首页 | 官方网站   微博 | 高级检索  
相似文献
 共查询到10条相似文献,搜索用时 140 毫秒
1.
Facilitating compliance management, that is, assisting a company’s management in conforming to laws, regulations, standards, contracts, and policies, is a hot but non-trivial task. The service-oriented architecture (SOA) has evolved traditional, manual business practices into modern, service-based IT practices that ease part of the problem: the systematic definition and execution of business processes. This, in turn, facilitates the online monitoring of system behaviors and the enforcement of allowed behaviors—all ingredients that can be used to assist compliance management on the fly during process execution. In this paper, instead of focusing on monitoring and runtime enforcement of rules or constraints, we strive for an alternative approach to compliance management in SOAs that aims at assessing and improving compliance. We propose two ingredients: (i) a model and tool to design compliant service-based processes and to instrument them in order to generate evidence of how they are executed and (ii) a reporting and analysis suite to create awareness of a company’s compliance state and to enable understanding why and where compliance violations have occurred. Together, these ingredients result in an approach that is close to how the real stakeholders—compliance experts and auditors—actually assess the state of compliance in practice and that is less intrusive than enforcing compliance.  相似文献   

2.
This paper briefly traces the evolution of information system architectures from mainframe-connected terminals to distributed multi-tier architectures. It presents the challenges facing developers of multi-tier information systems in providing effective consistent data policy enforcement, such as access control in these architectures. Finally, it introduces “Mobile Policy” (MoP) as a potential solution and presents a framework for using mobile policy in the business logic tier of multi-tier information systems.  相似文献   

3.
在分析现有信任管理的基础上,结合科学数据网格项目需求,提出了一种基于XML的信任管理框架X-TM。该框架包含了一种基于XML的统一信任证和策略语言,以及完成验证TrustTicket与一致性验证器的信任管理执行器,其主要创新点为可扩展的策略语言和支持TrustTicket与策略缓存的信任管理执行器,具有灵活性和良好的可扩展性等特点。  相似文献   

4.
Various types of security goals, such as authentication or confidentiality, can be defined as policies for service-oriented architectures, typically in a manual fashion. Therefore, we foster a model-driven transformation approach from modelled security goals in the context of process models to concrete security implementations. We argue that specific types of security goals may be expressed in a graphical fashion at the business process modelling level which in turn can be transformed into corresponding access control and security policies. In this paper we present security policy and policy constraint models. We further discuss a translation of security annotated business processes into platform specific target languages, such as XACML or AXIS2 security configurations. To demonstrate the suitability of this approach an example transformation is presented based on an annotated process.  相似文献   

5.
在分析现有信任管理的基础上,结合科学数据网格项目需求,提出了一种基于XML的信任管理框架X-TM。该框架包含了一种基于XML的统一信任证和策略语言,以及完成验证TrustTicket与一致性验证器的信任管理执行器,其主要创新点为可扩展的策略语言和支持TrustTicket与策略缓存的信任管理执行器,具有灵活性和良好的可扩展性等特点。  相似文献   

6.
李刚  赵卓峰  韩燕波  梁英 《软件学报》2006,17(6):1372-1380
在企业及电子政务应用中,由资源分布异构及需求动态变化而产生的问题越来越严重,如何让应用快速适应这些变化一直是人们关注的一个研究难题.首先给出了一个面向服务的支持业务端编程的适应性软件结构框架CAFISE(convergent approach for information system evolution)Framework,然后给出了基于该框架的面向服务的适应性软件开发方法.CAFISE Framework对异构资源的服务化、业务化及开放动态的面向服务软件体系结构提供了较好的支持.基于该结构框架的开发方法,从对影响软件的环境要素分析入手,通过质量属性驱动的体系结构分析,重点针对应用要适应的变化进行结构设计,最终通过以体系结构为基础的业务端编程,实现面向服务应用的即时开发与演化.在实际项目中的使用及实验证明:用该框架和方法开发的面向服务应用,能够较好地适应异构资源的动态变化及用户业务变更,能以较低的代价实现企业及电子政务面向服务应用的持续演化.  相似文献   

