外文翻译--Web环境下基于角色的访问控制

基于对象的RBAC权限控制模型在Web系统中的应用随着互联网的不断发展，Web系统已经成为人们日常生活中不可或缺的一部分。

而随着Web系统的快速扩展和用户数量的增加，对于系统安全和权限控制的需求也越来越高。

为了保证Web系统的安全性和可靠性，RBAC（Role Based Access Control）权限控制模型应运而生。

本文将详细介绍基于对象的RBAC权限控制模型在Web系统中的应用。

一、RBAC权限控制模型概述RBAC（Role Based Access Control）权限控制模型是一种基于角色的访问控制模型，其核心思想是将用户的访问权限与其角色进行关联，从而使用户在系统中使用其拥有的角色和权限进行操作。

RBAC权限控制模型是目前应用最广泛、功能最完善的访问控制模型之一，它将用户抽象成角色，将权限抽象成资源，并将角色和资源之间的访问控制进行了明确的定义和规范化。

与其他访问控制模型相比，RBAC权限控制模型具有以下优点：（1）简化了权限管理：RBAC模型将所有用户的权限集中在管理员手中，减少了权限管理的复杂性；（2）提高了系统的安全性：通过RBAC模型的角色与权限授权方式，可以有效限制用户的访问权限，保证系统的安全性；（3）便于扩展：当系统增加新的角色、新的功能或新的用户时，可以很容易地修改权限信息，而不影响原来的权限设置。

二、RBAC模型在Web系统中的实现Web系统是一个复杂的软件系统，具有非常广泛的应用场景。

对于Web系统而言，如何实现RBAC授权管理是非常重要的。

本节将详细介绍RBAC模型在Web系统中的实现。

（1）权限管理Web系统中权限管理一般分为两个部分：页面控制和方法控制。

页面控制主要是指对Web页面的访问进行控制，而方法控制则是指对系统中的方法进行控制。

在RBAC模型中，页面控制的权限由角色直接控制，而方法控制的权限由角色和资源之间的关系控制。

例如，对于系统中的一个方法，我们可以针对某个角色设置是否允许访问该方法，如果该角色未被授予权限，则该方法将无法访问。

文献翻译基于 Web 的分析系统院（系）名称信息工程学院专业名称软件工程英文译文基于Web 的分析系统马克斯科特，约翰琳1 摘要在使用分析型数据库时，分析人员将数据归入公用组，并尝试确定条件变化时产生的结果。

例如，提高产品价格会增加单位利润，但可能会减少销量ù会产生较高还是较低的总利润？或者，联邦贴现率的下降会如何影响房地产贷款的收益？为了帮助分析人员根据历史趋势做出有根据的预测，Microsoft 在SQL Server 2000 中提供了分析服务，在SQL Server 7.0 中提供了OLAP 服务。

这些服务都提供OLAP 功能，能够将存储在SQL Server（或任何其他OLE DB 兼容的数据源）上的数据处理成多维数据结构，称为多维数据集。

多维数据集简化了趋势分析和建立实体间交互方式联系的过程。

例如，房地产投资者采用现金流模型来区分一组具有共同特征（如：地产类型、地理位置和利率范围）的贷款，并预测各种事件的影响。

如果贷款提前偿还或者借款人违约，后果将会如何？此类不可预测的事件会如何影响贷款所担保的债券的收益。

从包含几百笔贷款的清单中选择并区分具有分析特征的贷款是需要相当技巧的。

分析服务和OLAP 服务有助于在各组贷款间建立联系，以便分析人员能够建立贷款假设模型。

为了帮助客户的房地产分析人员预测商业抵押证券的业绩，我们的开发小组需要设计一个以各种方式（如：利率、到期期限或地产位置）来简化贷款分类的系统。

其界面应易于学习和使用。

而且，所开发的系统需要在Internet 上进行安全的部署。

为了满足这些要求，开发小组选择了分析服务。

2 在Web上部署Office在选定了后端技术后，开发小组开始制订实现前端界面的计划。

多数金融分析人员使用Microsoft Excel，他们对其界面比较熟悉，感觉也很舒服。

Excel 包括数据透视表服务，能够允许分析人员连接到分析服务数据库。

Excel 的拖放界面提供了对多维数据的简单和直观的访问，并不要求用户进行深入的培训。

A Clear Look at Internal Controls: Theory and ConceptsHammed Arad (Philae)Department of accounting, Islamic Azad University, Hamadan, IranBarak Jamshedy-NavidFaculty Member of Islamic Azad University, Kerman-shah, IranAbstract: internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. Internal Control is a major part of managing an organization. It comprises the plans, methods, and procedures used to meet missions, goals, and objectives and, in doing so, support performance-based management. Internal Control which is equal with management control helps managers achieve desired results through effective stewardship of resources. Internal controls should reduce the risks associated with undetected errors or irregularities, but designing and establishing effective internal controls is not a simple task and cannot be accomplished through a short set of quick fixes. In this paper the concepts of internal controls and different aspects of internal controls are discussed. Keywords: Internal Control, management controls, Control Environment, Control Activities, Monitoring1. IntroductionThe necessity of control in new variable business environment is not latent for any person and management as a response factor for stockholders and another should implement a great control over his/her organization. Control is the activity of managing or exerting control over something. he emergence and development of systematic thoughts in recent decade required a new attention to business resource and control over this wealth. One of the hot topic a bout controls over business resource is analyzing the cost-benefit of each control.Internal Controls serve as the first line of defense in safeguarding assets and preventing and detecting errors and fraud. We can say Internal control is a whole system of controls financial and otherwise, established by the management for the smooth running of business; it includes internal cheek, internal audit and other forms of controls.COSO describe Internal Control as follow. Internal controls are the methods employed to help ensure the achievement of an objective. In accounting and organizational theory, Internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal controlprocedures reduce process variation, leading to more predictable outcomes. Internal controls within business entities are called also business controls. They are tools used by manager's everyday.* Writing procedures to encourage compliance, locking your office to discourage theft, and reviewing your monthly statement of account to verify transactions are common internal controls employed to achieve specific objectives.All managers use internal controls to help assure that their units operate according to plan, and the methods they use--policies, procedures, organizational design, and physical barriers-constitute. Internal control is a combination of the following：1. Financial controls, and2. Other controlsAccording to the institute of chartered accountants of India internal control is the plan of organization and all the methods and procedures adopted by the management of an entity to assist in achieving management objective of ensuring as far as possible the orderly and efficient conduct of its business including adherence to management policies, the safe guarding of assets prevention and detection of frauds and error the accuracy and completeness of the accounting records and timely preparation of reliable financial information, the system of internal control extends beyond those matters which relate to the function of accounting system. In other words internal control system of controls lay down by the management for the smooth running of the business for the accomplishment of its objects. These controls can be divided in two parts i.e. financial control and other controls.Financial controls:- Controls for recording accounting transactions properly.- Controls for proper safe guarding company assets like cash stock bank debtor etc- Early detection and prevention of errors and frauds.- Properly and timely preparation of financial records I e balance sheet and profit and loss account.- To maximize profit and minimize cost.Other controls: Other controls include the following:Quality controls.Control over raw materials.Control over finished products.Marketing control, etc6. Parties responsible for and affected by internal controlWhile all of an organization's people are an integral part of internal control, certain parties merit special mention. These include management, the board of directors (including the audit commit tee), internal auditors, and external auditors.The primary responsibility for the development and maintenance of internal control rests with an organization's management. With increased significance placed on the control environment, the focus of internal control has changed from policies and procedures to an overriding philosophy and operating style within the organization. Emphasis on these intangible aspects highlights the importance of top management's involvement in the internal control system. If internal control is not a priority for management, then it will not be one for people within the organization either.As an indication of management's responsibility, top management at a publicly owned organization will include in the organization's annual financial report to the shareholders a statement indicating that management has established a system of internal control that management believes is effective. The statement may also provide specific details about the organization's internal control system.Internal control must be evaluated in order to provide management with some assurance regarding its effectiveness. Internal control evaluation involves everything management does to control the organization in the effort to achieve its objectives. Internal control would be judged as effective if its components are present and function effectively for operations, financial reporting, and compliance. he boards of directors and its audit committee have responsibility for making sure the internal control system within the organization is adequate. This responsibility includes determining the extent to which internal controls are evaluated. Two parties involved in the evaluation of internal control are the organization's internal auditors and their external auditors.Internal auditors' responsibilities typically include ensuring the adequacy of the system of internal control, the reliability of data, and the efficient use of the organization's resources. Internal auditors identify control problems and develop solutions for improving and strengthening internal controls. Internal auditors are concerned with the entire range of an organization's internal controls, including operational, financial, and compliance controls.Internal control will also be evaluated by the external auditors. External auditors assess the effectiveness of internal control within an organization to plan the financial statement audit. In contrast to internal auditors, external auditors focus primarily on controls that affect financial reporting. External auditors have a responsibility to report internal control weaknesses (as well as reportable conditions about internal control) to the audit committee of the board of directors.8. Limitations of an Entity's Internal ControlInternal control, no matter how well designed and operated, can provide only reasonable assurance of achieving an entity's control objectives. The likelihood of achievement is affected by limitations inherent to internal control. These include the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human failures such as simple errors or mistakes. For example, errors may occur in designing,Maintaining, or monitoring automated controls. If an entity’s IT personnel do not completely understand how an order entry system processes sales transactions, they may erroneously design changes to the system to process sales for a new line of products. On the other hand, such changes may be correctly designed but misunderstood by individuals who translate the design into program code. Errors also may occur in the use of information produced by IT. For example, automated controls may be designed to report transactions over a specified dollar limit for management review, but individuals responsible for conducting the review may not understand the purpose of such reports and, accordingly, may fail to review them or investigate unusual items.Additionally, controls, whether manual or automated, can be circumvented by the collusion of two or more people or inappropriate management override of internal control. For example, management may enter into side agreements with customers that alter the terms and conditions of the entity’s standard sales con tract in ways that would preclude revenuerecognition. Also, edit routines in a software program that are designed to identify and report transactions that exceed specified credit limits may be overridden or disabled.Internal control is influenced by the quantitative and qualitative estimates and judgments made by management in evaluating the cost-benefit relationship of an entity’s internal control. The cost of an entity's internal control should not exceed the benefits that are expected to be derived. Although the cost-benefit relationship is a primary criterion that should be considered in designing internal control, the precise measurement of costs and benefits usually is not possible.Custom, culture, and the corporate governance system may inhibit fraud, but they are not absolute deterrents. An effective control environment, too, may help reduce the risk of fraud. For example, an effective board of directors, audit committee, and internal audit function may constrain improper conduct by management. Alternatively, the control environment may reduce the effectiveness of other components. For example, when the nature of management incentives increases the risk of material misstatement of financial statements, the effectiveness of control activities may be reduced.9. Balancing Risk and ControlRisk is the probability that an event or action will adversely affect the organization. The primary categories of risk are errors, omissions, delay and fraud In order to achieve goals and objectives, management needs to effectively balance risks and controls. Therefore, control procedures need to be developed so that they decrease risk to a level where management can accept the exposure to that risk. By performing this balancing act "reasonable assurance” can be attained. As it relates to financial and compliance goals, being out of balance can causebe proactive, value-added, and cost-effective and address exposure to risk.11. ConclusionThe concept of internal control and its aspects in any organization is so important, therefore understanding the components and standards of internal controls should be attend by management. Internal Control is a major part of managing an organization. Internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. According to custom definition, Internal Control is a process affected by an entity's board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories namely. The major factors of internal control are Control environment, Risk assessment, Control activities, Information and communication, Monitoring. This article reviews the main standards and principles of internal control and described the relevant concepts of internal control for all type of company.内部控制透视：理论与概念哈米德阿拉德（Philae）会计系，伊斯兰阿扎德大学，哈马丹，伊朗巴克Joshed -纳维德哈尼学院会员伊斯兰阿扎德大学，克尔曼伊朗国王，伊朗摘要：内部控制是会计程序或控制系统，旨在促进效率或保证一个执行政策或保护资产或避免欺诈和错误。

