RBAC访问控制中间件的设计与实现

研究对于应用系统资源的访问控制,设计和实现基于中间件技术的访问控制系统.首先说明了研究背景.在介绍了所需涉及的相关理论和技术之后,设计了一个实用的RBAC访问控制中间件,可以运行在多种软硬件平台,方便地进行二次开发.     

基于移动Agent的Web服务安全访问机制研究

针对web服务安全问题中的访问控制,提出将移动Agent引入web服务的安全访问控制模型,通过SRP协议对web服务附加了一个独立的访问控制代理层,具有良好的通用性.实现了基于移动Agent的web服务访问控制模型,并对控制流程进行了描述.     

基于移动Agent的Webj服务安全访问机制研究

针对Web服务安全问题中的访问控制，提出将移动Agent引入Web服务的安全访问控制模型，通过SRP协议对Web服务附加了一个独立的访问控制代理层，具有良好的通用性。实现了基于移动Agent的Web服务访问控制模型．并对控制流程进行了描述。     

基于角色的Web Services访问控制系统

首先对Web Services的安全技术和访问控制的研究情况进行简单回顾,介绍XACML(eXtensibleAcces s Control Markup language)中的常用术语,然后介绍了一个Web Services的面向服务的基于角色的访问控制系统和安全结构模型,从服务方面和属性方面加强对服务的访问控制.在该体系结构模型中,使用SOAPProxy加强对Web Services的访问控制.通过设计安全cookies和安全SOAP消息,在Web Services上实现基于角色的访问控制.最后给出此系统有待解决的问题.     

使用代理技术实现基于角色的访问控制和数据加密

本论述以代理技术实现基于角色的访问控制和加密技术,以处理信息应用系统建设及其安全加密系统建设的工程关系。     

一种嵌入式数据库安全增强方案的设计与实现

由于嵌入式平台的开放性和智能化,嵌入式数据库面临的安全威胁日益增长。在此提出一种嵌入式数据库安全增强方案,融合多种安全技术,如指纹识别、访问控制、数据加密等,设计了一种基于嵌入式数据库的安全中间件,构造访问嵌入式数据库的安全通道,对嵌入式数据库系统进行安全增强。该安全方案在嵌入式数据库Berkeley DB系统上得到了应用,验证了嵌入式数据库安全方案的可行性,能够有效地增强嵌入式数据库的安全性。     

基于ASP.NET 2.0的访问控制的实现

访问控制是保证信息系统安全的必要手段.基于角色的访问控制是一种有效的访问控制机制,利用ASP.NET 2.0提供的用户和角色管理技术,可以实现基于角色的访问控制.在分析ASP.NET 2.0实现基于角色的访问控制方法的基础上,对其角色授权功能进行了拓展,提出了根据角色功能进行访问控制的新方法.对提高访问控制的有效性、可控性有重要意义.     

属性加密访问控制方法在云环境下的应用研究

随着云计算技术的普遍应用,云环境下云资源的安全性问题也受到了信息安全技术领域研究人员的普遍关注.传统的访问控制方法不能适应云计算环境下的数据存储和处理的安全需要,属性加密访问控制方法在云计算环境下的应用,可以有效的保证云环境下数据的安全性.本文对云安全进行了简单的分析,对基于属性的访问控制方法进行了研究,结合云计算环境数据处理的实际情况,提出了基于属性加密访问控制方法在云计算环境下应用的方案,并进行了研究.     

访问控制模型研究进展及发展趋势

 访问控制的任务是保证信息资源不被非法使用和访问,冲突检测与消解主要解决不同信息系统安全策略不统一的问题.随着计算机和网络通信技术的发展,先后出现了自主访问控制模型、强制访问控制模型、基于角色的访问控制模型、基于任务的访问控制模型、面向分布式和跨域的访问控制模型、与时空相关的访问控制模型以及基于安全属性的访问控制模型等访问控制模型.本文从理论和应用研究两个角度分析和总结了现有访问控制技术、访问控制策略冲突检测与消解方法的研究现状,提出了目前访问控制模型及其冲突检测与消解研究在面向信息物理社会的泛在网络互联环境中存在的问题,并给出了细粒度多级安全的访问控制模型及其策略可伸缩调整方法的发展趋势.     

基于漏洞扫描的安全中间件的设计与实现

文章通过对漏洞扫描技术和中间件技术的研究,结合两者的特点,提出了一种基于漏洞扫描的安全中间件的系统结构.该系统具有良好的封装性和可扩充性,并且实现了对多个漏洞扫描插件的控制,屏蔽插件间的差异性,运行中具有高效、稳定、安全的特点.     

Group-oriented coordination models for distributed client-server computing

This paper describes group-oriented control models for distributed client-server interactions. These models transparently coordinate requests for services that involve multiple servers, such as queries across distributed data-bases. Specific capabilities inclulde decomposing and replicating client requets; dispatching request subtasks or copies to independent, networked servers; and combining server results into a single response for the client. The control models were implemented by combining request broker and process group technologies with an object-oriented communication middleware tool. The models are illustrated in the context of a distributed operations support application for space-based systems.     

