فهرست و منابع پایان نامه ارائه مدلی جدید برای ارزیابی ریسک امنیت مشاپ های سازمانی
فهرست:
1 فصل اول : کلیات تحقیق ....................................................................................................................................................1-1 مقدمه ....................................................................................................................................................................... 2
1-2 اهداف تحقیق ........................................................................................................................................................... 3
1-3 سئوالات تحقیق ....................................................................................................................................................... 3
1-4 محدوده تحقیق ........................................................................................................................................................ 4
1-5 ساختار پایان نامه......................................................................................................................................................6
فصل دوم: ادبیات موضوع .................................................................................................................................................... 7 2-1 مقدمه ....................................................................................................................................................................... 8
2-2 معماری سرویس گرا ................................................................................................................................................ 8
2-3 وب 2.0 .................................................................................................................................................................. 10
2-3 -1 فناوری Ajax ......................................................................................................................................... 12
2-3 -2 چگونگی تفاوت Ajax ........................................................................................................................... 13
2-4 وب معنایی ............................................................................................................................................................. 14
2-5 مشاپ های سازمانی .............................................................................................................................................. 16
2-6 جنبه های امنیت ................................................................................................................................................... 18
1-6-2 قابلیت اعتماد .......................................................................................................................................... 19
2-6-2 تمامیت .................................................................................................................................................... 20
3-6-2 در دسترس بودن .................................................................................................................................... 21
2-7 مسایل امنیتی در مشاپ های سازمانی ................................................................................................................ 22
2-8 معرفی کارهای مرتبط ........................................................................................................................................... 27
2-8 -1 ارزیابی ریسک امنیتی کاربردهای مشاپ سازمانی بر اساس مدل رفتاری .......................................... 28
2-9 نتیجه گیری و جمع بندی .................................................................................................................................... 31 فصل سوم: مدل توسعه برنامه های کاربردی مبتنی بر مشاپ های سازمانی ................................................................. 32
ده
3-1 مقدمه ..................................................................................................................................................................... 33
3-2 طراحی مولفه گرای مشاپ های سازمانی ............................................................................................................. 33
3-3 معماری مرجع محیط مشاپ های سازمانی ......................................................................................................... 34
3-4 مدل توسعه سامانه های کاربردی مشاپ سازمانی ............................................................................................... 35
3-4 -1 مثال توسعه مشاپ ................................................................................................................................. 36
3-5 مدل رفتاری سامانه های کاربردی مشاپ سازمانی.............................................................................................. 41
3-6 نتیجه گیری ........................................................................................................................................................... 44
فصل چهارم: معرفی مدل پیشنهادی ................................................................................................................................ 45 4-1 مقدمه ..................................................................................................................................................................... 46
4-2 مولفه های مدل پیشنهادی ................................................................................................................................... 46
4-2 -1 مولفههای مشاپ سازمانی ...................................................................................................................... 46
4-2 -2 بروز حمله در یک مولفه مشاپ ............................................................................................................. 48
4-2 -3 مدل های چیدمان مولفه های مشاپ ................................................................................................... 50
4-3 نحوه استفاده از مدل پیشنهادی ........................................................................................................................... 54
4-3 -1 نمونه اول................................................................................................................................................. 55
4-3 -2 نمونه دوم ................................................................................................................................................ 57
4-4 نتیجه گیری ........................................................................................................................................................... 60
فصل پنجم: ارزیابی مدل ................................................................................................................................................... 61 5-1 مقدمه ..................................................................................................................................................................... 62
5-2 معیار های ارزیابی .................................................................................................................................................. 62
64 .......................................................................................................................................... Yahoo Pipes ابزار 3-5
5-3 -1 قاب کتابخانه ........................................................................................................................................... 65
5-4 مطالعه موردی........................................................................................................................................................ 67
5-4 -1 مطالعه موردی اول ................................................................................................................................. 67
یازده
5-4 -2 مطالعه موردی دوم ................................................................................................................................. 70
5-5 مقایسه دو مطالعه موردی ..................................................................................................................................... 73
5-6 بررسی معیارهای ارزیابی در مدل پیشنهادی ...................................................................................................... 75
فصل ششم : خلاصه، نتیجهگیری و کارهای آینده ......................................................................................................... 78 6- 1 مقدمه ..................................................................................................................................................................... 79
6- 2 بررسی تحقق اهداف .............................................................................................................................................. 79
6- 3 مقایسه مدل پیشنهادی بر اساس ویژگی های مدل های ارزیابی ....................................................................... 80
6- 4 کاربرد مدل پیشنهادی .......................................................................................................................................... 82
6- 5 خلاصه و نتیجهگیری ............................................................................................................................................ 82
6- 6 کارهای آینده ......................................................................................................................................................... 82 مراجع ................................................................................................................................................................................. 84
منبع:
[1] J. Magazinius, A. Askarov, and A. Sabelfeld. A latticebased approach to mashup security. ACM Symposium on Information Computer and communications security, ٢٠١٠.
