面向Mashup应用的隐私保护授权访问方法的研究与设计

发布时间：2018-11-22 14:05

【摘要】：Mashup应用是与Web2.0技术应运而生的聚合服务,它可以通过利用来自于不同后端服务提供的信息源进行融合创建新的服务。然而,在该Mashup应用中建立良好的访问控制模型是极其复杂的。为了实现Mashup应用从不同服务于应用处获取可利用的信息,用户必须遵循Mashup站点提出的任何需求。但这些需求大多在缺乏隐私保护限制和标准的基础上建立的。这样的授权模式严重违反了隐私数据的最小暴露原则,并将用户的隐私非常轻易地暴露给了恶意的Mashup站点,造成隐私信息的泄露或滥用。为了解决这一问题,本文提出了面向Mashup应用的隐私保护的授权访问方法,在该方法中,在授权过程进行之前就根据用户信息不同的隐私敏感度级别将服务提供端的数据进行封装。极大的减小了用户暴露过多信息给Mashup站点的风险。为了使得该服务提供者端信息的封装过程能够自动化进行,我们还给出了数据-用户关系模型来制定数据封装过程中用户信息与相应隐私敏感级别的划分标准。之后,授权文件根据已经制定好的标准封装文件来建立。最后,根据授权文件产生的授权单步还可以根据用户在Mashup站点中的设定决定其在授权完成之后被直接删除还是继续存储以供后续使用。本问提出的隐私保护的授权访问方法是完全以用户为中心的授权访问方法,整个方法主要以用户和服务提供者的角度来进行研究和设计,因为服务提供者是用户信息的第一持有人,也是最了解用户信息隐私敏感度并对该隐私信息具有保护义务和责任的一方。所以,用户的信息封装应该由服务提供者一方来完成。通过该隐私保护的授权访问方法,用户被赋予了监控和管理Mashup应用中所涉及到的个人信息的能力。同时,服务提供方也具备了保护用户隐私信息的能力。在文章最后,通过实际场景的应用实例以及一系列的实验结果来证明该隐私保护的授权访问方法的有效性及高效性,并展示了该方法对Mashup应用未来发展具有的显著推进作用。
[Abstract]:Mashup application is an aggregation service that comes into being with Web2.0 technology. It can create new services by using information sources from different back-end services. However, it is very complicated to establish a good access control model in this Mashup application. In order to obtain the available information from different service applications in Mashup applications, users must follow any requirements put forward by the Mashup site. But most of these needs are based on the lack of privacy protection restrictions and standards. This authorization mode seriously violates the principle of minimum exposure of privacy data, and exposes the privacy of users to malicious Mashup sites very easily, resulting in the disclosure or misuse of privacy information. In order to solve this problem, this paper proposes a privacy protection authorization access method for Mashup applications. Prior to the authorization process, the data of the service provider is encapsulated according to the different levels of privacy sensitivity of the user information. Significantly reduces the risk that users will expose too much information to Mashup sites. In order to automate the encapsulation process of the service provider information, we also present a data-user relationship model to define the classification standard between the user information and the corresponding privacy sensitivity level in the process of data encapsulation. The authorization file is then created according to the standard encapsulation file that has been established. Finally, the authorization generated by the authorization file can also be used to determine whether the user is deleted directly after the authorization is completed or continues to store it for subsequent use based on the user's settings in the Mashup site. The privacy protection authorization access method proposed in this question is a completely user-centered authorization access method. The whole method is mainly studied and designed from the perspective of users and service providers. Because the service provider is the first holder of the user information, it is also the party that knows the privacy sensitivity of the user information and has the duty and responsibility to protect the privacy information. Therefore, the encapsulation of user information should be done by the service provider. Through the privacy protection authorization access method, the user is given the ability to monitor and manage the personal information involved in the Mashup application. At the same time, the service provider also has the ability to protect the user's privacy information. At the end of the paper, the effectiveness and efficiency of the privacy protection authorization access method are proved by the application examples and a series of experimental results, and the significance of the method in promoting the future development of Mashup applications is demonstrated.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP393.08

【参考文献】