基于SOA的访问控制研究与应用
发布时间:2018-10-09 07:30
【摘要】:随着生物信息学的发展、后基因组学时代的来临,医疗、生命科学的研究越来越需要一个完善的生物样本库的支撑。一个基于多领域、多机构、分布式的生物样本库信息管理系统也呼之欲出。目前国内的生物样本库信息管理系统还停留在小规模、封闭式的管理模式之上,各机构之间的生物样本信息不能互通,研究资源不能充分利用。造成需要研究资源的机构没有样本可用,而研究力量薄弱的机构有样本不能很好地管理或利用,这样的样本分布不均衡给生物、医学领域带来很大的损失。 本文基于上述基本情况,提出利用SOA架构,建设一个本地管理、多机构合作、区域共享的生物样本库信息管理系统。利用SOA架构的开放性、松散耦合性等优点有效解决目前样本库管理分散和管理混乱的现实情况。 SOA的开发性、松散耦合的特点给BIMS带来了革命性的进步,但是也给BIMS系统的安全性带来了隐患。 SOA架构下的系统是一个分布式的系统,在SOA架构下,资源处于不同的安全域中,通过企业服务总线进行连接,资源不属于一个统一的管理中心,而一个服务要能够与不同的安全域进行对话,这就要求访问控制能够克服这种分布性,使请求能够在不同系统中自由流动,提供访问控制执行服务和通用的访问控制决策服务。自主访问控制模型、强制访问控制模型和基于角色的访问控制模型等传统模型采用的执行和决策单元应用到SOA架构中会将系统的安全逻辑和业务逻辑紧密结合,,破坏SOA松耦合性的特点,失去了SOA架构的意义,因此这些传统的访问访问控制模型都不能为SOA架构下访问控制策略提供支持。 一个系统的安全性是其赖以存在的基本所在,没有可靠的安全策略,BIMS系统根本无法在医疗科研领域立足。本文基于ABAC、RBAC模型,分析系统在SOA架构下访问控制的特点,引入RABAC访问控制模型,提出面向服务的基于角色-属性的安全访问控制模型RABAC新的概念。定义了模型的关系、规则、约束条件,介绍了模型的构成,并对模型的复杂度和特点进行了分析,充分证明RABAC模型对于RBAC和ABAC模型的优越性和对SOA架构的适应性。 文章最后通过介绍RABAC实现的技术基础、实现框架和流程,阐述了RABAC模型在基于SOA框架的样本库信息管理系统中的应用,实证了RABAC模型的优势,证明了RABAC模型在保障生物样本库的信息系统安全的可行性。整篇论文为基于SOA架构的系统安全奠定了基础,也为RABAC模型的推广做了一个很好的表率。
[Abstract]:With the development of bioinformatics and the coming of post-genomics, the research of medical and life sciences needs a perfect biological sample library. A multi-domain, multi-organization, distributed biological sample database information management system is also coming forward. At present, the domestic information management system of biological sample database is still on a small scale, closed management mode, the biological sample information between institutions can not be exchanged, research resources can not be fully utilized. As a result, there are no samples available to the institutions that need research resources, while those with weak research power can not be well managed or utilized. Such uneven distribution of samples brings great losses in the field of medicine. Based on the above basic situation, this paper proposes to construct a local management, multi-agency cooperation and regional sharing information management system of biological sample base using SOA architecture. Using the advantages of open and loose coupling of SOA architecture, we can effectively solve the current situation of decentralized and chaotic management of sample base. The development and loose coupling of SOA bring revolutionary progress to BIMS, but also bring hidden trouble to the security of BIMS system. The system under the SOA architecture is a distributed system. Under the SOA architecture, the resources are in different security domains and connected through the enterprise service bus, so the resources do not belong to a unified management center. A service must be able to communicate with different security domains, which requires that access control can overcome this distribution, enable requests to flow freely in different systems, provide access control execution services and common access control decision services. The execution and decision unit used in traditional models such as autonomous access control model, mandatory access control model and role-based access control model, which are applied to the SOA architecture, will combine the security logic and business logic of the system closely. Because of destroying the loose coupling of SOA and losing the significance of SOA architecture, these traditional access control models can not provide support for access control policy under SOA architecture. The security of a system is the basis of its existence. Without a reliable security policy, BIMS system can not be established in the field of medical research. Based on ABAC,RBAC model, this paper analyzes the characteristics of system access control under SOA architecture, introduces RABAC access control model, and proposes a new concept of Service-Oriented role-based secure access control model (RABAC). The relationship, rules and constraints of the model are defined, and the structure of the model is introduced. The complexity and characteristics of the model are analyzed. The superiority of the RABAC model to the RBAC and ABAC models and the adaptability to the SOA architecture are fully proved. In the end, the paper introduces the technical foundation, the implementation framework and the flow of RABAC implementation, expounds the application of RABAC model in the information management system of sample base based on SOA framework, and demonstrates the advantages of RABAC model. The feasibility of RABAC model in ensuring the information system security of biological sample database is proved. The whole thesis lays a foundation for system security based on SOA architecture, and also makes a good example for the promotion of RABAC model.