Techniques for enhancing real-time CORBA quality of service

End-to-end predictability of remote operations is essential for many fixed-priority distributed real-time and embedded (DRE) applications, such as command and control systems, manufacturing process control systems, large-scale distributed interactive simulations, and testbeam data acquisition systems. To enhance predictability, the Real-time CORBA specification defines standard middleware features that allow applications to allocate, schedule, and control key CPU, memory, and networking resources necessary to ensure end-to-end quality of service support. This paper provides two contributions to the study of Real-time CORBA middleware for DRE applications. First, we identify potential problems with ensuring predictable behavior in conventional middleware by examining the end-to-end critical code path of a remote invocation and identifying sources of unbounded priority inversions. Experimental results then illustrate how the problems we identify can yield unpredictable behavior in conventional middleware platforms. Second, we present design techniques for ensuring real-time quality of service in middleware. We show how middleware can be redesigned to use nonmultiplexed resources to eliminate sources of unbounded priority inversion. The empirical results in this paper are conducted using TAO, which is widely used and open-source DRE middleware compliant with the Real-time CORBA specification.     

JAVA与CORBA结合实现分布式异构系统中间件

分布式异构系统的中间件是当前研究的热门课题之一,也是电力系统中人们极为关注的问题.本文把JAVA和CORBA各自的优势结合起来,设计了用于国内某电力调度中心分布式异构系统的中间件.本方案以JAVA为外壳、以CORBA为内核,在国内电力系统中首次成功地实现了这一设计思想.实验证明,上述设计思想是正确的,且该中间件已可实际应用于电力调度中心异构系统的数据交换.本文重点讨论了该中间件设计的几个关键技术问题.     

实时中间件应用方法研究

提高软件生产效率和质量、积累和固化知识财富的需求推动了分布式计算中间件技术和基于中间件的软件开发技术的发展。在对CORBA、EJB、COM/DCOM三种主流平台分析比较的基础上,提出CORBA最适合实时系统的开发。通过分析实时CORBA的组成和特性,结合工程应用提出了一种实现方法。     

PKUAS:一种面向领域的构件运行支撑平台

基于中间件的构件运行支撑平台是实现基于构件的软件复用的关键.现有中间件技术侧重于解决大多数领域开发分布系统均会遇到的共性问题,忽视了单个应用领域内的共性问题.在下一代中间件技术追求的主要特性中,开放性与灵活性能够有效增强中间件对领域特性的支持.本文介绍了一个开放、灵活、面向领域的构件运行支撑平台,重点研究了平台内核、可扩展互操作框架以及元编程机制,并结合电力领域探讨了面向领域的定制与扩展方法.     

Evaluating meta-programming mechanisms for ORB middleware

Distributed object computing middleware, such as CORBA, COM+, and Java RMI, shields developers from many tedious and error-prone aspects of programming distributed applications. It is hard to evolve distributed applications after they are deployed, however, without adequate middleware support for meta-programming mechanisms, such as smart proxies, interceptors, and pluggable protocols. These mechanisms can help improve the adaptability of distributed applications by allowing their behavior to be modified without changing their existing software designs and implementations significantly. This article examines and compares common meta-programming mechanisms supported by DOC middleware. These mechanisms allow applications to adapt more readily to changes in requirements and runtime environments throughout their lifecycles. Some of these meta-programming mechanisms are relatively new, whereas others have existed for decades. This article provides a systematic evaluation of these mechanisms to help researchers and developers determine which are best suited to their application needs     

Intelligent network control middleware platform

As multivendor, multitechnology networks are deployed in a carrier's network, a network operator must integrate these networks to have a unified control platform to lower operational costs and deliver customer-specified QoS. An intelligent network control middleware framework for multivendor networks is described in this article. The architectural framework is designed to control and manage next generation network elements as well as legacy telecom networks. The layers within the framework include mediation, control plane, network resource management, and application programmable interfaces. An independent, distributed control plane aims at service interoperability and network scalability. An experimental study on circuit provisioning using the proposed middleware framework is conducted on Sun Lab servers. The middleware performance results are reported. Experimentation architecture and metrics can be extended to a performance benchmark upon which the control plane products can be evaluated.     

中间件及其在移动服务网中的应用

主要介绍中间件的种类、分布式体系结构、技术特点、工作机理及其应用。描述了中间件在优化移动服务网体系结构等方面的作用，重点阐述了移动服务网中几个子系统，如何采用中间件合理实现三层体系架构，探讨了采用中间件技术实现移动服务网扩展性的方式。     

Adaptive resource management in middleware: a survey

Current middleware technologies cannot meet the demands of new application areas, such as embedded and mobile systems, that require mechanisms for dealing with a changing environment. This article reviews several approaches for providing adaptive resource management for middleware. Current middleware technologies, such as the Common Object Request Broker Architecture (CORBA) and .NET (http://msdn.microsoft.com/net), mask system and network heterogeneity problems and alleviate the inherent complexity of distributed systems in many application areas. However, the recent emergence of new application areas for middleware, such as embedded systems, real-time systems, and multimedia, imposes challenges that few existing middleware platforms can meet. In particular, because they impose greater resource-sharing and dynamism demands, these application areas require more complex and sophisticated middleware. Resource sharing must be controlled and predictable to ensure that activities running on the same middleware instance have adequate resources.     

面向预警探测系统的分布式消息中问件研究与实现

设计了一种面向作战系统应用的信息分发消息中间件解决方案,对消息分发中间件的体系结构、工作流程和系统实现关键点进行了详细的阐述。该设计根据应用进程需求,选择和切换合适的分发策略,满足作战系统在信息交互的实时性、可靠性以及分组报文传输等方面的不同要求;该设计向上屏蔽网络通信的具体实现和传输策略的选择,使上层应用软件开发从复杂的网络结构、传输逻辑以及异构网络传输平台中解脱出来。