计算机 JSP web 外文翻译外文文献12.1 nEffective web n design involves separating business objects。

n。

and object XXX。

Although one individual may handle both roles on a small-scale project。

it is XXX.12.2 JSP ArchitectureIn this chapter。

XXX using JavaServer Pages。

servlets。

XXX of different architectures。

each building upon the us one。

The diagram below outlines this process。

and we will explain each component in detail later in this article.Note: XXX.)When Java Server Pages were introduced by Sun。

some people XXX。

While JSP is a key component of the J2EE n and serves as the preferred request handler and response mechanism。

it is XXX.XXX JSP。

the XXX that JSP is built on top of the servlet API and uses servlet XXX interesting ns。

such as whether we should XXX in our Web-enabled systems。

and if there is a way to combine servlets and JSPs。

附录附录一：文献资料原文J2EE WEB应用架构分析1、架构概述J2EE体系包括java server pages(JSP) ,java SERVLET, enterprise bean，WEB service等技术。

这些技术的出现给电子商务时代的WEB应用程序的开发提供了一个非常有竞争力的选择。

怎样把这些技术组合起来形成一个适应项目需要的稳定架构是项目开发过程中一个非常重要的步骤。

完成这个步骤可以形成一个主要里程碑基线。

形成这个基线有很多好处：各种因数初步确定：为了形成架构基线，架构设计师要对平台（体系）中的技术进行筛选，各种利弊的权衡。

往往架构设计师在这个过程中要阅读大量的技术资料，听取项目组成员的建议，考虑领域专家的需求，考虑赞助商成本（包括开发成本和运行维护成本）限额。

一旦架构设计经过评审，这些因数初步地就有了在整个项目过程中的对项目起多大作用的定位。

定向技术培训：一旦架构师设计的架构得到了批准形成了基线，项目开发和运行所采用的技术基本确定下来了。

众多的项目经理都会对预备项目组成员的技术功底感到担心；他们需要培训部门提供培训，但就架构师面对的技术海洋，项目经理根本就提不出明确的技术培训需求。

怎不能够对体系中所有技术都进行培训吧！有了架构里程碑基线，项目经理能确定这个项目开发会采用什么技术，这是提出培训需求应该是最精确的。

不过在实际项目开发中，技术培训可以在基线确定之前与架构设计并发进行。

角色分工：有了一个好的架构蓝图，我们就能准确划分工作。

如网页设计，JSP 标签处理类设计，SERVLET 设计，session bean设计，还有各种实现。

这些任务在架构蓝图上都可以清晰地标出位置，使得项目组成员能很好地定位自己的任务。

一个好的架构蓝图同时也能规范化任务，能很好地把任务划分为几类，在同一类中的任务的工作量和性质相同或相似。

这样工作量估计起来有一个非常好的基础。

运行维护：前面说过各个任务在架构图上都有比较好的定位。

中文5270字毕业设计(论文)外文资料翻译系（院）：专业班级：计算机科学与技术姓名：学号：外文出处： /(用外文写)附件： 1.外文资料翻译译文；2.外文原文。

指导教师评语：外文资料紧扣毕业设计课题，翻译准确、文字流畅、语句通顺，信息量足，能够独立按时完成翻译工作。

签名：年月日注：请将该封面与附件装订成册。

附件1：外文资料翻译译文VBA的开发环境本文主要讨论怎样在VBA开发环境中进行编程，通过对路径、目录以及场景所显示的对象的访问，来对它们进行控制和操作。

代码通过设置和获取它们接口的属性来操作对象，例如，设置窗口的最大化和最小化；代码还可以通过运用接口的方法来操作对象，例如，可以在多线中添加一个点；另外，代码还可以设置一个区域的值。

当一个事件发生时，代码随之而运行。

例如，当用户打开一个文档，点击一个按钮，或是通过修改一个正在编辑的草图来更新数据时，都会引发代码的运行。

在我们学习VBA开发环境之前，我们先来了解一下有关VBA的一些概念。

什么Visual Basic for Application 呢？Visual Basic for Application 是Microsoft Visual Basic 系列的一部分。

Microsoft Visual Basic 系列还包括Visual Basic 开发系统（主要有学习版本、专业版本和企业版本）和Visual Basic 脚本版本（VBScript）。

VBA是一个嵌入式的编程开发环境，它可以帮助开发者借助Microsoft Visual Basic的能力来解决客户端的问题。

开发者通过使用基于VBA的应用，可以自动的延伸应用的函数功能。

缩短开发客户端业务的解决问题的周期性。

Visual Basic、VBA以及VBScript之间的区别是什么？我们什么时候使用其中的一种应用而取代另一种应用呢？Visual Basic是一个用于建立单独的软件部件的标准独立工具，例如，我们可以用它来编辑可执行的程序，COM 部件和动态插件控制。

基于组织的Web服务访问控制模型李怀明;王慧佳;符林【摘要】For the problem of current access control strategies difficultly guaranteeing the flexibility of authorization of complex E-government system for Web service,this paper proposes an organization-based access control model for Web services on the basis of the research of the organization-based 4 level access control model. The model takes organization as the core and studies the issue of access control and authorization management from the perspective of management. Through importing the position agent and authorization unit in the model,the authorization can be adjusted according to the change of the environment context information to implement the dynamic authorization,while taking advantage of the state migration of authorization units,provides support for workflow patterns. Furthermore,the model divides permissions into service permissions and service attribute permissions, and achieves fine-grained resource protection. Application examples show that the model can commendably fit the complex organization structure in E-government system. Moreover,it can make authorization more efficient and flexible meanwhile protecting the Web service resources.%针对现有访问控制策略难以保障面向Web服务的复杂电子政务系统授权的灵活性问题，在研究基于组织的四层访问控制模型(OB4LAC)的基础上，提出一种基于组织的Web服务访问控制模型。

网络设计与规划中英文对照外文翻译文献现代企业面临的挑战尽管企业进行了大量的IT资本投资，但许多公司发现，大部分关键网络资源和信息资产仍处于自由状态。

实际上，许多"孤立"的应用程序和数据库无法相互通信，这是一种常见的商业现象。

2.The n: Service-Oriented ork Architecture (SONA)___'___(SONA) ___ is based on a service-oriented architecture (SOA) approach。

___.解决方案：面向服务的网络架构（SONA）___的面向服务的网络架构（SONA）是一个全面的框架，帮助企业克服网络设计和规划的挑战。

SONA基于面向服务的架构（SOA）方法，使企业能够将不同的应用程序和数据库集成到一个统一的网络中。

3.___ SONABy implementing SONA。

businesses ___ of benefits。

___。

increased security。

___。

___ security features。

such as identity and access management。

to protect critical n assets。

Finally。

___.SONA的好处通过实施SONA，企业可以获得许多好处，包括提高网络敏捷性、增加安全性和降低成本。

SONA通过提供灵活和可扩展的网络架构，使企业能够快速适应不断变化的业务需求。

此外，SONA提供了增强的安全功能，如身份和访问管理，以保护关键信息资产。

最后，SONA通过简化网络管理和减少对额外硬件和软件的需求，帮助企业降低成本。

4.nIn today's fast-paced business environment。

it is essential for ___。

secure。

and cost-effective ork architecture.结论在今天快节奏的商业环境中，企业必须拥有一个可以快速适应不断变化的业务需求的网络基础设施。

