面向Mashup應(yīng)用的隱私保護(hù)授權(quán)訪問方法的研究與設(shè)計(jì)
發(fā)布時(shí)間:2018-11-22 14:05
【摘要】:Mashup應(yīng)用是與Web2.0技術(shù)應(yīng)運(yùn)而生的聚合服務(wù),它可以通過利用來自于不同后端服務(wù)提供的信息源進(jìn)行融合創(chuàng)建新的服務(wù)。然而,在該Mashup應(yīng)用中建立良好的訪問控制模型是極其復(fù)雜的。為了實(shí)現(xiàn)Mashup應(yīng)用從不同服務(wù)于應(yīng)用處獲取可利用的信息,用戶必須遵循Mashup站點(diǎn)提出的任何需求。但這些需求大多在缺乏隱私保護(hù)限制和標(biāo)準(zhǔn)的基礎(chǔ)上建立的。這樣的授權(quán)模式嚴(yán)重違反了隱私數(shù)據(jù)的最小暴露原則,并將用戶的隱私非常輕易地暴露給了惡意的Mashup站點(diǎn),造成隱私信息的泄露或?yàn)E用。 為了解決這一問題,本文提出了面向Mashup應(yīng)用的隱私保護(hù)的授權(quán)訪問方法,在該方法中,在授權(quán)過程進(jìn)行之前就根據(jù)用戶信息不同的隱私敏感度級(jí)別將服務(wù)提供端的數(shù)據(jù)進(jìn)行封裝。極大的減小了用戶暴露過多信息給Mashup站點(diǎn)的風(fēng)險(xiǎn)。為了使得該服務(wù)提供者端信息的封裝過程能夠自動(dòng)化進(jìn)行,我們還給出了數(shù)據(jù)-用戶關(guān)系模型來制定數(shù)據(jù)封裝過程中用戶信息與相應(yīng)隱私敏感級(jí)別的劃分標(biāo)準(zhǔn)。之后,授權(quán)文件根據(jù)已經(jīng)制定好的標(biāo)準(zhǔn)封裝文件來建立。最后,根據(jù)授權(quán)文件產(chǎn)生的授權(quán)單步還可以根據(jù)用戶在Mashup站點(diǎn)中的設(shè)定決定其在授權(quán)完成之后被直接刪除還是繼續(xù)存儲(chǔ)以供后續(xù)使用。 本問提出的隱私保護(hù)的授權(quán)訪問方法是完全以用戶為中心的授權(quán)訪問方法,整個(gè)方法主要以用戶和服務(wù)提供者的角度來進(jìn)行研究和設(shè)計(jì),因?yàn)榉⻊?wù)提供者是用戶信息的第一持有人,也是最了解用戶信息隱私敏感度并對(duì)該隱私信息具有保護(hù)義務(wù)和責(zé)任的一方。所以,用戶的信息封裝應(yīng)該由服務(wù)提供者一方來完成。通過該隱私保護(hù)的授權(quán)訪問方法,用戶被賦予了監(jiān)控和管理Mashup應(yīng)用中所涉及到的個(gè)人信息的能力。同時(shí),服務(wù)提供方也具備了保護(hù)用戶隱私信息的能力。在文章最后,通過實(shí)際場(chǎng)景的應(yīng)用實(shí)例以及一系列的實(shí)驗(yàn)結(jié)果來證明該隱私保護(hù)的授權(quán)訪問方法的有效性及高效性,并展示了該方法對(duì)Mashup應(yīng)用未來發(fā)展具有的顯著推進(jìn)作用。
[Abstract]:Mashup application is an aggregation service that comes into being with Web2.0 technology. It can create new services by using information sources from different back-end services. However, it is very complicated to establish a good access control model in this Mashup application. In order to obtain the available information from different service applications in Mashup applications, users must follow any requirements put forward by the Mashup site. But most of these needs are based on the lack of privacy protection restrictions and standards. This authorization mode seriously violates the principle of minimum exposure of privacy data, and exposes the privacy of users to malicious Mashup sites very easily, resulting in the disclosure or misuse of privacy information. In order to solve this problem, this paper proposes a privacy protection authorization access method for Mashup applications. Prior to the authorization process, the data of the service provider is encapsulated according to the different levels of privacy sensitivity of the user information. Significantly reduces the risk that users will expose too much information to Mashup sites. In order to automate the encapsulation process of the service provider information, we also present a data-user relationship model to define the classification standard between the user information and the corresponding privacy sensitivity level in the process of data encapsulation. The authorization file is then created according to the standard encapsulation file that has been established. Finally, the authorization generated by the authorization file can also be used to determine whether the user is deleted directly after the authorization is completed or continues to store it for subsequent use based on the user's settings in the Mashup site. The privacy protection authorization access method proposed in this question is a completely user-centered authorization access method. The whole method is mainly studied and designed from the perspective of users and service providers. Because the service provider is the first holder of the user information, it is also the party that knows the privacy sensitivity of the user information and has the duty and responsibility to protect the privacy information. Therefore, the encapsulation of user information should be done by the service provider. Through the privacy protection authorization access method, the user is given the ability to monitor and manage the personal information involved in the Mashup application. At the same time, the service provider also has the ability to protect the user's privacy information. At the end of the paper, the effectiveness and efficiency of the privacy protection authorization access method are proved by the application examples and a series of experimental results, and the significance of the method in promoting the future development of Mashup applications is demonstrated.
