Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/54011
|
| Title: | 服務導向企業入口網站
Building Security Services Architecture for |
| Authors: | 黃邦平
Huang, Pang Ping |
| Contributors: | 余千智
Yu, Chien Chih
黃邦平
Huang, Pang Ping |
| Keywords: | 服務導向架構
企業入口網站安全
安全服務
Service-Oriented Architecture
Enterprise Portal Security
Security Services |
| Date: | 2010 |
| Issue Date: | 2012-10-24 16:08:59 (UTC+8) |
| Abstract: | 現今企業在建置企業入口網站時,往往面臨到入口網站相關安全標準與技術眾多且繁雜,缺乏一個整合式安全機制建置解決方案來遵從,造成企業在規劃與佈署入口網站之安全性時,產生巨大成本及導入障礙。而服務導向架構概念的出現,其分散性、組合式、標準化之特色,使得企業入口網站安全機制可以在使用網路服務技術的服務導向架構環境中,被當成一種服務呈現,並透過網際網路來公布、發現與利用。
本研究的主要探討分析服務導向架構安全性與安全服務之相關文獻,針對企業入口網站之安全需求與現有安全性基礎結構做整合,提出一個服務導向企業入口網站安全服務架構,並利用二個企業入口網站個案來檢視此架構的安全涵蓋範圍,使企業能將服務導向式安全服務導入企業入口網站整合應用,拉高安全層級,建立一個備受使用者安全信賴的企業入口網站,進而提升企業競爭力。
本研究的成果及效益包括:(1)分析探討企業入口網站在服務導向架構應用下所衍生的不同安全需求(2)提出一個以服務導向企業入口網站為主的安全服務架構。(3)此架構可完整支援服務導向企業入口網站安全功能,並具有因應日後企業安全需求增加的擴充彈性,能持續強化企業入口網站安全性。
To develop Enterprise Portal System, most enterprises always meet the problem of satisfying numerous security standards and dealing with complicated programming languages. It still lacks an integrated security solution which could provide enterprises an easy way to complete this task. Therefore, this technical problem leads to an entrance barrier and significant corresponding cost to enterprises when deploying their portal. Service-Oriented Architecture is a promising framework to improve the situation. Service-Oriented Architecture framework is distributed, combinable, standardized which and develop the security mechanisms security mechanisms in Service-Oriented Architecture environment. Considering the advantage of Service-Oriented Architecture, this study explores the possibility of building Security Services for Service-Oriented Enterprise Portal. This study analyzes Service-Oriented Architecture security and security services. In addition, the authors propose a Service-Oriented security service prototype architecture for enterprise portal to meet its security requirements. This architecture can integrate service-oriented security services into enterprise portal applications and improve security level. Accordingly, it could develop a highly reliable enterprise portal and create a better competitiveness. The work done by this study includes (1) analyzes the security requirements in a service-oriented enterprise portal, (2) proposes a new framework for enterprise portal service-oriented security services, and (3) demonstrate this framework can support complete security functions for enterprise portal, be flexibility to increase security functions for demands in the future and continue to strengthen the enterprise portal security. By considering this new framework, the design a Enterprise Portal System could be more convenient and secure and it will benefit the development of enterprise in the future. |
| Reference: | [1.] 黃朗倩,(民國96年3月8日),台灣網路最毒駭客入侵每天5件亞洲第二,聯合晚報/3版/話題。
[2.] 陳志誠、曾章瑞、劉用貴,2007,「企業入口網站安全議題及強化措施」,資通安全專論T96011。
[3.] 李宜儒,2004,「Web Services應用在企業資訊整合的安全性議題及解決方案之研究」,國立台灣大學資訊管理學研究所碩士論文。
[4.] 余千智, (2002), “第三章網路安全防護方法,“ 電子商務總論, (余千智主編), 第二版, 智勝文化事業有限公司。
[5.] Akram, D., X. D. Chohan, X. Wang, X. Yang and R. Allan, (2005). “A Service Oriented Architecture for Portals Using Portlets.” UK e-Science AHM2005, Nottingham, UK.