第24卷第4期2003年7月 江苏大学学报(自然科学版)Journal o f Jiang su U niversity(N atural Science Edition)V ol.24No.4July2003根据任务和角色进行Web访问控制陈继明,宋顺林(江苏大学计算机科学与通信工程学院,江苏镇江212013)[摘 要]访问控制作为一种实现信息安全的有效措施,在基于Web的应用(Web-based applica tion,WBA)的安全中起着重要作用 但目前用来实现WBA安全的访问控制技术大多是基于单个用户管理的,不能很好的适应企业级用户的安全需求 笔者提出了一种根据任务和角色进行Web 访问控制的方法,它能够满足大规模应用环境的Web访问控制需求[关键词]Web安全;访问控制;角色;任务[中图分类号]TP393 08A [文献标识码]A [文章编号]1671-7775(2003)04-0057-04访问控制是实现信息安全的一种重要手段,对访问控制技术的研究一直是国内外信息安全界的一个热点[1] 从20世纪70年代开始,先后提出了Bell Lapadula模型,HRU模型,Take Grant模型, Biba模型等众多访问控制模型 1992年,Ferraiolo 和Kuhn提出了基于角色的访问控制模型(role based access control,简称RBAC) 这些访问控制模型的共同点在于它们都是从系统的角度出发保护资源 它们的弱点在于都没有把操作主体执行操作时所处的环境考虑在内,且只要主体拥有对客体的访问权限,主体就可以无数次使用该权限,这样容易造成安全隐患 另外,它们在进行授权时,将权限提前授予,不符合 最小特权原则 在WBA中采用上述访问控制模型时,往往显得力不从心 目前大多数WBA所采用的访问控制机制主要是基于单个用户的,显然这些访问控制机制已经无法满足企业规模不断扩大的需要 即使在WBA中采用RBAC模型[2-4],为了实现最小特权原则,提高系统安全性,也需要频繁地切换角色,而且难以随执行的上下文环境实现对权限的动态控制,不能实现对用户行为的时间关联约束,也不能实现控制权安全一致的传递,因此必须探寻行之有效的解决办法 Thomas和Sandhu于1993年提出了基于任务的访问控制(task based access control,简称TBAC)[5] TBAC不从系统的角度而从应用和企业级的角度来考虑和解决安全访问控制问题,它面向任务 在TBAC中,主体所拥有的访问权限并不是静态的,而是随着所执行任务的上下文环境发生变化的,因此,TBAC模型的权限管理极其复杂为更好的适应企业级或更大型组织对WBA进行访问控制的安全需求,把用户对WBA的访问作为角色的任务执行请求,在WBA服务器端把需要进行访问控制的WBA根据具体的业务流程抽象为多个工作流,每个工作流由一个或多个任务组成 [7]这样对WBA的访问控制就转化为根据任务和角色进行Web访问控制 因此,笔者对TBAC模型[5,6]进行改进,引入了角色的概念,进而把TBAC 和RBAC结合起来,简化了对用户和访问权限的管理,克服了TBAC模型权限管理复杂的缺点,解决了RBAC不能对用户访问行为实现时间关联约束,不能保证控制权安全一致的传递的问题 [4]1 根据任务和角色进行Web访问控制TBAC适用于工作流环境,通过组成工作流的任务来实现对用户权限的动态管理 利用任务和角色进行Web访问控制是将角色的概念引入到TBAC模型中,每个角色具有一定的权限,用户通过成为某个角色而获得相应的权限,但角色与RBAC 模型中的角色的语义不同,在笔者采用的模型中,用户通过成为某个角色而拥有的权限在包含它的元授权步激活该角色之前并不能使用,当元授权步无效[收稿日期]2003-03-20[基金项目]国家自然科学基金资助项目(60273040)[作者简介]陈继明(1977-),男,江苏镇江人,硕士生,主要从事网络信息安全、CRM系统开发研究效时,角色所拥有的权限被冻结 而在RBAC 模型中,用户成为某个角色后就能够随时使用该角色所拥有的权限 由于对用户的权限是通过角色和任务来进行分配和管理的,因此它能够满足许多WBA 的访问控制要求 由于实现了用户与访问权限的逻辑分离,基于角色的策略极大地方便了权限管理,而且对实际应用环境的访问控制需求的描述更自然 该方法结合了RBAC 模型和TBAC 模型的优点,通过角色实现了用户与访问权限的逻辑分离,消除了用户变化对工作流程的影响,有利于工作流程的标准化并增强了可重用性 同时通过任务实现了对访问权限的动态控制,实现了对用户访问行为的时间关联约束,保证了控制权安全一致的传递 1 1 概 念[5]元授权步是指在一个工作流程中对处理对象的一次处理过程,是所能控制的最小单元 每个元授权步包含一个角色 角色是指一个组织或任务中的工作或位置,它代表了一种资格、权利和责任 角色用来实现用户和权限的逻辑隔离,即用户与角色相关联,角色与权限相关联,用户通过成为相应角色而获得相应权限 其中,角色所关联的用户集合称为受托人集,受托人集中的每个用户都可被授予元授权步 受托人集的成员被授予元授权步时拥有的访问许可称为角色许可集 当元授权步初始化后,一个来自受托人集中的成员所具有的角色将被激活,并授予元授权步,这个受托人称为元授权步的执行委托者,该执行委托者在执行元授权步的过程中所需许可的集合称为角色执行许可集 在笔者采用的方法中,一个元授权步的处理可以决定后续元授权步对处理对象的操作许可,这些许可称为激活许可集 角色执行许可集和激活许可集一起称为元授权步的保护态图1 元授权步中的受托人!角色!许可集关系F ig 1 Relation of trustee role permissons set inmeta author ization step每个授权步由一个或多个元授权步组成,这些元授权步在逻辑上存在依赖关系 授权步分为一般授权步和原子授权步 一般授权步内的元授权步依次执行,原子授权步内部的每个元授权步紧密联系,其中任何一个元授权步失败都会导致整个原子授权步的失败 任务是工作流程中的一个逻辑单元 它是一个可区分的动作,可能与多个角色相关,也可能包括几个子任务 授权步是任务在计算机中进行控制的一个实例 任务中的子任务对应于授权步中的元授权步 依赖是指元授权步之间或授权步之间的相互关系,包括顺序依赖、失败依赖、失败代理依赖、失败撤消依赖、分权依赖、分级分权代理依赖 工作流是指组织(如政府部门,企业等)内部各个任务的流动和处理方式,它可以用有向图来表示,图中的每个节点对应一个授权步,而图中的边表示授权步间的依赖关系 一个工作流的完整业务流程可以由多个任务构成 而每一个任务对应于一个授权步,每个授权步由特定的元授权步组成 授权步之间以及元授权步之间通过依赖关系联系在一起 1 2 Web 访问控制模型的形式化表示Web 访问控制模型形式化描述如下:(1)由工作流Wf ,授权步As ,元授权步mAs ,角色R ,用户U ,许可集P ,任务执行请求Ar 七部分组成(2)每个授权步As 由一个或多个元授权步mAs 组成,即A s ={m As 1,mAs 2,∀,mAs n },mAs 之间的关系为mAs #mAs 2D,D ={顺序依赖,失败依赖,分权依赖,分级分权代理依赖,失败代理依赖,失败撤消依赖}(3)每个Wf 由一系列As 组成,即Wf ={As 1,As 2,∀,As n },As 之间的关系为As #As 2D,D ={顺序依赖,失败依赖,分权依赖,分级分权代理依赖,失败代理依赖,失败撤消依赖};工作流可以表示为有向图Wf =(As ,E ),其中As 是节点,边E 表示As 之间的依赖关系(4)UA U #R ,UA 是用户到角色的多对多的关系(5)A s 与R 是1:n 关系,A s ∃R ,是从授权步到一个角色的映射,随时间变化而变化 U ∃R 是从U ={U 1,U 2, ,Un }选择一个执行委托者扮演角色的函数(6)As 与P 是1:n 关系,Initial(As ,R )∃P ,P ={p 1,p 2,∀,p n }为许可集,Initial 为角色执行许可集的激活函数;Revoke(As ,R ,P 1)∃P 2,P 1 2P,P 2=P P 1,Revoke 为权限回收函数授权用五元组(R ,O ,P ,L ,mAs )来表示 其中R 表示角色,O 表示客体(指需要进行访问控制的对象),P 表示权限,L 表示元授权步mA s 的存活期限 P 是元授权步mAs 所激活的权限 在元授权58 江苏大学学报(自然科学版) 第24卷步mAs被触发之前,它的保护态是无效的,其中包含的权限不可使用 当元授权步mA s被触发时,与其对应的角色所拥有的许可集中的权限被激活,同时它的存活期开始倒记时,在元授权步存活期间,五元组(R,O,P,L,mAs)有效 当生命期终止,即元授权步mAs无效时,五元组(R,O,P,L,mAs)无效,角色所拥有的权限被禁止访问控制策略包含在As As,mAs mAs,A s R, U R,A s P关系中 As As和mAs mA s的关系决定了一个工作流的执行过程,As R,U R和As P组合决定了一个授权步的运行 它们的关系由WBA的系统管理员根据需要保护的WBA应用的具体业务流程和系统访问控制策略进行直接管理通过基于任务和角色的动态权限管理,笔者的方法支持最小特权原则和职责分离原则2 在Web上的实现在实现Web访问控制模型时,采用了与文献[4]相同的安全cookies机制 这主要是出于以下几个原因:%在现有的Web浏览器和Web服务器中已经广泛采用了cookies技术保持Web状态信息 对其进行安全增强比较直接,代价较小;&HTT P协议是一个无状态的协议,cookies技术能够适应这种情况;∋更主要的是因为笔者的方法与RBAC的主要差别是在Web服务器端对通过认证的角色采用了不同的访问控制策略,而客户端尽管角色的含义在两个访问控制模型中不同,但是在安全cookies的构成和表达形式是一样的 因此,笔者希望通过采用类似的实现机制来说明Web访问控制模型在实际应用中实现的代价和难度也并不比RBAC的Web访问控制模型大,具有更好的实用价值2 1 cookiescookies是一种为Web所广泛采用的技术,在cookies中包含关于用户信息的字符串,当用户通过浏览器访问一个使用cookies的Web站点时,含有用户相关信息的cookies就会被送到用户的内存中,当浏览器关闭之后,这些信息就会被存到用户的硬盘中去 此后,如果该用户再次访问这个Web站点时,Web服务器就可以从用户硬盘里存放cookies内容的文件中读取相应cookies中的内容2 2 安全cookies的实现常规cookies没有考虑安全问题,必须对它们进行安全改造,使它们变成安全cookies,这些改造后的cookies必须提供身份认证、完整性和保密性服务 身份认证服务用于证实cookies拥有者的身份;完整性服务用于保护cookies免受非授权用户的篡改;保密性服务用于防止信息的泄漏 实际应用中到底使用哪种cookies以及其内容的确定要根据具体的使用环境而定 但是,不管是哪种应用,至少要有一个认证cookie以及一个提供完整性服务的cookie,因为只有这样才能构成基本的安全服务[4] 图2是用于对Web实现访问控制的一组安全cookies,它们形式上与文献[4]中的安全cookies相同 其中Name Cookie包含用户名 Role Cookie 包含用户的角色信息Name Co okie Rol e Cooki e Life Coo kie Pswd Cookie IP Cookie Seal Co okieDomain Flag Pat h Cookie Name Coo kie value Secure Ex pire Virgov go v t rue Name Zhang San f a lse01 07 02 Virgov go v t rue Role Clerk f a lse01 07 02 Virgov go v t rue Life Co okie01 07 02f a lse01 07 02 Virgov go v t rue Rswd Cookie Encrypt Pswd f a lse01 07 02 Virgov go v t rue IP Cookie202 119 36 23f a lse01 07 02 Virgov go v t rue Se al Cookie Di g i t al Sign f a lse01 07 02图2 安全cookiesFig 2 Secure coo kies需要说明的是,尽管Role Cookie的内容在笔者提出的方法和文献[4]提出的RBAC中是一样的,但是它的语义在两个模型中是完全不同的,文中提到的角色在包含它的元授权步激活之前是无效的,角色不是实现访问控制的主体,而是通过包含角色的元授权步达到访问控制的目的 而文献[4]中,用户一旦获得某个角色,就能够任意使用角色所拥有的权限,角色是访问控制的主体2 3 通过安全cookies实现Web访问控制模型图3是在Web上实现访问控制的示意图 根据组织结构和工作流程,可以把它的Web应用服务器上所提供的需要进行访问控制的多个WBA组织59第4期 陈继明等:根据任务和角色进行Web访问控制成多个工作流 根据部门设置,可以把一个部门作为一个域,每个域设置一个用户 角色服务器 用户 角色服务器中存放着所在域的用户角色信息 只有成功通过对用户身份的认证,用户才能够收到从用户 角色服务器返回的为其分配的角色信息(也就是图2的6个安全cookies) 此后,当用户通过浏览器访问Web 服务器时,Web 服务器通过安全cookies 来验证用户,并根据用户所希望访问的工作流的状态来决定是否允许用户根据其角色来执行交互图3 在W eb 上访问控制的实现F ig 3 Access control for Web需要再次强调的是,图3中的角色和文献[4]中的角色在语义上是不同的 此外,在Web 访问控制系统的具体实现细节上,与文献[4]的主要区别在WBA 服务器端 首先,在WBA 服务器取出角色后实行的是基于角色和任务,而不是RBAC 其次,对于WBA 服务器上需要进行访问控制的WBA,在本文中引入了工作流的概念,对其进行整体刻画,并对任务进行组织,而任务则用来实现对权限的动态访问控制 而在RBAC 中只是考虑了资源保护问题3 结 论处于网络环境中的Web 应用的访问者往往种类繁多,数量庞大,并且动态变化,使得传统的自主访问控制、强制访问控制和基于角色的访问控制方法难以对Web 进行高效的动态访问控制 在文献[3~6]的基础上,将TBAC 模型和RBAC 模型相结合,在TBAC 模型中引入了角色的概念,可以同时利用角色和任务进行Web 访问控制 由于引入了角色的概念,有利于Web 访问控制模型对实际应用环境的访问控制需求的描述,可以根据人员的职责确定角色,降低了系统管理员的工作难度 把用户对WBA 的访问作为角色的任务执行请求,而在WBA 服务器端则把需要进行访问控制的多个WBA 抽象为多个对应的工作流,这些工作流由一个或多个任务组成 这样对WBA 的访问控制问题就转化为基于任务和角色的访问控制[参 考 文 献][1] Rohit K W eb Security :A M atter of T rust[R] Sebastopol:O (Reilly &Associates,Inc U S A,1997 [2] Ferraiolo D F ,Barkley J F ,K uhn D R A Role BasedA ccess Contro l Mo del and Reference I mplementation within a Corporate Intranet [J] ACM T ransactions of Information and System Secur ity,1999,2(1):34-64[3] Sandhu R ,Cony ne E J ,L feinstein H ,Youman C ERole Based A ccess Cont rol M odels[J] I EEE Computer,1996,29(2):38-47[4] Park Joon S,Sandhu R,Ahn Gail Joon Role Based Access Control on the Web[J] ACM T r ansact ions on Infor mation and System Security,2001,4(1):67-72 [5] 邓集波,洪 帆 基于任务的访问控制模型[J] 软件学报,2003,14(1):76-82[6] K ristol D,M ontulli L Http State M anagement M echanism[R ] R FC 2965,N etw ork Wor king G roup,I nter net Eng ineering T ask Force,2000[7] 孙 健 Domino No tes 安全机制及网状安全设计研究[J] 江苏大学学报(自然科学版),2001,22(3):71-74T ask and Role Based Control Model for Web AccessC H EN Ji m ing ,S ONG Shun lin(School of Computer Science and Telecommunications,Jiangsu University,Zh enjiang,212013,China)Abstract :As an effective measure to achieve information security,access control is important in WBA secu rity Current approaches to access control for WBA are mostly based on individual users and they do not fit to enterprise wide systems A new access control m echanism is presented T he new mothod can meet the need in managing and enforcing the strong and efficient access control in large scale Web environments The im plement ation of new model on the Web is also illustratedKey words :Web security;access control;role;task(责任编辑 朱银昌)60 江苏大学学报(自然科学版) 第24卷。