【学位授予单位】:上海交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2258489
[Abstract]:With the development of bioinformatics and the coming of post-genomics, the research of medical and life sciences needs a perfect biological sample library. A multi-domain, multi-organization, distributed biological sample database information management system is also coming forward. At present, the domestic information management system of biological sample database is still on a small scale, closed management mode, the biological sample information between institutions can not be exchanged, research resources can not be fully utilized. As a result, there are no samples available to the institutions that need research resources, while those with weak research power can not be well managed or utilized. Such uneven distribution of samples brings great losses in the field of medicine. Based on the above basic situation, this paper proposes to construct a local management, multi-agency cooperation and regional sharing information management system of biological sample base using SOA architecture. Using the advantages of open and loose coupling of SOA architecture, we can effectively solve the current situation of decentralized and chaotic management of sample base. The development and loose coupling of SOA bring revolutionary progress to BIMS, but also bring hidden trouble to the security of BIMS system. The system under the SOA architecture is a distributed system. Under the SOA architecture, the resources are in different security domains and connected through the enterprise service bus, so the resources do not belong to a unified management center. A service must be able to communicate with different security domains, which requires that access control can overcome this distribution, enable requests to flow freely in different systems, provide access control execution services and common access control decision services. The execution and decision unit used in traditional models such as autonomous access control model, mandatory access control model and role-based access control model, which are applied to the SOA architecture, will combine the security logic and business logic of the system closely. Because of destroying the loose coupling of SOA and losing the significance of SOA architecture, these traditional access control models can not provide support for access control policy under SOA architecture. The security of a system is the basis of its existence. Without a reliable security policy, BIMS system can not be established in the field of medical research. Based on ABAC,RBAC model, this paper analyzes the characteristics of system access control under SOA architecture, introduces RABAC access control model, and proposes a new concept of Service-Oriented role-based secure access control model (RABAC). The relationship, rules and constraints of the model are defined, and the structure of the model is introduced. The complexity and characteristics of the model are analyzed. The superiority of the RABAC model to the RBAC and ABAC models and the adaptability to the SOA architecture are fully proved. In the end, the paper introduces the technical foundation, the implementation framework and the flow of RABAC implementation, expounds the application of RABAC model in the information management system of sample base based on SOA framework, and demonstrates the advantages of RABAC model. The feasibility of RABAC model in ensuring the information system security of biological sample database is proved. The whole thesis lays a foundation for system security based on SOA architecture, and also makes a good example for the promotion of RABAC model.
【学位授予单位】:上海交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 关智华;;面向对象架构模式研究[J];佛山科学技术学院学报(自然科学版);2006年01期
2 肖伟平,何宏,谌新年,廖毅;基于XML的Web服务构造动态电子商务[J];湖南工程学院学报(自然科学版);2004年04期
3 傅明;张玮;;基于J2EE开源工作流引擎JBPM的设计实现[J];计算技术与自动化;2008年04期
4 包洁娇;范菁;熊丽荣;;基于EJB的Web Service部署模型的研究[J];计算机与数字工程;2006年03期
5 李荒原,何明德;基于Java的Web服务解决方案的研究[J];计算机应用研究;2004年07期
6 曹宝香;刘阳;;基于中间件的企业计算模型[J];计算机应用研究;2007年02期
7 张红兵;刘明;;云南邮政人力资源管理信息系统的设计与实现[J];昆明冶金高等专科学校学报;2006年05期
8 李兰友;胡诚皓;张春华;;基于SOA和SSH的网络设备管理系统设计与研究[J];南京工程学院学报(自然科学版);2011年04期
9 孙安琪;;电子病历的安全管理策略分析[J];中外医疗;2012年17期
10 姜皇勤;张红旗;任志宇;单棣斌;;组合Web服务访问控制策略合成[J];计算机应用;2012年12期
本文编号:2258489
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2258489.html
