define the classification standard between the user information and the corresponding privacy sensitivity level in the process of data encapsulation. The authorization file is then created according to the standard encapsulation file that has been established. Finally, the authorization generated by the authorization file can also be used to determine whether the user is deleted directly after the authorization is completed or continues to store it for subsequent use based on the user's settings in the Mashup site. The privacy protection authorization access method proposed in this question is a completely user-centered authorization access method. The whole method is mainly studied and designed from the perspective of users and service providers. Because the service provider is the first holder of the user information, it is also the party that knows the privacy sensitivity of the user information and has the duty and responsibility to protect the privacy information. Therefore, the encapsulation of user information should be done by the service provider. Through the privacy protection authorization access method, the user is given the ability to monitor and manage the personal information involved in the Mashup application. At the same time, the service provider also has the ability to protect the user's privacy information. At the end of the paper, the effectiveness and efficiency of the privacy protection authorization access method are proved by the application examples and a series of experimental results, and the significance of the method in promoting the future development of Mashup applications is demonstrated.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2015
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前2條

1 LIU XuanZhe;HUANG Gang;ZHAO Qi;MEI Hong;BLAKE M.Brian;;iMashup:a mashup-based framework for service composition[J];Science China(Information Sciences);2014年01期

2 鄭曉光,鐵玲,諸鴻文;LDAP目錄服務(wù)的身份認證機制研究[J];信息安全與通信保密;2004年01期

，

本文編號：2349582