毕业设计外文资料翻译学院：信息科学与工程学院专业：软件工程姓名： XXXXX学号： XXXXXXXXX外文出处： Think In Java (用外文写)附件： 1.外文资料翻译译文；2.外文原文。

附件1：外文资料翻译译文网络编程历史上的网络编程都倾向于困难、复杂，而且极易出错。

程序员必须掌握与网络有关的大量细节，有时甚至要对硬件有深刻的认识。

一般地，我们需要理解连网协议中不同的“层”（Layer）。

而且对于每个连网库，一般都包含了数量众多的函数，分别涉及信息块的连接、打包和拆包；这些块的来回运输；以及握手等等。

这是一项令人痛苦的工作。

但是，连网本身的概念并不是很难。

我们想获得位于其他地方某台机器上的信息，并把它们移到这儿；或者相反。

这与读写文件非常相似，只是文件存在于远程机器上，而且远程机器有权决定如何处理我们请求或者发送的数据。

Java最出色的一个地方就是它的“无痛苦连网”概念。

有关连网的基层细节已被尽可能地提取出去，并隐藏在JVM以及Java的本机安装系统里进行控制。

我们使用的编程模型是一个文件的模型；事实上，网络连接（一个“套接字”）已被封装到系统对象里，所以可象对其他数据流那样采用同样的方法调用。

除此以外，在我们处理另一个连网问题——同时控制多个网络连接——的时候，Java内建的多线程机制也是十分方便的。

本章将用一系列易懂的例子解释Java的连网支持。

15.1 机器的标识当然，为了分辨来自别处的一台机器，以及为了保证自己连接的是希望的那台机器，必须有一种机制能独一无二地标识出网络内的每台机器。

早期网络只解决了如何在本地网络环境中为机器提供唯一的名字。

但Java面向的是整个因特网，这要求用一种机制对来自世界各地的机器进行标识。

为达到这个目的，我们采用了IP（互联网地址）的概念。

IP以两种形式存在着：(1) 大家最熟悉的DNS（域名服务）形式。

我自己的域名是。

所以假定我在自己的域内有一台名为Opus的计算机，它的域名就可以是。

XXXX大学毕业设计(论文)外文资料翻译学院专业学生姓名班级学号外文出处互联网周刊1.外文资料翻译译文什么是Web 2.02001年秋天互联网公司（dot-com)泡沫的破灭标志着互联网的一个转折点。

许多人断定互联网被过分炒作，事实上网络泡沫和相继而来的股市大衰退看起来像是所有技术革命的共同特征。

股市大衰退通常标志着蒸蒸日上的技术已经开始占领中央舞台。

假冒者被驱逐，而真正成功的故事展示了它们的力量，同时人们开始理解了是什么将一个故事同另外一个区分开来。

“Web 2.0”的概念开始于一个会议中，展开于O'Reilly公司和MediaLive 国际公司之间的头脑风暴部分。

所谓互联网先驱和O'Reilly公司副总裁的戴尔·多尔蒂(Dale Dougherty)注意到，同所谓的“崩溃”迥然不同，互联网比其他任何时候都更重要，令人激动的新应用程序和网站正在以令人惊讶的规律性涌现出来。

更重要的是，那些幸免于当初网络泡沫的公司，看起来有一些共同之处。

那么会不会是互联网公司那场泡沫的破灭标志了互联网的一种转折，以至于呼吁“Web 2.0”的行动有了意义？我们都认同这种观点，Web 2.0会议由此诞生。

在那个会议之后的一年半的时间里，“Web 2.0”一词已经深入人心，从Google上可以搜索到950万以上的链接。

但是，至今关于Web 2.0的含义仍存在极大的分歧，一些人将Web 2.0贬低为毫无疑义的一个行销炒作口号，而其他一些人则将之理解为一种新的传统理念。

本文就是来尝试澄清Web 2.0本来意义。

在我们当初的头脑风暴中，我们已经用一些例子，公式化地表达了我们对Web 2.0的理解：这个列表还会不断继续下去。

但是到底是什么，使得我们认定一个应用程序或一种方式为作所谓“Web 1.0”，而把另外一个叫做“Web 2.0”呢？（这个问题尤为紧迫，因为Web 2.0的观念已经传播的如此广泛，以至于很多公司正在将这个词加到他们的行销炒作中，但却没有真正理解其含义。

中英文对照外文翻译文献(文档含英文原文和中文翻译)译文：Web 2.0下的Spring MVC框架摘要 - 当要建立丰富用户体验的WEB应用时，有大量的WED应用框架可以使用，却很少有该选择哪一种的指导。

WEB 2.0应用允许个体管理他们自己的在线网页，并能与其他在线用户和服务器共享。

这样分享需要访问控制器来实现。

然而，现有的访问控制器解决方案不是令人很满意。

因为在开放且由用户主导的WEB环境下，它满足不了用户的功能需求。

MVC框架是在所有的WEB开发框架中最受欢迎的。

模型-视图-控制器（MVC）是一种软件架构，如今被认为是一种体系结构在软件工程模式中使用。

该模式从用户界面（输入和演示）分离出了“领域逻辑”（基于用户的应用逻辑），它允许独立地开发，测试和维护每个分离的部分。

模型-视图-控制器（MVC）模型创建的应用分离为不同的层次应用，同时在每两者之间建立松散的耦合。

关键字 - Spring MVC, 结构， XStudio, SOA, 控制器I.绪论如何确切地定义一个网站为“WEB 2.0”的呢？关于这有着许多不同见解，使它很难精确地下一个确切的定论。

但当我们将所有的WEB开发框架过一遍之后它就会变得清晰了。

各种基于WEB开发的架构如下：●Ntier架构（Ntier Architecture）在软件工程中，多层架构（常被称为n-tier架构）是一种表示层，应用处理层和数据管理层在逻辑上分开处理的客户端-服务器架构。

