面向BPEL的业务安全执行环境设计与实现
发布时间:2018-04-15 19:29
本文选题:Web服务组合 + BPEL安全 ; 参考:《北京邮电大学》2014年硕士论文
【摘要】:随着云计算和Web服务技术的持续升温,Web服务组合也逐渐成为业界关注的重点。Web服务组合是一系列相互独立的Web服务构件的聚集,是将多个Web服务进行组合创建而形成的新的业务流程。BPEL是一种基于XML的业务流程描述语言,用于描述Web服务组合业务流程内部各Web服务构件之间的相互逻辑关系。BPEL可以把各个独立的Web服务通过逻辑控制结构来进行有机组合,让它们共同协作完成复杂的商业逻辑,实现特定的功能。 BPEL业务流程具有松耦合性,其在执行过程中所调用的Web服务构件大部分都是分布于云上的独立功能实体,因此业务开发人员对这些服务构件并没有实际的控制权,更无法预见BPEL业务流程在执行过程中可能遇到的异常和错误。此外,复杂多变的网络通信状况以及BPEL流程的逻辑缺陷都有可能导致其在执行时出现异常,这些错误在设计阶段往往无法检测出来,只有当BPEL流程真正部署到引擎中并执行时才会发现,而目前主流的BPEL引擎针对BPEL业务流程的执行异常并没有有效的检测和监控机制,这就为整个BPEL引擎埋下了安全隐患。 本文设计并实现了一种面向BPEL的业务安全执行环境,该业务安全执行环境将静态检测和动态监控相结合,通过业务部署的静态检测、实例状态的动态监控和流程信息的动态监控,及时发现BPEL引擎中存在安全威胁的流程和实例,并作出预警和控制动作,实时保证整个执行环境的安全稳定。此外,为了适应云计算时代分布式部署的架构,业务安全执行环境采用Spring框架进行构建,既可以内嵌BPEL引擎实现本地一对一的监控,也可以通过配置安全策略文件实现一对多的分布式监控,具有良好的灵活性和扩展性。 本文首先阐述了业务安全执行环境提出的背景和意义,并针对其所涉及的相关技术进行了简单介绍。接着从系统整体目标和典型业务场景出发,进行了需求分析和关键问题的研究。根据分析和研究的结论,对业务安全执行环境的整体架构进行了设计,并重点阐述了关键模块和算法的实现。最后搭建原型系统进行测试,验证了业务安全执行环境的有效性和可靠性,并指出了需要进一步研究和完善的地方。
[Abstract]:With the continuous warming of cloud computing and Web services technology, the composition of web services has gradually become the focus of the industry. The composition of web services is a collection of independent Web service components.A new business process. BPEL is a business process description language based on XML, which is a combination of multiple Web services.It is used to describe the logical relationship among the Web service components within the Web services composition business process. BPEL can combine each independent Web service through the logical control structure to make them work together to complete the complex business logic.Implement specific functions.BPEL business processes are loosely coupled, and most of the Web service artifacts invoked during execution are independent functional entities distributed in the cloud, so business developers have no actual control over these service components.It is also impossible to foresee the exceptions and errors that BPEL business processes may encounter during execution.In addition, complex and changeable network communication conditions and logical flaws in BPEL processes can lead to exceptions at execution, which are often not detected at design time.Only when the BPEL process is deployed to the engine and executed can it be found that the current mainstream BPEL engine does not have an effective detection and monitoring mechanism for the execution exception of the BPEL business process which has laid a security hazard for the whole BPEL engine.In this paper, we design and implement a service security execution environment for BPEL, which combines static detection with dynamic monitoring.The dynamic monitoring of instance state and the dynamic monitoring of process information can detect the process and instance of security threat in the BPEL engine in time, and make early warning and control actions to ensure the security and stability of the whole execution environment in real time.In addition, in order to adapt to the distributed deployment architecture in the cloud computing era, the business security execution environment is constructed with Spring framework, which can be built into BPEL engine to realize local one-to-one monitoring.One-to-many distributed monitoring can also be implemented by configuring security policy files with good flexibility and extensibility.In this paper, the background and significance of business security execution environment are introduced, and the related technologies are briefly introduced.Then, the requirement analysis and the research of key problems are carried out on the basis of the overall goal and the typical business scenario of the system.According to the conclusion of the analysis and research, the overall architecture of the business security execution environment is designed, and the implementation of the key modules and algorithms is emphasized.Finally, a prototype system is built for testing, which verifies the validity and reliability of the business security execution environment, and points out that further research and improvement are needed.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.09
【参考文献】
相关期刊论文 前3条
1 张华;王茜;;面向服务工作流补偿机制的研究与实现[J];东南大学学报(自然科学版);2009年01期
2 陈胜;鲍亮;陈平;胡圣明;王萌;;BPEL流程数据竞争和死锁检测算法研究[J];西安电子科技大学学报;2008年06期
3 刘丽;况晓辉;方兰;许飞;;Web服务故障的分类方法[J];计算机系统应用;2010年08期
相关博士学位论文 前1条
1 尚宗敏;智能流程异常处理的若干关键技术研究[D];山东大学;2009年
,本文编号:1755469
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/1755469.html