發(fā)布時間：2018-04-17 13:14

  本文選題：協(xié)同設(shè)計 + 訪問控制�。� 參考：《太原科技大學》2014年碩士論文

【摘要】：網(wǎng)絡(luò)化協(xié)同設(shè)計(CSCD，CSCW in Design)是計算機支持的協(xié)同工作在產(chǎn)品設(shè)計領(lǐng)域的重要應(yīng)用技術(shù)。協(xié)同設(shè)計支持多個時間上分離，空間上分布，工作上又相互依賴的協(xié)同設(shè)計成員間的相互協(xié)作。在設(shè)計過程中，設(shè)計任務(wù)狀態(tài)是動態(tài)變化的，任務(wù)操作之間具有任務(wù)狀態(tài)遷移和依賴約束的特點。協(xié)同設(shè)計系統(tǒng)必須保證合法用戶在恰當?shù)娜蝿?wù)時間段具備動態(tài)訪問和操作對象的能力。與設(shè)計任務(wù)狀態(tài)關(guān)聯(lián)的協(xié)同設(shè)計過程動態(tài)訪問控制成為協(xié)同設(shè)計管理的重要研究內(nèi)容之一。 訪問控制技術(shù)主要包括基于角色的訪問控制（Role Based Access Control， RBAC）、基于任務(wù)的訪問控制（Task Based Access Control， TBAC）、基于屬性的訪問控制（Attribute BasedAccess Control，ABAC）。RBAC適用于系統(tǒng)相對穩(wěn)定的靜態(tài)訪問控制，但是對于復(fù)雜的分布式環(huán)境，缺乏對主客體的動態(tài)描述以及對上下文環(huán)境的關(guān)聯(lián)。TBAC不能夠細粒度的實現(xiàn)分布式環(huán)境下的訪問控制問題。與其它訪問控制模型相比，ABAC能夠解決開放網(wǎng)絡(luò)環(huán)境下資源保護所面臨的細粒度問題以及網(wǎng)絡(luò)系統(tǒng)所面臨的大規(guī)模用戶問題。本文對基于屬性訪問控制進行擴展，，應(yīng)用于協(xié)同設(shè)計訪問控制中，主要工作如下。 （1）在分析了網(wǎng)絡(luò)化產(chǎn)品協(xié)同設(shè)計訪問控制中所具有的設(shè)計任務(wù)狀態(tài)遷移與依賴約束關(guān)系特點基礎(chǔ)上，提出了基于屬性擴展的ABAC訪問控制模型CSCD—ABAC模型，給出了模型中的設(shè)計主體、設(shè)計客體、設(shè)計環(huán)境以及設(shè)計動作之間的形式化描述，定義了訪問控制規(guī)則以及訪問控制策略。通過引入任務(wù)實例DTI，將任務(wù)實例狀態(tài)遷移對訪問權(quán)限的影響，動態(tài)描述為ABAC的上下文環(huán)境屬性，通過環(huán)境屬性的變化，來動態(tài)確定訪問控制權(quán)限。將任務(wù)實例中設(shè)計任務(wù)間的依賴約束關(guān)系，描述為權(quán)限分配的策略判定規(guī)則，從而能夠適應(yīng)協(xié)同設(shè)計訪問控制權(quán)限動態(tài)變化的特點，能夠較好的解決協(xié)同設(shè)計過程中的動態(tài)訪問控制問題。 （2）在對模型訪問控制流程分析的基礎(chǔ)上，對ABAC擴展模型中的策略執(zhí)行點PEP、策略判定點PDP、策略管理點PAP以及策略信息點PIP等各個功能模塊進行詳細設(shè)計，給出各功能單元的工作流程形式化描述。同時對于屬性存儲、判定規(guī)則描述以及判定過程進行研究。 （3）在Web Service開源環(huán)境下，用SOAP協(xié)議，結(jié)合SAML、XACML在客戶端通過SOAP來遠程調(diào)用Web Service服務(wù)。實現(xiàn)了屬性、規(guī)則的創(chuàng)建、以及PEP、PDP的執(zhí)行策略，進行了測試與驗證。
[Abstract]:CSCD / CSCW in Design is an important application technology of computer supported collaborative work in the field of product design.Collaborative design supports the cooperation of multiple collaborative design members, which are separated in time, distributed in space, and interdependent in work.In the design process, the design task state is dynamic, and the task operation has the characteristics of task state migration and dependency constraints.Collaborative design systems must ensure that legitimate users have the ability to access and manipulate objects dynamically at the appropriate task time.Dynamic access control of collaborative design process associated with design task state has become one of the important research contents of collaborative design management.Access control techniques include role Based Access control, task-based access control Based Access control, attribute-based access control, attribute BasedAccess control, ABAC. RBAC is suitable for static access control, which is relatively stable in the system.However, for complex distributed environments, there is a lack of dynamic description of the subject and object and the relevance of context. TBAC can not implement access control problem in distributed environment with fine granularity.Compared with other access control models, ABAC can solve the fine-grained problem of resource protection in open network environment and the large-scale user problem faced by network system.In this paper, attribute based access control is extended and applied to collaborative design access control. The main work is as follows.1) based on the analysis of the characteristics of design task state migration and dependency constraint in networked product collaborative design access control, the CSCD-ABAC model of ABAC access control model based on attribute extension is proposed.The formal description of the design subject, the design object, the design environment and the design action in the model is given, and the access control rules and access control policies are defined.By introducing the task instance, the influence of task instance state migration on access rights is dynamically described as the context attribute of ABAC, and the access control authority is dynamically determined by the change of environment attribute.This paper describes the dependency constraints between tasks in a task instance as a policy decision rule for privilege allocation, which can adapt to the dynamic change of access control rights in collaborative design.It can solve the problem of dynamic access control in collaborative design process.2) based on the analysis of the model access control flow, the function modules such as the policy execution point, the policy decision point, the policy management point PAP and the policy information point PIP in the extended ABAC model are designed in detail.The formal description of the workflow of each function unit is given.At the same time, the attribute storage, the description of decision rules and the process of decision are studied.In the open source environment of Web Service, the Web Service service is called remotely by the client through SOAP with the SOAP protocol and the SAMLO XACML.Property, rule creation, and PEPPDP execution strategy are implemented, tested and verified.
【學位授予單位】：太原科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 徐洪學;;一種面向協(xié)同設(shè)計系統(tǒng)的訪問控制模型[J];東北大學學報(自然科學版);2007年12期

