Web服务组合隐私信息流分析方法研究
发布时间:2018-11-23 15:25
【摘要】:随着计算机技术的迅速发展,Web服务组合越来越广泛的应用于互联网中。用户在使用服务组合时需要提供一些个人隐私信息来完成必要的业务功能,确保服务组合在满足用户功能性需求的前提下,保障用户的隐私信息是服务组合隐私保护的关键性问题。因此在Web服务组合的设计阶段,需要一种隐私分析和验证方法来保证服务组合中的隐私信息安全。信息流分析方法是一种通过使用信息流策略保障系统端到端的信息传输安全性的方法,本文提出一种信息流分析方法对服务组合的隐私数据进行保护,从而保障用户的隐私信息安全。本文的主要内容如下:(1)提出Web服务组合隐私策略形式化规约方法。使用隐私数据项依赖图模型构造服务组合中隐私数据项间的依赖关系;提出基于隐私数据使用目的的格模型对隐私策略进行规约。(2)提出Web服务组合隐私行为建模与验证方法。该方法采用隐私开放工作流网模型对BPEL的隐私行为进行建模,并将信息流的无干扰性属性转化为隐私开放工作流网的基于库所的无干扰性,通过分析隐私开放工作流网中的基于库所的无干扰性属性,验证服务组合的隐私行为是否满足隐私策略的规约。(3)设计并实现了服务组合隐私信息流分析与验证原型工具。利用该工具对服务组合的隐私行为进行细粒度的信息流分析和验证,最后通过网络购物服务组合的案例说明了所提出的理论和方法的有效性。
[Abstract]:With the rapid development of computer technology, Web services composition is more and more widely used in the Internet. When using service composition, users need to provide some personal privacy information to complete the necessary business functions, and ensure that the service composition meets the functional requirements of users. Protecting user's privacy information is the key problem of service composition privacy protection. Therefore, in the design phase of Web service composition, a privacy analysis and verification method is needed to ensure the security of privacy information in service composition. The information flow analysis method is a method to ensure the end-to-end information transmission security of the system by using the information flow strategy. In this paper, an information flow analysis method is proposed to protect the privacy data of the service composition. In order to protect the user's privacy information security. The main contents of this paper are as follows: (1) A formal specification method of Web service composition privacy policy is proposed. The dependence relationship between privacy data items in service composition is constructed by using privacy item dependency graph model. A lattice model based on the purpose of using privacy data is proposed to regulate privacy policy. (2) A modeling and verification method for privacy behavior of Web services composition is proposed. The privacy behavior of BPEL is modeled by the privacy open workflow net model, and the non-interference attribute of the information flow is transformed into the non-interference property based on the library of the privacy open workflow net. By analyzing the non-interference properties of the library based on the privacy open workflow network, the privacy behavior of the service composition is verified to satisfy the privacy policy specification. (3) A prototype tool for the analysis and verification of the privacy information flow of the service composition is designed and implemented. Using this tool, the privacy behavior of service composition is analyzed and verified by fine-grained information flow. Finally, the effectiveness of the proposed theory and method is illustrated by a case study of online shopping service composition.
【学位授予单位】:南京航空航天大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309;TP393.09
本文编号:2351900
[Abstract]:With the rapid development of computer technology, Web services composition is more and more widely used in the Internet. When using service composition, users need to provide some personal privacy information to complete the necessary business functions, and ensure that the service composition meets the functional requirements of users. Protecting user's privacy information is the key problem of service composition privacy protection. Therefore, in the design phase of Web service composition, a privacy analysis and verification method is needed to ensure the security of privacy information in service composition. The information flow analysis method is a method to ensure the end-to-end information transmission security of the system by using the information flow strategy. In this paper, an information flow analysis method is proposed to protect the privacy data of the service composition. In order to protect the user's privacy information security. The main contents of this paper are as follows: (1) A formal specification method of Web service composition privacy policy is proposed. The dependence relationship between privacy data items in service composition is constructed by using privacy item dependency graph model. A lattice model based on the purpose of using privacy data is proposed to regulate privacy policy. (2) A modeling and verification method for privacy behavior of Web services composition is proposed. The privacy behavior of BPEL is modeled by the privacy open workflow net model, and the non-interference attribute of the information flow is transformed into the non-interference property based on the library of the privacy open workflow net. By analyzing the non-interference properties of the library based on the privacy open workflow network, the privacy behavior of the service composition is verified to satisfy the privacy policy specification. (3) A prototype tool for the analysis and verification of the privacy information flow of the service composition is designed and implemented. Using this tool, the privacy behavior of service composition is analyzed and verified by fine-grained information flow. Finally, the effectiveness of the proposed theory and method is illustrated by a case study of online shopping service composition.
【学位授予单位】:南京航空航天大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309;TP393.09
【参考文献】
相关期刊论文 前6条
1 吴泽智;陈性元;杨智;杜学绘;;信息流控制研究进展[J];软件学报;2017年01期
2 刘莹;;矛与盾的交锋——大数据背景下的隐私泄露现状研究[J];法制与社会;2015年36期
3 贾哲;黄志球;王珊珊;沈国华;柯昌博;;支持本体推理的P3P隐私策略冲突检测研究[J];计算机科学与探索;2013年01期
4 刘林源;李清;祝义;周航;肖芳雄;黄志球;;Web服务组合中的隐私需求规约与验证[J];解放军理工大学学报(自然科学版);2012年01期
5 李景霞,侯紫峰;Web服务组合综述[J];计算机应用研究;2005年12期
6 岳昆,王晓玲,周傲英;Web服务核心支撑技术:研究综述[J];软件学报;2004年03期
,本文编号:2351900
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2351900.html