[6.] Ammon, R.v., W. Pausch and M. Schimmer, (2005). “Realisation of Service-Oriented Architecture (SOA) Using Enterprise Portal Plattforms taking the Example of Multi-Channel Sales in Banking Domains.” Wirtschaftsinformatik 2005, Ferstl et al. (Publ.), Heidelberg, Physica-Verlag, 1503-1518
[7.] Baker, W., M. Goudie, A. Hutton, C.D. Hylender, J. Niemantsverdriet, C. Novak, D. Ostertag, C. Porter, M. Rosen, B. Sartin, P. Tippertt, (2010). ”2010 Data Breach Investigations report.” retrieved December 2010 from http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf.
[8.] Benbya, H., G. Passiante, and N. Belbaly, (2004). “Corporate portal: a tool for knowledge management synchronization”, International Journal of Information Management, 243: 201-220.
[9.] Beznosov, K., D.J. Flinn, S. Kawamoto, and B. Hartman, (2005) "Introduction to Web services and their security," Information Security Technical Report, 10(1): 2-14.
[10.] Boehmer, W. (2008). “Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001.” The Second International Conference on Emerging Security Information, Systems and Technologies, 224-231.
[11.] Breu, K. and C. J. Hemingway, (2001). “Creating the Agile Workforce.” Cranfield School of Management and Microsoft.
[12.] Buecker, A., P. Ashley, M. Borrett, M. Lu, S. Muppidi, and N. Readshaw, (2007). “Understanding SOA Security Design and Implementation,” IBM Redbook Publication.
[13.] Chan, E. H. W. and C. Liu, (2007). “Corporate Portals as Extranet Support for the Construction Industry in Hong Kong and Nearby Regions of China.” ITConb, 12: 181-192.
[14.] Chappell, D. A. and T. Jewell, (2002). “Java Web Services,” O’REILLY Publications Co.
[15.] Collins, H., (2003). “Enterprise Knowledge Portals: Next-Generation Portal Solutions for Dynamic Information Access, Better Decision Making, and Maximum Results.” American Management Association(AMACOM). 430.
[16.] Daniel, E. M. and J. M. Ward, (2005). “Enterprise Portals: Addressing the Organisational and Individual Perspectives of Information Systems.” Proceedings of the 13th European Conference on Information Systems (ECIS 05) Regensburg, Germany., 26-28.
[17.] Deltor, B., (2000). “The Corporate Portal as Information Infrastructure: Towards a Framework for Portal Design.” International Journal of Information Management, 20(2): 91-101.
[18.] Dias, C., (2001). “Corporate Portals: A Literature Review of a New Concept in Information Management.” International Journal of Information Management, 21: 269-287.
[19.] Ferguson, D.F. and M. L. Stockton (2005). “Service-Oriented Architecture: Programming Model and Product Architecture.” IBM Systems Journal, 44(4): 753–780.
[20.] Firestone, J. M., (2003). “Enterprise Information Portals and Knowledge Management.” KMCI Press/Butterworth-Heinemann, Burlington, MA.
[21.] Fisher, R., (1984). “Information Systems Security.” Prentice-Hall.
[22.] Gable, J. (2004), “Innovations in Information Management Technologies.” Information Management Journal, 38(1): 28-34.
[23.] Gartner. (2007). “Gartner Says Worldwide Portals, Process and Middleware Market Revenue Increased 16 Percent in 2006,” in Nashville, Tenn, Press Release. retrieved December 2010 from http://www.gartner.com/it/page.jsp?id=506881.
[24.] Gollmann, D., (2006). “Computer Security, 2nd edition.” John Wiley and Sons, Inc.
[25.] Haas, H. and A. Brown, "Web Services Glossary," retrieved June 2008 from http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/.
[26.] Hafner, M. and R. Breu, (2008). “Security Engineering for Service-Oriented Architectures.” Springer, Berlin.