[2] A. Barth, C. Jackson, and J. C. Mitchell, "Securing Frame Communication in Browsers," in Symposium A Quarterly Journal In Modern Foreign Literatures , pages ١٧-٣٠, Unix Association, ٢٠٠٨.
[3] B. Beemer and D. Gregg, "Mashups: A Literature Review and Classification Framework," Future Internet, vol. ١, pp. ٥٩-٨٧, ٢٠٠٩.
[4] J. Jeffrey Hanson. “Mashup security: Technologies and techniques for securing UI artifacts and data in a mashup”. ibm.com/developerWorks, ٢٠٠٩.
[5] Chen Yanchun, Wang Xingpeng. “A Security Risk Evaluation Model for
Mashup Application”. International Conference on Information Management, Innovation Management and Industrial Engineering ٢٠٠٩. Volume ١, DOI:
١٠.١١٠٩/ICIII.٢٠٠٩.٥٨. Page(s): ٢١٢ – ٢١٥.
[6] A. Bradley and D. Gootzit, "Who ' s Who in Enterprise ' Mashup ' echnologies," Most, ٢٠٠٧.
[7] M. Dacier, Y. Deswarte, M. Kaâniche, C. Roche, and T. Cedex, "Models and tools for quantitative assessment of operational security," System, ٢٠٠٥, pages ٣٢-٤٣.
[8] Y. Demchenko, L. Gommans, C. D. Laat, and B. Oudenaarde, "Web Services and Grid Security Vulnerabilities and Threats Analysis and Model," Internet Research, pp. ٢٦٢-٢٦٧, ٢٠٠٥.
[9] S. Gallen, "TOWARDS A REFERENCE MODEL FOR GRASSROOTS ENTERPRISE MASHUP ENVIRONMENTS," ٢٠٠٩.
[10] J. Garrett, "Ajax : A New Approach to Web Applications How Ajax is Different," pp. ١-٥, ٢٠٠٥.
[11] C.-p. Bezemer, A. Mesbah, and A. V. Deursen, "Automated Security Testing of Web Widget Interactions," Reverse Engineering, pp. ٨١-٩٠, ٢٠٠٥.
[12] Young, G., et al. The Mashup Opportunity. s.l. : Forrester, ٢٠٠٨.
[13] A. Bradley, "Reference Architecture for Enterprise ' Mashups '," Architecture, ٢٠٠٧, Gartner.
[14] Mahmoud, Q. H. Service‐Oriented Architecture (SOA) and Web Services: The Road to Enterprise Application Integration (EAI). [Online] ٢٠٠٥.
http://java.sun.com/developer/technicalArticles/WebServices/soa/.
[15] Sprott, D. and Wilkes, L. Understanding SOA. CBDI Forum. [Online] ٢٠٠٣.
[16] Freund, T. and Storey, T. Transactions in the World of Web Services. IBM Forum. [Online] ٢٠٠٢.
[17] Knipple, R. Service Oriented Enterprise Architecture. MS Thesis. s.l. :
IT‐University of Copenhagen, ٢٠٠٥.
[18] Erl, T. Service‐Oriented Architecture: A Field Guide to Integrating XML andWeb Services. s.l. : Prentice Hall, ٢٠٠٤.
[19] Towards service composition based on mashup. Liu, X., et al. ٢٠٠٧. IEEE International Conference on Service Computing (SCC ٢٠٠٧). pp. ٣٣٢–٣٣٩.
[20] Business Process Execution Language for Web Services version ١.١. [Online] February ٨, ٢٠٠٧.
http://www.ibm.com/developerworks/library/specification/ws‐bpel/.
[21] Web Service Choreography Interface (WSCI) ١.٠. [Online] August ٨ , ٢٠٠٢. http://www.w٣.org/TR/wsci/.
