Web协同工作流的交互行为安全验证方法研究及应用
发布时间:2018-08-04 22:13
【摘要】:随着Web技术的快速发展,多角色的协同交互成为Web工作流系统的重要特征。针对Web协同工作流系统的用户交互行为,其界面与元素通常不仅受到基于角色的静态授权约束,还受到运行时语境的动态控制,因此必须进行安全验证。传统的验证工具,比如Selenium可以针对独立的业务流程,进行访问控制的自动化验证,但是缺乏针对Web工作流系统协同交互行为的安全验证方法。基于一个社区服务的Web协同工作流系统进行安全验证的需求,本文提出一种基于关键字驱动的协同任务调度(Keyword Driven Collaborative Tasks Scheduling,KDCTS)模型,并基于该模型设计了自动化测试框架,将其应用到实际的Web项目中,实现Web工作流协同交互行为的自动化测试及安全验证。本文首先介绍了能够实现多角色协同任务自动化测试的相关技术,并对Web多角色系统的工作流进行安全性验证需求分析。然后针对Web协同工作流系统中自动化测试的难点,采用关键字驱动思想分解任务,设计了一种面向协同工作流的KDCTS任务调度模型,该模型基于关键字的依赖配置,采用动态代理技术在任务对象中动态织入同步逻辑,实现了测试任务的协同调度。在该调度模型的基础上,本文设计了一个面向协同工作流系统的自动化测试框架,该框架采用关键字驱动,支持任务依赖的配置与解析,支持分布式的协同测试,测试脚本具备较好的复用性,最后在实际项目中进行了安全验证与分析。最后通过验证表明KDCTS模型及其测试框架实现,能够有效实现对Web协同工作流系统交互行为的自动化测试及安全验证,同时在复用性和易用性方面具有较好的表现。
[Abstract]:With the rapid development of Web technology, multi-role collaborative interaction has become an important feature of Web workflow system. For the user interaction behavior of Web collaborative workflow system, its interface and elements are not only restricted by role-based static authorization, but also dynamically controlled by runtime context, so security verification must be carried out. Traditional verification tools, such as Selenium, can automate the verification of access control for independent business processes, but there is a lack of security verification methods for collaborative interactions in Web workflow systems. Based on the requirement of a community service Web collaborative workflow system for security verification, this paper proposes a keyword-driven collaborative task scheduling (Keyword Driven Collaborative Tasks scheduling model, and designs an automated testing framework based on this model. It is applied to the actual Web project to realize the automated testing and security verification of collaborative interaction behavior of Web workflow. This paper first introduces the related technologies that can realize the automated testing of multi-role cooperative task, and analyzes the security verification requirements of the workflow of Web multi-role system. Then, aiming at the difficulties of automated testing in Web collaborative workflow system, a KDCTS task scheduling model for collaborative workflow is designed by using keyword driven decomposition method. The model is based on keyword dependent configuration. The synchronization logic is dynamically woven into the task object by using dynamic agent technology, and the cooperative scheduling of test task is realized. Based on the scheduling model, this paper designs an automated testing framework for collaborative workflow system. The framework uses keyword driven, supports task dependent configuration and parsing, and supports distributed collaborative testing. The test script has good reusability. Finally, the security verification and analysis are carried out in the actual project. Finally, it is proved that the KDCTS model and the implementation of its testing framework can effectively realize the automated testing and security verification of the interaction behavior of the Web collaborative workflow system. At the same time, it has a good performance in the aspects of reusability and ease of use.
【学位授予单位】:南京理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
[Abstract]:With the rapid development of Web technology, multi-role collaborative interaction has become an important feature of Web workflow system. For the user interaction behavior of Web collaborative workflow system, its interface and elements are not only restricted by role-based static authorization, but also dynamically controlled by runtime context, so security verification must be carried out. Traditional verification tools, such as Selenium, can automate the verification of access control for independent business processes, but there is a lack of security verification methods for collaborative interactions in Web workflow systems. Based on the requirement of a community service Web collaborative workflow system for security verification, this paper proposes a keyword-driven collaborative task scheduling (Keyword Driven Collaborative Tasks scheduling model, and designs an automated testing framework based on this model. It is applied to the actual Web project to realize the automated testing and security verification of collaborative interaction behavior of Web workflow. This paper first introduces the related technologies that can realize the automated testing of multi-role cooperative task, and analyzes the security verification requirements of the workflow of Web multi-role system. Then, aiming at the difficulties of automated testing in Web collaborative workflow system, a KDCTS task scheduling model for collaborative workflow is designed by using keyword driven decomposition method. The model is based on keyword dependent configuration. The synchronization logic is dynamically woven into the task object by using dynamic agent technology, and the cooperative scheduling of test task is realized. Based on the scheduling model, this paper designs an automated testing framework for collaborative workflow system. The framework uses keyword driven, supports task dependent configuration and parsing, and supports distributed collaborative testing. The test script has good reusability. Finally, the security verification and analysis are carried out in the actual project. Finally, it is proved that the KDCTS model and the implementation of its testing framework can effectively realize the automated testing and security verification of the interaction behavior of the Web collaborative workflow system. At the same time, it has a good performance in the aspects of reusability and ease of use.
【学位授予单位】:南京理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【相似文献】
相关期刊论文 前9条
1 胡宁;底恒;;Web Service消息安全验证机制[J];开封大学学报;2006年04期
2 徐和祥;张永忠;胡运发;;一种安全验证模式下Deep Web爬虫的研究[J];计算机应用与软件;2010年05期
3 白雪;吴长江;杨e,
本文编号:2165329
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2165329.html