[27.] Hafner, M., (2009). “SeAAS-A Reference Architecture for Security Services in SOA.” J.UCS Journal of Universal Computer Science, 15(15): 2916.
[28.] Hall, C., (2000). “Enterprise Information Portals: Hot Air or Hot Technology,” Cutter Information Corp., retrieved March 2010 from http://researchindex.techrepublic.com/data/detail?id=948217627_569&type=RES&x=1392576421
[29.] Kearney, P., “An Overview of Web Services Security,” BT Technology Journal, 22(1): 27-42.
[30.] Kim, Y. J, A. Chaudhury, and H. R. Rao, (2002). “A Knowledge Management Perspective to Evaluation of Enterprise Portals.” Knowledge and Process Management, 9(2): 57-71.
[31.] Kotorov, R., E. Hsu, (2001). “A model for enterprise portal management. Journal of Knowledge Management.” 5(1): 86-93.
[32.] Krafzig, D., K. Banke, and D. Slama, (2005). “Enterprise SOA: Service Oriented Architecture Best Practices,” Prentice-Hall.
[33.] Lillywhite, T. (1999), "How to protect your information – an introduction to BS7799." Management Services, 43(1): 20-21.
[34.] Lim, B., Y. Sun, and J. Vila, (2004). “Incorporating WS-Security into a Web services-based Portal,” Information Management & Computer Security, 12(3): 206-217.
[35.] Mack, R., Y. Ravin, and R. J. Byrd, (2001). “Knowledge Portals and The Emerging Digital Knowledge Workplace.” IBM Systems Journal, 40(4): 925-955.
[36.] MacKenzie, C.M., K. Laskey, F. McCabe, P.F. Brown, R. Metz, (2006) "OASIS-Reference Model for Service Oriented Architecture 1.0.” Committee Specification 1.
[37.] Mahmoud, Q. (2005). “Service-Oriented Architecture (SOA) and Web Services: The Road to Enterprise Application Integration (EAI).” retrieved April 2010 from http://java.sun.com/developer/technicalArticles/We-bServices/soa/
[38.] Microsoft. (2009). "什麼是服務導向架構 (SOA)?" retrieved April 2010 fromhttp://www.microsoft.com/taiwan/soa/about/whatis.htm.
[39.] Murray, G., (1999). "The Portal is the Desktop," Intraspect, Inc., Los Altos, CA.
[40.] Natis, Y.V. (2003). "Service-Oriented Architecture Scenario," Gartner ID AV-19-6751.
[41.] Neto, M., C. A., Fernandes, A. S. Ferreira, and L. M. Fernandes, (2010). “Enterprise Information Portals: Potential for Evaluating Research for Knowledge Management and Human Capital Assets Using Social Network Analysis.” 11th European Conference on Knowledge Management(ECKM 2010).
[42.] OASIS. (2006). “Reference Model for Service Oriented Architecture 1.0,” retrieved April 2008 from http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf.
[43.] Opincaru, C. and G. Gheorghe, (2009). “Service Oriented Security Architecture.” Enterprise Modelling and Information Systems Architectures Journal, 4(1): 39–48.
[44.] Orrin, S. (2007). “The SOA/XML Threat Model and New XML/SOA/Web 2.0 Attacks & Threats.“, RSACONFERENCE 2008. retrieved December 2010 from http://www.lsec.be/upload_directories/documents/RSAConference2008/pdf/DEV-302.pdf
[45.] Papazoglou, M.P., P. Traverso, S. Dustdar, and F. Leymann, (2008) “Service-Oriented Computing: a Research Roadmap,” International Journal of Cooperative Information Systems, 17(2): 223–255.
[46.] Payne, K. P. and J. Kamruzzman, (2007). ”Services Oriented Architecture for Legal Web Portal.” 6th IEEE/ACIS International Conference on Computer and Information Science.
[47.] Peterson, G. (2005). “Service Oriented Security Architecture.” Information Security Bulletin.
[48.] Phifer, G. (2005). "A Portal May Be Your First Step to Leverage SOA," Gartner ID G00130149.