[22] Ease of interaction plus ease of integration: Combining Web٢.٠ and the emantic Web. Heath, T. and Motta, E. s.l. : Journal of Web Semantics, Elsevier, ٢٠٠٧, pages ٥١-٦٧.
[23] O’Reilly, T. What is Web ٢.٠? Design Patterns and Business Models for the Next Generation of Software. [Online] September ٢٠٠٥. http://www.oreillynet.com/pub/a/oreilly/tim/news/٢٠٠٥/٠٩/٣٠/what‐isWeb‐٢٠.h tml.
[24] Metcalfe’s law, Web ٢.٠, and the Semantic Web. Hendler, J. and Golbeck, J. s.l.
: Journal of Web Semantics, Elsevier, ٢٠٠٧.
[25] Hafner,M.; Breu,R, Security Engineering for Service-Oriented Architectures, Book Chapter, Springer, ٢٠٠٩.
[26] Web mash‐ups and patchwork prototyping: User‐driven technological innovation with Web ٢.٠ and open source software. Floyd, I. R., et al. s.l. : Annual Hawaii International Conference on System Sciences (HICSS’٠٧), ٢٠٠٧. pp. ٨٦– ٩٥.
[27] Gartner's top ١٠ strategic technologies. [Online] October ٩, ٢٠٠٧.
http://www.computerworld.com/action/article.do?command=viewArticleBasic& articleId=٩٠٤ ٧٣
[28] Bridging the semantic Web and Web ٢.٠ with Representational State Transfer (REST). Battle, R. and Benson, E. ١, s.l. : Elsevier Science Publishers, ٢٠٠٨, Vol. ٦, pp. ٦١‐٦٩ .
[29] Antoniou, G. A semanticWeb primer/. s.l. : Massachusetts Institute of Technology, ٢٠٠٤. ‐ ٢٦٢‐٠١٢١٠‐٣.
[30] PASSIN, T. B. Explorer’s Guide to the Semantic Web. s.l. : Manning Publications, ٢٠٠٤. ١‐ ٩٣٢٣٩٤‐٢٠‐٦.
[31] Exploiting Linked Data for Building Web Applications. Hausenblas, M. s.l. : IEEE Internet Computing, ٢٠٠٩.
[32] The two cultures: Mashing up Web ٢.٠ and the Semantic Web. Ankolekar, A., et al. s.l. : Journal of Web Semantics, Elsevier, ٢٠٠٧. ٢٧. Data Mashups & Their Applications in Enterprises. Makki, S. K. and Sangtani, J. s.l. : IEEE, ٢٠٠٨. IEEE ICIW ٢٠٠٨, pages ١٢١-١٣٠.
[33] Enterprise Mashups: Putting a face on next generation global SOA. Janner, T., et al. s.l. : Springer, ٢٠٠٧. WISE ٢٠٠٧. Vol. LNCS ٤٨٣.
[34] Foster Innovation in a Mashup‐oriented Enterprise ٢.٠ Collaboration
Environment. Soriano, J., et al. ٢٠٠٧. System and Information Sciences Notes ١. Vol. ١, pp. ٦٢–٦٨.
[35] Mashups: Emerging application development paradigm for a digital journal. Kultathuramaiyer, N. ١, ٢٠٠٧, Journal of Universal Computer Science, Vol. ١٣, pp. ٥٣١– ٤٢.
[36] Understanding UI Integration. A Survey of Problems, Technologies, and Opportunities. Daniel, F., et al. ١١, s.l. : IEEE, ٢٠٠٧, IEEE Internet Computing, Vol. ٣, pp. ٥٩–٦٦.
[37] Blogs, mashups, wikis oh my. Dearstyne, B. ٤, ٢٠٠٧, Information Management Journal, Vol. ١٤, pp. ٢٤–٣٣. ٣٣.
[38] http://www.programmableweb.com
[39] Srinivasan ,Latha, Treadwell,Jem, An Overview of Service-oriented Architecture Web Services and Grid Computing,HP Software Global Business Unit, ٢٠٠٥.
[40] http://services.alphaworks.ibm.com/qedwiki/
[41] Goertzel, Mercedese, K., [and others],٢٠٠٧, Software Security Assurance:StateOf-The-Art-Report (SOAR)
[42] Ajay Tipnis, Ivan Llomelli, Security – A major imperative for service-oriented architecture,White Paper, ESD Company, Hewlett-Packard (HP) , ٢٠٠٨.