例如，一个应用在用户与数据库之间使用中间件提供数据请求服务就用到了多层体系结构。

最为广泛应用的多层体系结构是三层架构。

N-tier 应用架构为开发者提供了用来创建了一个灵活且可复用的模型。

通过打破应用层次，开发者只需修改或添加一个特定的层，而不是要去重写一遍整个应用。

它需要有一个表示层，一个业务层或者数据访问层和一个数据层。

层（layer）和层(tier)之间的概念常常是可以互换的。

Role-Based Access Control on the WebJOON S.PARK and RAVI SANDHUGeorge Mason UniversityandGAIL-JOON AHNUniversity of North Carolina at CharlotteCurrent approaches to access control on Web servers do not scale to enterprise-wide systems because they are mostly based on individual user identities.Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in large-scale Web environments.To satisfy this requirement,we identify two different architec-tures for RBAC on the Web,called user-pull and server-pull.To demonstrate feasibility,we implement each architecture by integrating and extending well-known technologies such as cookies,X.509,SSL,and LDAP,providing compatibility with current Web technologies.We describe the technologies we use to implement RBAC on the Web in different architectures. Based on our experience,we also compare the tradeoffs of the different approaches. Categories and Subject Descriptors:D.4.6[Operating Systems]:Security and Protection—Access controls;K.6.5[Management of Computing and Information Systems]:Security and ProtectionGeneral Terms:Design,Experimentation,SecurityAdditional Key Words and Phrases:Cookies,digital certificates,role-based access control, WWW security1.INTRODUCTIONThe World Wide Web(WWW)is a critical enabling technology for electronic commerce on the Internet.Its underlying protocol,HTTP(HyperText Transfer Protocol[Fielding et al.1999]),has been widely used to synthesize diverse technologies and components,to great effect in Web environments. Authors’addresses:J.S.Park and R.Sandhu,Laboratory for Information Security Technology (LIST),Information and Software Engineering Department,George Mason University,Mail Stop4A4,Fairfax,VA22030;email:jpark@;; sandhu@;;G.-J.Ahn,College of Information Technology, University of North Carolina at Charlotte,9201University City Blvd.,Charlotte,NC28223-0001;email:gahn@;.Permission to make digital/hard copy of part or all of this work for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage,the copyright notice,the title of the publication,and its date appear, and notice is given that copying is by permission of the ACM,Inc.To copy otherwise,to republish,to post on servers,or to redistribute to lists,requires prior specific permission and/or a fee.©2001ACM1094-9224/01/0200–0037$5.00ACM Transactions on Information and System Security,Vol.4,No.1,February2001,Pages37–71.38•J.S.Park et al.Increased integration of Web,operating system,and database system technologies will lead to continued reliance on Web technology for enter-prise computing.However,current approaches to access control on Web servers are mostly based on individual user identity;hence they do not scale to enterprise-wide systems.If the roles of individual users are provided securely,Web servers can trust and use the roles for role-based access control(RBAC[Sandhu et al. 1996;Sandhu1998]).So a successful marriage of the Web and RBAC has the potential for making a considerable impact on deployment of effective enterprise-wide security in large-scale systems.In this article we present a comprehensive approach to RBAC on the Web.We identify the user-pull and server-pull architectures and analyze their advantages and disadvantages.To support these architectures on the Web,we take relatively mature technologies and extend them for secure RBAC on the Web.In order to do so,we make use of standard technologies in use on the Web:cookies,X.509,SSL,and LDAP.First,we investigate how to secure and use the very popular cookies technology[Kristol and Montulli1999;Moore and Freed1999]for RBAC on the Web.Cookies were invented to maintain continuity and state on the Web.Cookies contain strings of text characters encoding relevant informa-tion about the user,and are sent to the user’s machine via the browser while the user is visiting a cookie-using Web site.The Web server gets those cookies back and retrieves the user’s information from the cookies when the user later returns to the same Web site.The purpose of a cookie is to acquire information and use it in subsequent communications between the Web server and the browser,without asking for the same information again.Cookies can also be used at a different Web server from the one that issued the cookie.However,it is not safe to store and transmit sensitive information in cookies because cookies are insecure.Cookies are stored and transmitted in clear text,which is readable and can be forged easily.One contribution of this article is to identify and discuss techniques to make cookies secure,so that they can carry and store sensitive data.We call these cookies secure cookies.These techniques have varying degrees of security and convenience for users and system administrators.To demon-strate the feasibility of these ideas,we implement RBAC on the Web in the user-pull architecture using secure cookies.Second,we also use X.509v3certificates[ITU-T Recommendation X.509 1993;1997;Housley et al.1998],an ISO standard,since public-key infra-structure(PKI)is recognized as a crucial enabling technology for security in large-scale networks.The basic purpose of X.509certificates is simply the binding of users to keys.Even though X.509can be extended,the application of the extensions of X.509for RBAC is not yet precisely defined. We describe how to extend and use existing X.509certificates for RBAC on the Web.We call these extended X.509certificates smart certificates.Smart certificates have several sophisticated features:they support short-lived lifetime and multiple certificate authorities,contain attributes,provide postdated and renewable certificates,and provide confidentiality.Selection ACM Transactions on Information and System Security,Vol.4,No.1,February2001.Role-Based Access Control•39 of these new features depends on applications.To prove the feasibility of these ideas,we implement RBAC on the Web in the user-pull architecture using smart certificates.Third,we implement RBAC on the Web in the server-pull architecture using LDAP(Lightweight Directory Access Protocol[Howes et al.1999]) and SSL(Secure Socket Layer[Wagner and Schneier1996;Dierks and Allen1999]).LDAP is a protocol that enables X.500–based directories to be read through Internet clients.When an LDAP client needs a specific entry in an LDAP server,the LDAP client generates an LDAP message contain-ing a request and sends this message to the LDAP server.The server retrieves the entry from its database and sends it to the client in an LDAP message.With this directory services feature,we use LDAP and SSL between Web servers and the role server to implement RBAC on the Web in the server-pull architecture.Secure cookies inherently support the user-pull architecture only—since cookies are stored in users’machines they cannot operate in the server-pull architecture.In contrast,smart certificates and LDAP support both user-pull and server-pull architectures.This article is organized as follows.Section2introduces an overview of role-based access control(RBAC).In Section3,we identify operational architectures for RBAC services on the Web.Section4describes how we render secure cookies using cryptographic technologies and implement RBAC on the Web in the user-pull architecture using secure cookies. Section5describes how we extend X.509certificates with new features and implement RBAC on the Web in the user-pull architecture using smart certificates.Section6describes how we implement RBAC on the Web in the server-pull architecture using LDAP and SSL between Web servers and the role server.In Section7,we discuss the tradeoffs among the different technologies we have developed and implemented on the Web.In Section8, we compare our approaches with existing RBAC products.Finally,Section 9gives our conclusions.2.ROLE-BASED ACCESS CONTROL(RBAC)OVERVIEWRole-based access control(RBAC)emerged rapidly in the1990s as a proven technology for managing and enforcing security in large-scale enterprise-wide systems.Its basic notion is that permissions are associated with roles, and users are assigned to appropriate roles.This greatly simplifies security management.A significant body of research on RBAC models and experi-mental implementations has developed[Ferraiolo and Kuhn1992;Fer-raiolo et al.1995;Guiri1995;Guiri and Iglio1996;Mohammed and Dilts 1994;Hu et al.1995;Nyanchama and Osborn1995;Sandhu et al.1996;von Solms and van der Merwe1994;Youman et al.1997;Sandhu1998;Ahn and Sandhu2000;Osborn et al.2000].We were motivated by the need to manage and enforce the strong and efficient access control technology of RBAC in a large-scale Web environment, ACM Transactions on Information and System Security,Vol.4,No.1,February2001.40•J.S.Park et al.RBAC(b) RBAC modelsFig.1.A family of RBAC models.since RBAC is a successful technology that will be a central component of emerging enterprise security infrastructures.RBAC is a proven alternative to traditional discretionary and mandatory access controls;it ensures that only authorized users are given access to certain data or resources.It also supports three well-known security principles:information hiding,least-privilege,and separation of duties.A role is a semantic construct forming the basis of access control policy. With RBAC,system administrators can create roles,grant permissions to those roles,and then assign users to the roles on the basis of their specific ACM Transactions on Information and System Security,Vol.4,No.1,February2001.Role-Based Access Control•41 job responsibilities and policy.In particular,role-permission relationships can be predefined,making it simple to assign users to the predefined roles. Without RBAC,it is difficult to determine what permissions have been authorized for which users.Access control policy is embodied in RBAC components such as user-role, role-permission,and role-role relationships.These RBAC components de-termine if a particular user is allowed access to a specific piece of system data.Users create sessions during which they may activate a subset of roles to which they belong.Each session can be assigned to many roles,but it maps only one user.The concept of a session corresponds to the traditional notion of subject in the access control literature.Role hierarchy in RBAC is a natural way of organizing roles to reflect the organization’s lines of authority and responsibility.By convention,junior roles appear at the bottom of the hierarchic role diagrams and senior roles at the top.The hierarchic diagrams are partial orders,so they are reflexive, transitive,and antisymmetric.Inheritance is reflexive because a role inherits its own permissions,transitive because of a natural requirement in this context,and antisymmetry rules out roles that inherit from one another,and would therefore be redundant.Constraints are an effective mechanism to establish higher-level organi-zational policy.They can apply to any relation and function in an RBAC model.When applied,constraints are predicates that return a value of acceptable or not acceptable.A general family of RBAC models was defined by Sandhu et al.[1996].Figure1shows the most general model in this family.RBAC0is the base model that specifies the minimum requirement for any system that fully supports RBAC.RBAC1and RBAC2both include RBAC0,but they also have independent features.RBAC1adds the concept of role hierarchies,which imply situations in which roles can inherit permissions from other roles.RBAC2adds constraints that impose restric-tions on components of RBAC.RBAC1is incomparable with RBAC2,and vice versa.RBAC3is the consolidated model that includes RBAC1and RBAC2and,by transitivity,RBAC0.The relationship among the four RBAC models and the consolidated RBAC3model is shown in Figure1. Details for motivation and discussion on the RBAC family of models (RBAC0,RBAC1,RBAC2,RBAC3,ARBAC0,ARBAC1,ARBAC2,and AR-BAC3)are described in Sandhu et al.[1996];Sandhu[1997];Sandhu et al. [1999].3.OPERATIONAL ARCHITECTURESPark and Sandhu identified two different approaches for obtaining a user’s attributes on the Web,especially with respect to user-pull and server-pull architectures,in which each architecture has user-based and host-based modes[Park and Sandhu1999b].An attribute is a particular property of an entity,such as a role,access identity,group,or clearance.In this section, ACM Transactions on Information and System Security,Vol.4,No.1,February2001.we embody those general approaches for RBAC on the Web with specific components and relationships.Each approach is implemented and de-scribed in this article,and we provide an analysis of their relative advan-tages and disadvantages.Basically,there are three components in both architectures:client,Web server,and role server.These components are already being used on the Web.Clients connect to Web servers via HTTP using browsers.The role server is maintained by an administrator and assigns users to the roles in the domain [Sandhu and Park 1998].Detailed technologies (such as authentication,role transfer and protection,and verification)to support these architectures depend on the applications that are used.3.1User-Pull ArchitectureIn user-pull architecture,a user,say Alice,pulls her roles from the role server and then presents them to the Web servers,as depicted in the UML (Unified Modeling Language [Booch et al.1998])collaborational diagram in Figure 2.We call this a user-pull architecture,since the user pulls her roles from the role server where roles are assigned to the users in the domain.HTTP is employed for user-server interaction with standard Web browsers and Web servers.In user-pull-host-based mode,the user needs to download her roles from the role server and store them in her machine (which has her host-based authentication information,such as IP numbers).1Later,when Alice wants 1Address-based authentication is a convenient authentication mechanism because the authen-tication process is transparent to users,but such a method is not always desirable.For example,if the user’s IP address is dynamically assigned to her computer whenever she connects to the Internet,or the user’s domain uses a proxy server,which provides the same IP numbers to the users in the domain,this is not a proper authentication technique.In addition,we cannot avoid IP spoofing,which is a technique for gaining unauthorized access by sending messages to a computer with a trusted IP address.Validation Result Transaction Results Validation Result Transaction Results *Authentication Information can be either user-based or host-based.Role-RequestResult Fig.2.Collaborational diagram for the user-pull architecture.42•J.S.Park et al.ACM Transactions on Information and System Security,Vol.4,No.1,February 2001.to access the Web server,which requires proper authentication information and roles,her machine presents that information to the Web server.After client authentication and role verification,the Web server uses the roles for RBAC.However,since this mode is host-based,it cannot support high user mobility,while it may support a more convenient service than the user-based mode,which requires the user’s cooperation (e.g.,typing in pass-words).On the other hand,the user-pull-user-based mode supports high user mobility.The user can download her roles to her current machine from the role server.Then,she presents those roles to the Web server along with her user-based authentication information,such as her passwords.After user authentication and role verification,the Web server uses the roles for RBAC.In this mode,the user can use any machine that supports HTTP,as long as she has the right user-based authentication information (e.g.,passwords).In this user-pull architecture,we must support the binding of roles and identification for each user.For instance,if Alice presents Bob’s roles with her authentication information to the Web server,she must be rejected.In Section 5.2we describe how to solve this problem efficiently by means of smart certificates between existing Web servers and browsers.General approaches for binding user attributes and their identities are discussed by Park and Sandhu [2000a].3.2Server-Pull ArchitectureIn server-pull architecture,each Web server pulls user’s roles from the role server as needed and uses them for RBAC,as depicted in the UML collaborational diagram in Figure 3.We call this a server-pull architecture,since the server pulls the user’s roles from the role server.HTTP is used for user-server interaction with standard Web browsers and servers.If the role server provides the user’s roles securely,the Web server can trust those roles and uses them for RBAC.*Authentication Information can be either user-based or host-based.AuthenticationResult Transaction Results Authentication Result Transaction Results Fig.3.Collaborational diagram for server-pull architecture.Role-Based Access Control•43ACM Transactions on Information and System Security,Vol.4,No.1,February 2001.44•J.S.Park et al.In this architecture the user does not need access to her roles;she needs only her authentication information.In server-pull-host-based mode,she presents host-based authentication information(e.g.,IP numbers)to the Web server.The role-obtaining mechanism is transparent to the user,while limiting user portability.However,in server-pull-user-based mode,Alice presents user-based authentication information(e.g.,passwords)to the Web server.This supports high user portability,while it requires the user’s cooperation(e.g.,typing in passwords).After user authentication,the Web server downloads the user’s roles from the role server and uses them for RBAC.4.RBAC ON THE WEB IN USER-PULL ARCHITECTURE USING SECURECOOKIESCookies were invented to maintain continuity and state on the Web[Kristol and Montulli1999;Moore and Freed1999].The purpose of a cookie is to acquire information and use it in subsequent communications between the Web server and the browser without asking for the same information again. Technically,it is not difficult to make a cookie carry relevant information. However,because they are insecure it is not safe to store and transmit sensitive information in cookies.Cookies are stored and transmitted in clear text,which is readable and easily forged.Hence,we should render cookies secure in order to carry and store sensitive data in them.We provide secure cookies with three types of security services:authenti-cation,integrity,and confidentiality.Authentication services verify the owner of the cookies.Integrity services protect cookies against the threat that their contents might be changed by unauthorized modification.Fi-nally,confidentiality services protect cookies against having their values revealed to an unauthorized entity.Details for these techniques have varying degrees of security and convenience for users and system adminis-trators.Our motivation for using the cookie mechanism is that it is already widely deployed in existing Web browsers and servers for maintaining state on the Web.There are other techniques to make Web transactions secure without using secure cookies.For example,the secure HTTP protocol (S-HTTP)and HTML security extensions[Rescorla and Schiffman1998; Schiffman and Rescorla1998]can be used for this purpose.Other protocols and extensions could be devised to operate in conjunction with the SSL protocol.However,these technologies cannot solve the stateless problem of HTTP.Furthermore,none of them can prevent end-system threats(de-scribed in Section4.2)to cookies.In this section we describe how we developed secure cookies and imple-mented RBAC with role hierarchies[Ferraiolo et al.1995;Sandhu et al. 1996]on the Web in user-pull architecture using secure cookies.4.1Related Technologies4.1.1Cookies.Cookies serve many purposes on the Web,such as select-ing display mode(for example,frames or text only),maintaining shopping-cart selections,and storing user identification data.ACM Transactions on Information and System Security,Vol.4,No.1,February2001.All cookies are fundamentally similar.A typical cookie,shown in Figure 4,has several fields.Cookie_Name and Cookie_Value contain information a Web site would want to keep.For example,in the figure,the values of Name_Cookie and Role_Cookie are “Alice”and “Manager,”respectively.Date is the cookie’s valid lifetime.Domain is a host or domain name where the cookie is valid.Flag specifies whether or not all machines within a given domain can access the cookie’s information.Path restricts cookie usage within a site (only pages in the path can read the cookie).If the Secure flag is on,the cookie will be transmitted over secure communica-tions channels only,such as SSL.Detailed cookie specifications are avail-able in Kristol and Montulli [1999]and Moore and Freed [1999].According to the current HTTP state management mechanism,whenever a browser requests a URL to a Web server,it sends only the relevant Cookie_Name and Cookie_Value fields (selected by the Domain and Flag fields)to the server.Cookies received by the server are used during this browser-server communication.If the server does not receive any cookies,however,it either works without using cookies or it creates new ones for subsequent browser-server communication.A Web server can update the cookies’contents whenever the user visits the server.The cookie issuer is not important for validation;any Web server can issue cookies for other Web servers.4.1.2Pretty Good Privacy (PGP).PGP (Pretty Good Privacy [Zimmer-mann 1995;Garfinkel 1995]),a popular software package originally devel-oped by P.Zimmermann,is widely used by the Internet community to provide cryptographic routines for email,file transfer,and file storage applications.A proposed Internet standard has been developed [Callas et al.1998],specifying use of PGP.It employs existing cryptographic algo-rithms and protocols and runs on multiple platforms.It provides data encryption and digital signature functions for basic message protection services.PGP is based on public-key cryptography,and defines its own public-key pair-management system and public-key certificates.The PGP key-man-agement system is based on the relationship between key owners,rather than on a single infrastructure such as X.509.Basically,it uses RSA[Rivest et al.1978]for the convenience of the public-key cryptosystem,message digests (MD5[Rivest 1992]),and IDEA [Lai and Massey 1991]for process speed,and Diffie-Hellman [Diffie and Hellman 1997]for keySecure Path Flag Domain TRUE / TRUE /Cookie_Name Cookie_Value Manager Alice Cookie n Cookie 1Name_Cookie Role_Cookie Date FALSE 12/31/2001FALSE 12/31/2001Fig.4.An example of cookies on the Web.Role-Based Access Control•45ACM Transactions on Information and System Security,Vol.4,No.1,February 2001.46•J.S.Park et al.exchange.The updated version supports additional cryptographic algo-rithms.Although the original purpose of PGP was to protect casual email among Internet users,we decided in our implementation to use the PGP package for secure cookies.4.2Security Threats to Typical CookiesWe distinguish three types of threats to cookies:network security threats, end-system threats and cookie-harvesting threats.Cookies transmitted in clear text on the network are susceptible to snooping(for subsequent replay)and to modification by network work threats can be foiled by using the Secure Sockets Layer(SSL)protocol,which is widely deployed in servers and browsers.However,SSL can only secure cookies while they are on the network.Once the cookie is in the browser’s end system,it resides on the hard disk or memory in clear text.It is trivial to alter such cookies,and they are easily copied from one computer to another, with or without the connivance of the user on whose machine the cookies were originally stored.We call this the end-system threat.The ability to alter cookies allows users to forge authorization information in cookies and to impersonate other users.The ability to copy cookies makes such forgery and impersonation all the easier.Additionally,if an attacker collects cookies by impersonating a site that accepts cookies from the users(who believe that they are communicating with a legitimate Web server),the attacker can later use those harvested cookies for all other sites that accept them.We call this the cookie-harvesting threat.These attacks are all relatively easy to carry out,and certainly do not require great hacker expertise.4.3Designing Secure CookiesIn this section we describe how to transform regular cookies—which have zero security—into secure cookies,which provide the classic security ser-vices against the three types of threats to cookies(described in Section4.2). Details for secure cookies and their applications are described in Park and Sandhu[2000b].Basically,secure cookies provide three types of security services:authen-tication,integrity,and confidentiality services.Selection of the kinds and contents of secure cookies depends on applications and the given situation. Figure5shows a set of secure cookies that we will create and use for RBAC on the Web.The Name_Cookie contains the user’s name(e.g.,Alice) and the Role_Cookie holds the user’s role information(e.g.,Manager).The Life_Cookie is used to hold the lifetime of the secure-cookie set in its Cookie_Value field and enables the Web server to check the integrity of the lifetime of the secure-cookie set.To protect these cookies from possible attacks,we use IP_Cookie,Pswd_Cookie,and Seal_Cookie.Authentication cookies(i.e.,IP_Cookie and Pswd_Cookie)verify the owner of the cookies by comparing the authentication information in the cookies to those coming ACM Transactions on Information and System Security,Vol.4,No.1,February2001.from the users.The IP_Cookie holds the IP number of the user’s machine,and the Pswd_Cookie holds the user’s encrypted passwords.This confiden-tiality service protects the values of the cookies from being revealed to any unauthorized entity.In our implementation,we use the IP_Cookie and Pswd_Cookie together to show feasibility,but only one of these authentica-tion cookies can be used to provide the authentication service.The choice of an authentication cookie depends on the situation.2Finally,the Seal-_Cookie—which has the digital signature or MAC (Message Authentication Code [Bellare et al.1996])of the cookie-issuing server on the secure cookie set—supports integrity service,protecting cookies against the threat that their contents might be changed by unauthorized modification.There are basically two cryptographic technologies applicable for secure cookies:public-key-based and secret-key-based solutions.In our implemen-tation,we use the public-key-based solution for security services provided by a PGP package via CGI (Common Gateway Interface)scripts.In the next section we will describe,in turn,secure cookie creation,verification,and use of role information in the Role_Cookie for RBAC with role hierar-chies.A detailed description for this implementation is available in Park et al.[1999].2It is also possible for authentication to be based on protocols such as RADIUS [Rigney et al.1997],Kerberos [Steiner et al.1988;Neuman 1994],and other,similar protocols.Our focus in this work is on techniques that make secure cookies self-sufficient,rather than partly reliant on other security protocols,which is alwayspossible.** Seal_of_Cookies can be either MAC or a signed message digest of cookies.* Sensitive fields are encrypted in the cookies.Note: Pswd_Cookie can be replaced with one of the other authentication cookies in Figure 2.Fig.5.A set of secure cookies for RBAC on the Web.ACM Transactions on Information and System Security,Vol.4,No.1,February 2001.。