7.
陈迪  邱菡  朱俊虎  王清贤  樊松委 《软件学报》2023,34(9):4336-4350
域间路由系统自治域(ASes)间具有不同的商业关系和路由策略.违反自治域间出站策略协定的路由传播可能引发路由泄露,进而导致网络中断、流量窃听、链路过载等严重后果.路由策略符合性验证对于保证域间路由系统安全性和稳定性至关重要.但自治域对本地路由策略自主配置与隐私保护的双重需求增加了验证路由策略符合性的难度,使其一直是域间路由安全领域尚未妥善解决的难点问题.提出一种基于区块链的域间路由策略符合性验证方法.该方法以区块链和密码学技术作为信任背书,使自治域能够以安全和隐私的方式发布、交互、验证和执行路由策略期望,通过生成对应路由更新的路由证明,保证路由传播过程的真实性,从而以多方协同的方式完成路由策略符合性验证.通过实现原型系统并基于真实路由数据开展实验与分析,结果表明该方法可以在不泄露自治域商业关系和本地路由策略的前提下针对路由传播出站策略符合性进行可追溯的验证,以合理的开销有效抑制策略违规路由传播,在局部部署情况下也具有显著的策略违规路由抑制能力.  相似文献   

8.
Many organizations use business policies to govern their business processes, often resulting in huge amounts of policy documents. As new regulations arise such as Sarbanes-Oxley, these business policies must be modified to ensure their correctness and consistency. Given the large amounts of business policies, manually analyzing policy documents to discover process information is very time-consuming and imposes excessive workload. In order to provide a solution to this information overload problem, we propose a novel approach named Policy-based Process Mining (PBPM) to automatically extracting process information from policy documents. Several text mining algorithms are applied to business policy texts in order to discover process-related policies and extract such process components as tasks, data items, and resources. Experiments are conducted to validate the extracted components and the results are found to be very promising. To the best of our knowledge, PBPM is the first approach that applies text mining towards discovering business process components from unstructured policy documents. The initial research results presented in this paper will require more research efforts to make PBPM a practical solution.  相似文献   

9.
With the development of policy management systems, policy-based management has been introduced in cross-domain organization collaborations and system integrations. Theoretically, cross-domain policy enforcement is possible, but in reality different systems from different organizations or domains have very different high-level policy representations and low-level enforcement mechanisms, such as security policies and privacy configurations. To ensure the compatibility and enforceability of one policy set in another domain, a simulation environment is needed prior to actual policy deployment and enforcement code development. In most cases, we have to manually write enforcement codes for all organizations or domains involved in every collaboration activity, which is a huge task. The goal of this paper is to propose an enforcement architecture and develop a simulation framework for cross-domain policy enforcement. The entire environment is used to simulate the problem of enforcing policies across domain boundaries when permanent or temporary collaborations have to span multiple domains. The middleware derived from this simulation environment can also be used to generate policy enforcement components directly for permanent integration or temporary interaction. This middleware provides various functions to enforce policies automatically or semi-automatically across domains, such as collecting policies of each participant domain in a new collaboration, generating policy models for each domain, and mapping specific policy rules following these models to different enforcement mechanisms of participant domains.  相似文献   

10.
随着南方某电网公司信息化建设的快速发展,以及在实际网络环境下业务主机安全审计和实现的不足,巫需提出一套成熟的主机安全审计方案,有效监控主机安全事件,加强信息安全管理和风险控制,从而满足政策合规的要求。针对该电网公司主要业务系统的体系结构、业务特点和功能模块进行分析,并结合实际的主机安全审计需求,提出切实可行的主机保护策略和实施建议。  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司    京ICP备09084417号-23

京公网安备 11010802026262号