[49.] Priebe, T., G. Pernul, (2003) “Towards Integrative Enterprise Knowledge Portals.” Twelfth International Conference on Information and Knowledge Management (CIKM 2003), New Orleans, LA, USA.
[50.] Pulier, E. and H. Taylor (2006). Understanding Enterprise SOA. Manning Publications Co.
[51.] Raol, J. M., K. S. Koong, L. C. Liu, and C. S. Yu, (2002). “An Identification and Classification of Enterprise Portal Functions and Features.” Industrial Management + Data Systems, 102(7): 390-399.
[52.] Ratnasingam, P., (2002). “The Importance of Technology Trust in Web Services Security,” Information Management & Computer Security, 10(5):255-260.
[53.] Sedukhin, I. (2003). “End-to-End Security for Web Services and Services Oriented Architectures.” Computer Associates, Inc.
[54.] Sidharth, N. and J. Liu, (2007). “IAPF: A framework for enhancing web services security,” in 31st Annual International Computer Software and Applications Conference (COMPSAC), Beijing, 23–30.
[55.] Singhal, A., T. Winograd, and K. Scarfone, (2007). "Guide to Secure Web Services," Recommendations of the National Institute of Standards and Technology (NIST). 800-895.
[56.] Solms, V., (2000). “Information Security – The Third Wave?” Computers and Security, 19(7): 615–620.
[57.] Terra, J. C. and C. Gordon, (2003). “Realizing the promise of corporate portals: leveraging knowledge for business success.” ButterworthHeinemann.
[58.] Thomas, M. P., J. Burruss, L. Cinquini, G. Fox, D. Gannon, L. Gilbert, G. V. Laszewski, K. Jackson, D. Middleton, R. Moore, M. Pierce, B. Plale, A. Rajasekar, R. Regno, E. Roberts, D. Schissel, A. Seth, and W. Schroeder, (2005). “Grid Portal Architechures for Scientific Applications.” Journal of Physics: Conference Series 16, 596-600.
[59.] Vernadat F. B., (2007). “Interoperable Enterprise Systems: Principles, Concepts and Methods.” Annual Reviews in Control 31, 237-145.
[60.] Vo, H. T. K., C. Weinhardt and R. Wojciechowski, (2006). “Corporate Portals from A Service-Oriented Perspective the CoFiPot Implementation.” The 8th IEEE International Conference on and Enterprise Computing, E-Commerce, and E-Services(CEC/EEE’06).
[61.] Wang W. and Y. Wang, (2009). “Research on Architecture of Information Security in Enterprise Portal,” Software Engineering, 2009. WCSE `09, 420-424.
[62.] Washington State Department of Information Services.(2009). "Enterprise Service-Oriented Architecture (SOA) Domain Document", retrieved December 6, 2010 from http://www.dis.wa.gov/initiatives/enterprisearch/soa_intiative_domain.doc.
[63.] Wojtkowski, W., (2007). “Collaborative Enterprise Portals, Encyclopaedia of Portal Technology and Applications.” Hershey, PA, Information Science Reference.
[64.] Woods, D. and T. Mattern.(2006). “Enterprise SOA:Designing IT for Business Innovation.” O’Reilly.
[65.] Yang, S., M. Yang, and J.T.B. Wu, (2005). “The impacts of establishing enterprise information portals on e-business performance. Industrial Management.” Data Systems, 105(3): 349-368.
[66.] Youn C., (2003). “Web Services Based Architecture in Computational Web Portals,” The thesis for the degree of Doctoral of Syracuse University.
[67.] Ziane, S. and H. Bacha, (2006). "Availability and Security for Complex Enterprise Web Services”, The Business Review, Cambridge, 5(1): 325-329. |
| Description: | 碩士
國立政治大學
資訊管理研究所
94356042
99 |
| Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0943560421 |
| Data Type: | thesis |
| Appears in Collections: | [資訊管理學系] 學位論文
|
Files in This Item:
| File |
Size | Format | |
|---|
| index.html | 0Kb | HTML2 | 196 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