基于Spring Security的Web资源访问控制丁振凡【摘要】Web应用的访问控制一直以来受到广泛关注。

由于Http的无状态性,给应用的安全设计带来较大难度。

Spring Security提供了完整的访问控制机制,从而给应用安全设计提供了强大的支持。

在介绍Spring Securi-ty对访问对象的访问控制整体框架的基础上,重点讨论了用户认证和基于URL的安全保护的访问授权的设置方法。

并简要介绍了基于方法的安全保护及JSP页面内容的安全保护的配置及应用要点。

%Access Control in web applications has been widely concerned.Because Http has no state,it brings some difficulties in security design of applications.Spring Security provides complete access control mechanism,which provides strong support for security design.On the basis of introducing the spring security framework Overall control to access objects,Focus on user authentication and setting methods of security access authorization based on URL.Security based on method as well as security setting and key points of applications of JSP page content was briefly introduced in the paper.【期刊名称】《宜春学院学报》【年(卷),期】2012(034)008【总页数】4页(P71-74)【关键词】Spring;Security;HTTP基本认证;URL保护;方法保护;JSP安全标签【作者】丁振凡【作者单位】华东交通大学信息工程学院,南昌330013【正文语种】中文【中图分类】TP393Abstract:Access Control in web applications has been widely concerned.Because Http has no state，it brings some difficultiesin security design of applications.Spring Security provides complete access control mechanism，which provides strong support for security design.On the basis of introducing the spring security framework Overall control to access objects，Focus on user authentication and setting methods of security access authorization based on URL.Security based on method as well as security setting and key points of applications of JSP page content was briefly introduced in the paper.Key words:Spring Security;HTTP basic authentication;URLprotection;Method protection;JSP security tag对Web资源的访问控制一直以来是应用设计中需要考虑的问题［7］。

中英⽂双语外⽂⽂献翻译：⼀种基于...此⽂档是毕业设计外⽂翻译成品（含英⽂原⽂+中⽂翻译），⽆需调整复杂的格式！下载之后直接可⽤，⽅便快捷！本⽂价格不贵,也就⼏⼗块钱！⼀辈⼦也就⼀次的事！英⽂3890单词，20217字符(字符就是印刷符)，中⽂6398汉字。