2 王小明,趙宗濤,馬建峰;基于承諾-擔保的訪問控制模型[J];電子學報;2003年08期

3 邢光林;洪帆;;基于角色和任務(wù)的工作流授權(quán)模型及約束描述[J];計算機研究與發(fā)展;2005年11期

4 葉春曉;吳中福;符云清;鐘將;馮永;;基于屬性的擴展委托模型[J];計算機研究與發(fā)展;2006年06期

5 宋海剛,陳學廣;計算機支持的協(xié)同工作(CSCW)發(fā)展述評[J];計算機工程與應(yīng)用;2004年01期

6 許峰;林果園;黃皓;;Web Services的訪問控制研究綜述[J];計算機科學;2005年02期

7 郭銀章;曾建潮;;基于TRBAC混合模型的協(xié)同設(shè)計過程動態(tài)訪問控制[J];計算機集成制造系統(tǒng);2012年02期

8 王雅哲;馮登國;;一種XACML規(guī)則沖突及冗余分析方法[J];計算機學報;2009年03期

9 沈海波,洪帆;訪問控制模型研究綜述[J];計算機應(yīng)用研究;2005年06期

10 李成鍇,dislab.nju.edu.cn,詹永照,茅兵,謝立;基于角色的CSCW系統(tǒng)訪問控制模型[J];軟件學報;2000年07期

本文編號：1763752