【學(xué)位授予單位】:北京郵電大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2015
【分類號(hào)】:TP393.08
本文編號(hào):2349582
[Abstract]:Mashup application is an aggregation service that comes into being with Web2.0 technology. It can create new services by using information sources from different back-end services. However, it is very complicated to establish a good access control model in this Mashup application. In order to obtain the available information from different service applications in Mashup applications, users must follow any requirements put forward by the Mashup site. But most of these needs are based on the lack of privacy protection restrictions and standards. This authorization mode seriously violates the principle of minimum exposure of privacy data, and exposes the privacy of users to malicious Mashup sites very easily, resulting in the disclosure or misuse of privacy information. In order to solve this problem, this paper proposes a privacy protection authorization access method for Mashup applications. Prior to the authorization process, the data of the service provider is encapsulated according to the different levels of privacy sensitivity of the user information. Significantly reduces the risk that users will expose too much information to Mashup sites. In order to automate the encapsulation process of the service provider information, we also present a data-user relationship model to define the classification standard between the user information and the corresponding privacy sensitivity level in the process of data encapsulation. The authorization file is then created according to the standard encapsulation file that has been established. Finally, the authorization generated by the authorization file can also be used to determine whether the user is deleted directly after the authorization is completed or continues to store it for subsequent use based on the user's settings in the Mashup site. The privacy protection authorization access method proposed in this question is a completely user-centered authorization access method. The whole method is mainly studied and designed from the perspective of users and service providers. Because the service provider is the first holder of the user information, it is also the party that knows the privacy sensitivity of the user information and has the duty and responsibility to protect the privacy information. Therefore, the encapsulation of user information should be done by the service provider. Through the privacy protection authorization access method, the user is given the ability to monitor and manage the personal information involved in the Mashup application. At the same time, the service provider also has the ability to protect the user's privacy information. At the end of the paper, the effectiveness and efficiency of the privacy protection authorization access method are proved by the application examples and a series of experimental results, and the significance of the method in promoting the future development of Mashup applications is demonstrated.
【學(xué)位授予單位】:北京郵電大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2015
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前2條
1 LIU XuanZhe;HUANG Gang;ZHAO Qi;MEI Hong;BLAKE M.Brian;;iMashup:a mashup-based framework for service composition[J];Science China(Information Sciences);2014年01期
2 鄭曉光,鐵玲,諸鴻文;LDAP目錄服務(wù)的身份認(rèn)證機(jī)制研究[J];信息安全與通信保密;2004年01期
,本文編號(hào):2349582
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2349582.html
最近更新
教材專著