A Novel Divide-and-Conquer Model for CPI Prediction UsingARIMA, Gray Model and BPNNAbstract:This paper proposes a novel divide-and-conquer model for CPI prediction with the existing compilation method of the Consumer Price Index (CPI) in China. Historical national CPI time series is preliminary divided into eight sub-indexes including food, articles for smoking and drinking, clothing, household facilities, articles and maintenance services, health care and personal articles, transportation and communication, recreation, education and culture articles and services, and residence. Three models including back propagation neural network (BPNN) model, grey forecasting model (GM (1, 1)) and autoregressive integrated moving average (ARIMA) model are established to predict each sub-index, respectively. Then the best predicting result among the three models’for each sub-index is identified. To further improve the performance, special modification in predicting method is done to sub-CPIs whose forecasting results are not satisfying enough. After improvement and error adjustment, we get the advanced predicting results of the sub-CPIs. Eventually, the best predicting results of each sub-index are integrated to form the forecasting results of the national CPI. Empirical analysis demonstrates that the accuracy and stability of the introduced method in this paper is better than many commonly adopted forecasting methods, which indicates the proposed method is an effective and alternative one for national CPI prediction in China.1.IntroductionThe Consumer Price Index (CPI) is a widely used measurement of cost of living. It not only affects the government monetary, fiscal, consumption, prices, wages, social security, but also closely relates to the residents’daily life. As an indicator of inflation in China economy, the change of CPI undergoes intense scrutiny. For instance, The People's Bank of China raised the deposit reserve ratio in January, 2008 before the CPI of 2007 was announced, for it is estimated that the CPI in 2008 will increase significantly if no action is taken. Therefore, precisely forecasting the change of CPI is significant to many aspects of economics, some examples include fiscal policy, financial markets and productivity. Also, building a stable and accurate model to forecast the CPI will have great significance for the public, policymakers and research scholars.Previous studies have already proposed many methods and models to predict economic time series or indexes such as CPI. Some previous studies make use of factors that influence the value of the index and forecast it by investigating the relationship between the data of those factors and the index. These forecasts are realized by models such as Vector autoregressive (VAR)model1 and genetic algorithms-support vector machine (GA-SVM) 2.However, these factor-based methods, although effective to some extent, simply rely on the correlation between the value of the index and limited number of exogenous variables (factors) and basically ignore the inherent rules of the variation of the time series. As a time series itself contains significant amount of information3, often more than a limited number of factors can do, time series-based models are often more effective in the field of prediction than factor-based models.Various time series models have been proposed to find the inherent rules of the variation in the series. Many researchers have applied different time series models to forecasting the CPI and other time series data. For example, the ARIMA model once served as a practical method in predicting the CPI4. It was also applied to predict submicron particle concentrations frommeteorological factors at a busy roadside in Hangzhou, China5. What’s more, the ARIMA model was adopted to analyse the trend of pre-monsoon rainfall data forwestern India6. Besides the ARIMA model, other models such as the neural network, gray model are also widely used in the field of prediction. Hwang used the neural-network to forecast time series corresponding to ARMA (p, q) structures and found that the BPNNs generally perform well and consistently when a particular noise level is considered during the network training7. Aiken also used a neural network to predict the level of CPI and reached a high degree of accuracy8. Apart from the neural network models, a seasonal discrete grey forecasting model for fashion retailing was proposed and was found practical for fashion retail sales forecasting with short historical data and better than other state-of-art forecastingtechniques9. Similarly, a discrete Grey Correlation Model was also used in CPI prediction10. Also, Ma et al. used gray model optimized by particle swarm optimization algorithm to forecast iron ore import and consumption of China11. Furthermore, to deal with the nonlinear condition, a modified Radial Basis Function (RBF) was proposed by researchers.In this paper, we propose a new method called “divide-and-conquer model”for the prediction of the CPI.We divide the total CPI into eight categories according to the CPI construction and then forecast the eight sub- CPIs using the GM (1, 1) model, the ARIMA model and the BPNN. To further improve the performance, we again make prediction of the sub-CPIs whoseforecasting results are not satisfying enough by adopting new forecasting methods. After improvement and error adjustment, we get the advanced predicting results of the sub-CPIs. Finally we get the total CPI prediction by integrating the best forecasting results of each sub-CPI.The rest of this paper is organized as follows. In section 2, we give a brief introduction of the three models mentioned above. And then the proposed model will be demonstrated in the section 3. In section 4 we provide the forecasting results of our model and in section 5 we make special improvement by adjusting the forecasting methods of sub-CPIs whose predicting results are not satisfying enough. And in section 6 we give elaborate discussion and evaluation of the proposed model. Finally, the conclusion is summarized in section 7.2.Introduction to GM(1,1), ARIMA & BPNNIntroduction to GM(1,1)The grey system theory is first presented by Deng in 1980s. In the grey forecasting model, the time series can be predicted accurately even with a small sample by directly estimating the interrelation of data. The GM(1,1) model is one type of the grey forecasting which is widely adopted. It is a differential equation model of which the order is 1 and the number of variable is 1, too. The differential equation is:Introduction to ARIMAAutoregressive Integrated Moving Average (ARIMA) model was first put forward by Box and Jenkins in 1970. The model has been very successful by taking full advantage of time series data in the past and present. ARIMA model is usually described as ARIMA (p, d, q), p refers to the order of the autoregressive variable, while d and q refer to integrated, and moving average parts of the model respectively. When one of the three parameters is zero, the model is changed to model “AR”, “MR”or “ARMR”. When none of the three parameters is zero, the model is given by:where L is the lag number,?t is the error term.Introduction to BPNNArtificial Neural Network (ANN) is a mathematical and computational model which imitates the operation of neural networks of human brain. ANN consists of several layers of neurons. Neurons of contiguous layers are connected with each other. The values of connections between neurons are called “weight”. Back Propagation Neural Network (BPNN) is one of the most widely employed neural network among various types of ANN. BPNN was put forward by Rumelhart and McClelland in 1985. It is a common supervised learning network well suited for prediction. BPNN consists of three parts including one input layer, several hidden layers and one output layer, as is demonstrated in Fig 1. The learning process of BPNN is modifying the weights of connections between neurons based on the deviation between the actual output and the target output until the overall error is in the acceptable range.Fig. 1. Back-propagation Neural Network3.The Proposed MethodThe framework of the dividing-integration modelThe process of forecasting national CPI using the dividing-integration model is demonstrated in Fig 2.Fig. 2.The framework of the dividing-integration modelAs can be seen from Fig. 2, the process of the proposed method can be divided into the following steps: Step1: Data collection. The monthly CPI data including total CPI and eight sub-CPIs are collected from the official website of China’s State Statistics Bureau (/doc/d62de4b46d175f0e7cd184254b35eefdc9d31514.html /).Step2: Dividing the total CPI into eight sub-CPIs. In this step, the respective weight coefficient of eight sub- CPIs in forming the total CPI is decided by consulting authoritative source .(/doc/d62de4b46d175f0e7cd184254b35eefdc9d31514.html /). The eight sub-CPIs are as follows: 1. Food CPI; 2. Articles for Smoking and Drinking CPI; 3. Clothing CPI; 4. Household Facilities, Articles and Maintenance Services CPI; 5. Health Care and Personal Articles CPI; 6. Transportation and Communication CPI;7. Recreation, Education and Culture Articles and Services CPI; 8. Residence CPI. The weight coefficient of each sub-CPI is shown in Table 8.Table 1. 8 sub-CPIs weight coefficient in the total indexNote: The index number stands for the corresponding type of sub-CPI mentioned before. Other indexes appearing in this paper in such form have the same meaning as this one.So the decomposition formula is presented as follows:where TI is the total index; Ii (i 1,2, ,8) are eight sub-CPIs. To verify the formula, we substitute historical numeric CPI and sub-CPI values obtained in Step1 into the formula and find the formula is accurate.Step3: The construction of the GM (1, 1) model, the ARIMA (p, d, q) model and the BPNN model. The three models are established to predict the eight sub-CPIs respectively.Step4: Forecasting the eight sub-CPIs using the three models mentioned in Step3 and choosing the best forecasting result for each sub-CPI based on the errors of the data obtained from the three models.Step5: Making special improvement by adjusting the forecasting methods of sub-CPIs whose predicting results are not satisfying enough and get advanced predicting results of total CPI. Step6: Integrating the best forecasting results of 8 sub-CPIs to form the prediction of total CPI with the decomposition formula in Step2.In this way, the whole process of the prediction by the dividing-integration model is accomplished.3.2. The construction of the GM(1,1) modelThe process of GM (1, 1) model is represented in the following steps:Step1: The original sequence:Step2: Estimate the parameters a and u using the ordinary least square (OLS). Step3: Solve equation as follows.Step4: Test the model using the variance ratio and small error possibility.The construction of the ARIMA modelFirstly, ADF unit root test is used to test the stationarity of the time series. If the initial time series is not stationary, a differencing transformation of the data is necessary to make it stationary. Then the values of p and q are determined by observing the autocorrelation graph, partial correlation graph and the R-squared value.After the model is built, additional judge should be done to guarantee that the residual error is white noise through hypothesis testing. Finally the model is used to forecast the future trend ofthe variable.The construction of the BPNN modelThe first thing is to decide the basic structure of BP neural network. After experiments, we consider 3 input nodes and 1 output nodes to be the best for the BPNN model. This means we use the CPI data of time , ,toforecast the CPI of time .The hidden layer level and the number of hidden neurons should also be defined. Since the single-hidden- layer BPNN are very good at non-liner mapping, the model is adopted in this paper. Based on the Kolmogorov theorem and testing results, we define 5 to be the best number of hidden neurons. Thus the 3-5-1 BPNN structure is determined.As for transferring function and training algorithm, we select ‘tansig’as the transferring function for middle layer, ‘logsig’for input layer and ‘traingd’as training algorithm. The selection is based on the actual performance of these functions, as there are no existing standards to decide which ones are definitely better than others.Eventually, we decide the training times to be 35000 and the goal or the acceptable error to be 0.01.4.Empirical AnalysisCPI data from Jan. 2012 to Mar. 2013 are used to build the three models and the data from Apr. 2013 to Sept. 2013 are used to test the accuracy and stability of these models. What’s more, the MAPE is adopted to evaluate the performance of models. The MAPE is calculated by the equation:Data sourceAn appropriate empirical analysis based on the above discussion can be performed using suitably disaggregated data. We collect the monthly data of sub-CPIs from the website of National Bureau of Statistics of China(/doc/d62de4b46d175f0e7cd184254b35eefdc9d31514.html /).Particularly, sub-CPI data from Jan. 2012 to Mar. 2013 are used to build the three models and the data from Apr. 2013 to Sept. 2013 are used to test the accuracy and stability of these models.Experimental resultsWe use MATLAB to build the GM (1,1) model and the BPNN model, and Eviews 6.0 to build the ARIMA model. The relative predicting errors of sub-CPIs are shown in Table 2.Table 2.Error of Sub-CPIs of the 3 ModelsFrom the table above, we find that the performance of different models varies a lot, because the characteristic of the sub-CPIs are different. Some sub-CPIs like the Food CPI changes drastically with time while some do not have much fluctuation, like the Clothing CPI. We use different models to predict the sub- CPIs and combine them by equation 7.Where Y refers to the predicted rate of the total CPI, is the weight of the sub-CPI which has already been shown in Table1and is the predicted value of the sub-CPI which has the minimum error among the three models mentioned above. The model chosen will be demonstrated in Table 3:Table 3.The model used to forecastAfter calculating, the error of the total CPI forecasting by the dividing-integration model is 0.0034.5.Model Improvement & Error AdjustmentAs we can see from Table 3, the prediction errors of sub-CPIs are mostly below 0.004 except for two sub- CPIs: Food CPI whose error reaches 0.0059 and Transportation & Communication CPI 0.0047.In order to further improve our forecasting results, we modify the prediction errors of the two aforementioned sub-CPIs by adopting other forecasting methods or models to predict them. The specific methods are as follows.Error adjustment of food CPIIn previous prediction, we predict the Food CPI using the BPNN model directly. However, the BPNN model is not sensitive enough to investigate the variation in the values of the data. For instance, although the Food CPI varies a lot from month to month, the forecasting values of it are nearly all around 103.5, which fails to make meaningful prediction.We ascribe this problem to the feature of the training data. As we can see from the original sub-CPI data on the website of National Bureau of Statistics of China, nearly all values of sub-CPIs are around 100. As for Food CPI, although it does have more absolute variations than others, its changes are still very small relative to the large magnitude of the data (100). Thus it will be more difficult for the BPNN model to detect the rules of variations in training data and the forecastingresults are marred.Therefore, we use the first-order difference series of Food CPI instead of the original series to magnify the relative variation of the series forecasted by the BPNN. The training data and testing data are the same as that in previous prediction. The parameters and functions of BPNN are automatically decided by the software, SPSS.We make 100 tests and find the average forecasting error of Food CPI by this method is 0.0028. The part of the forecasting errors in our tests is shown as follows in Table 4:Table 4.The forecasting errors in BPNN testError adjustment of transportation &communication CPIWe use the Moving Average (MA) model to make new prediction of the Transportation and Communication CPI because the curve of the series is quite smooth with only a few fluctuations. We have the following equation(s):where X1, X2…Xn is the time series of the Transportation and Communication CPI, is the value of moving average at time t, is a free parameter which should be decided through experiment.To get the optimal model, we range the value of from 0 to 1. Finally we find that when the value of a is 0.95, the forecasting error is the smallest, which is 0.0039.The predicting outcomes are shown as follows in Table5:Table 5.The Predicting Outcomes of MA modelAdvanced results after adjustment to the modelsAfter making some adjustment to our previous model, we obtain the advanced results as follows in Table 6: Table 6.The model used to forecast and the Relative ErrorAfter calculating, the error of the total CPI forecasting by the dividing-integration model is 0.2359.6.Further DiscussionTo validate the dividing-integration model proposed in this paper, we compare the results of our model with the forecasting results of models that do not adopt the dividing-integration method. For instance, we use the ARIMA model, the GM (1, 1) model, the SARIMA model, the BRF neural network (BRFNN) model, the Verhulst model and the Vector Autoregression (VAR) model respectively to forecast the total CPI directly without the process of decomposition and integration. The forecasting results are shown as follows in Table7.From Table 7, we come to the conclusion that the introduction of dividing-integration method enhances the accuracy of prediction to a great extent. The results of model comparison indicate that the proposed method is not only novel but also valid and effective.The strengths of the proposed forecasting model are obvious. Every sub-CPI time series have different fluctuation characteristics. Some are relatively volatile and have sharp fluctuations such as the Food CPI while others are relatively gentle and quiet such as the Clothing CPI. As a result, by dividing the total CPI into several sub-CPIs, we are able to make use of the characteristics of each sub-CPI series and choose the best forecasting model among several models for every sub-CPI’s prediction. Moreover, the overall prediction error is provided in the following formula:where TE refers to the overall prediction error of the total CPI, is the weight of the sub-CPI shown in table 1 and is the forecasting error of corresponding sub-CPI.In conclusion, the dividing-integration model aims at minimizing the overall prediction errors by minimizing the forecasting errors of sub-CPIs.7.Conclusions and future workThis paper creatively transforms the forecasting of national CPI into the forecasting of 8 sub-CPIs. In the prediction of 8 sub-CPIs, we adopt three widely used models: the GM (1, 1) model, the ARIMA model and the BPNN model. Thus we can obtain the best forecasting results for each sub-CPI. Furthermore, we make special improvement by adjusting the forecasting methods of sub-CPIs whose predicting results are not satisfying enough and get the advanced predicting results of them. Finally, the advanced predicting results of the 8 sub- CPIs are integrated to formthe forecasting results of the total CPI.Furthermore, the proposed method also has several weaknesses and needs improving. Firstly, The proposed model only uses the information of the CPI time series itself. If the model can make use of other information such as the information provided by factors which make great impact on the fluctuation of sub-CPIs, we have every reason to believe that the accuracy and stability of the model can be enhanced. For instance, the price of pork is a major factor in shaping the Food CPI. If this factor is taken into consideration in the prediction of Food CPI, the forecasting results will probably be improved to a great extent. Second, since these models forecast the future by looking at the past, they are not able to sense the sudden or recent change of the environment. So if the model can take web news or quick public reactions with account, it will react much faster to sudden incidence and affairs. Finally, the performance of sub-CPIs prediction can be higher. In this paper we use GM (1, 1), ARIMA and BPNN to forecast sub-CPIs. Some new method for prediction can be used. For instance, besides BPNN, there are other neural networks like genetic algorithm neural network (GANN) and wavelet neural network (WNN), which might have better performance in prediction of sub-CPIs. Other methods such as the VAR model and the SARIMA model should also be taken into consideration so as to enhance the accuracy of prediction.References1.Wang W, Wang T, and Shi Y. Factor analysis on consumer price index rising in China from 2005 to 2008. Management and service science 2009; p. 1-4.2.Qin F, Ma T, and Wang J. The CPI forecast based on GA-SVM. Information networking and automation 2010; p. 142-147.3.George EPB, Gwilym MJ, and Gregory CR. Time series analysis: forecasting and control. 4th ed. Canada: Wiley; 20084.Weng D. The consumer price index forecast based on ARIMA model. WASE International conferenceon information engineering 2010;p. 307-310.5.Jian L, Zhao Y, Zhu YP, Zhang MB, Bertolatti D. An application of ARIMA model to predict submicron particle concentrations from meteorological factors at a busy roadside in Hangzhou, China. Science of total enviroment2012;426:336-345.6.Priya N, Ashoke B, Sumana S, Kamna S. Trend analysis and ARIMA modelling of pre-monsoon rainfall data forwestern India. Comptesrendus geoscience 2013;345:22-27.7.Hwang HB. Insights into neural-network forecasting of time seriescorresponding to ARMA(p; q) structures. Omega2001;29:273-289./doc/d62de4b46d175f0e7cd184254b35eefdc9d31514.html am A. Using a neural network to forecast inflation. Industrial management & data systems 1999;7:296-301.9.Min X, Wong WK. A seasonal discrete grey forecasting model for fashion retailing. Knowledge based systems 2014;57:119-126.11. Weimin M, Xiaoxi Z, Miaomiao W. Forecasting iron ore import and consumption of China using grey model optimized by particleswarm optimization algorithm. Resources policy 2013;38:613-620.12. Zhen D, and Feng S. A novel DGM (1, 1) model for consumer price index forecasting. Greysystems and intelligent services (GSIS)2009; p. 303-307.13. Yu W, and Xu D. Prediction and analysis of Chinese CPI based on RBF neural network. Information technology and applications2009;3:530-533.14. Zhang GP. Time series forecasting using a hybrid ARIMA and neural network model. Neurocomputing 2003;50:159-175.15. Pai PF, Lin CS. A hybrid ARIMA and support vector machines model in stock price forecasting. Omega 2005;33(6):497-505.16. Tseng FM, Yu HC, Tzeng GH. Combining neural network model with seasonal time series ARIMA model. Technological forecastingand social change 2002;69(1):71-87.17.Cho MY, Hwang JC, Chen CS. Customer short term load forecasting by using ARIMA transfer function model. Energy management and power delivery, proceedings of EMPD'95. 1995 international conference on IEEE, 1995;1:317-322.译⽂：⼀种基于ARIMA、灰⾊模型和BPNN对CPI（消费物价指数）进⾏预测的新型分治模型摘要:在本⽂中，利⽤我国现有的消费者价格指数（CPI）的计算⽅法，提出了⼀种新的CPI预测分治模型。

WebGoat学习笔记三—访问控制缺陷（Access Control Flaws）瞿靖东2015/10/19版本号：WebGoat 5.42.2访问控制缺陷(Access Control Flaws )2.2.1使用访问控制模型(Using an Access Control Matrix)2.2.1.1技术概念或主题(Concept / Topic To Teach)在一个基于角色的访问控制方案中，角色代表了一组访问权限和特权。

一个用户可以被分配一个或多个角色。

一个基于角色的访问控制方案通常有两个部分组成:角色权限管理和角色分配。

一个被破坏的基于角色的访问控制方案可能允许用户执行不允许他/她的被分配的角色，或以某种方式允许特权升级到未经授权的角色的访问。

2.2.1.2技术原理(How It works )无2.2.1.3总体目标(General Goals )每个用户都是角色的成员，每个角色只允许访问那些特定的资源。

你的目标是浏览本站管理所使用的访问控制规则。

只有“Admin”组才能够访问“帐号管理”资源。

2.2.1.4操作方法(Solutions)先选择一个用户，再选择一个资源，然后点击【Check Access】，出现页面如下图所示:红色字体所显示的意思是:公用用户Moe对资源Public Share有访问权限。

接下来，保持用户不变，即Change user选项仍是Moe，在Select resource选项中选中下一个资源Time Card Entry，然后仍然是点击【Check Access】，出现页面如下所示:此时红色字体提示的意思是:公用用户Moe不具有对资源Time Card Entry的访问权限。

依照上述方法直到检测到如下提示时:当显示“用户Larry对资源Account Manager具有访问权限时”，本课程完成。

2.2.2绕过基于路径的访问控制方案(Bypass a Path Based Access Control Scheme)2.2.2.1技术概念或主题(Concept / Topic To Teach)在一个基于路径的访问控制方案中，攻击者可以通过提供相对路径信息遍历路径。

外文资料所译外文资料：①作者：Dan Malks②书名：Professional JSP③出版时间: 2000.7.26④所译章节: Chapter 1212.1IntroductoryGood Web application design tries to separate business objects, presentation, and manipulation of the objects into distinct layers. One benefit of using JavaServer Pages technology is that it allows us to separate the role of a Web designer more clearly from that of a software developer. While on a small-scale project, one individual may occupy both roles, on a larger project, they are likely to be separate and it is beneficial to separate their workflows as much as possible. Designing the architecture for your Web application is crucial to this separation.12.2 JSP architectureWe will examine a variety of ways to architect a system with JavaServer Pages, servlets, and JavaBeans. We will see a series of different architectures, each a development of the one before. The diagram below shows this process in outline; the individual parts of the diagram will be explained in turn later in this article.JSP architecture:When Sun introduced Java Server Pages, some were quick to claim that servlets had been replaced as the preferred request handling mechanism in Web-enabled enterprise architectures. Although JSP is a key component of the Java 2 Platform Enterprise Edition (J2EE) specification, serving as the preferred request handler and response mechanism, we must investigate further to understand its relationship with servlets.Other sections of Professional JSP explain the implementation details of JSP source translation and compilation into a servlets. Understanding that JSP is built on top of the servlet API, and uses servlet semantics, raises some interesting questions. Should we no longer develop stand-alone servlets in our Web-enabled systems? Is there some way to combine servlets and JSPs? If so, where do we place our Java code? Are there any other components involved in the request processing, such as JavaBeans? If so, where do they fit into the architecture and what type of role do they fulfill?It is important to understand that, although JSP technology will be a powerful successor to basic servlets, they have an evolutionary relationship and can be used in a cooperative and complementary manner.Given this premise, we will investigate how these two technologies, each a Java Standard Extension, can be used co-operatively along with other components, such as JavaBeans, to create Java-based Web-enabled systems. We will examine architecturalissues as they relate to JSP and servlets and discuss some effective designs while looking at the tradeoffs of each. Before jumping directly into a discussion of specific architectures, though, we will briefly examine the need to develop a variety of architectures.12.3 Code factoring and role separationOne of the main reasons why the JavaServer Pages technology has evolved into what it is today (and it's still evolving) is the overwhelming technical need to simplify application design by separating dynamic content from static template display data. The foundation for JSP was laid down with the initial development of the Java Web Server from Sun, which used page compilation and focused on embedding HTML inside Java code. As applications came to be based more on business objects and n-tier architectures, the focus changed to separating HTML from Java code, while still maintaining the integrity and flexibility the technology provided.In Chapter 5, JSP Sessions, in Professional JSP, we saw how beans and objects can be bound to different contexts just by defining a certain scope. Good application design builds on this idea and tries to separate the objects, the presentation, and the manipulation of the objects into distinct, distinguishable layers.Another benefit of using JSP is that it allows us to more cleanly separate the roles of a Web production/HTML designer individual from a software developer. Remember that a common development scenario with servlets was to embed the HTML presentation markup within the Java code of the servlet itself, which can be troublesome. In our discussion, we will consider the servlet solely as a container for Java code, while our entire HTML presentation template is encapsulated within a JSP source page. The question then arises as to how much Java code should remain embedded within our JSP source pages, and if it is taken out of the JSP source page, where should it reside?Let's investigate this further. On any Web-based project, multiple roles and responsibilities will exist. For example, an individual who designs HTML pages fulfills a Web production role while someone who writes software in the Java programming language fulfills a software development role.On small-scale projects these roles might be filled by the same individual, or two individuals working closely together. On a larger project, they will likely be filled by multiple individuals, who might not have overlapping skill sets, and are less productive if made too dependent on the workflow of the other.If code that could be factored out to a mediating servlet is included instead within HTML markup, then the potential exists for individuals in the software development role and those in the Web production role to become more dependent than necessary on the progress and workflow of the other. Such dependencies may create a more error-prone environment, where inadvertent changes to code by other team members become more common.This gives us some insight into one reason why we continue to develop basic servlets: they are an appropriate container for our common Java code that has been factored out of our JSP pages, giving our software development team an area of focus that is as loosely coupled to our JSP pages as possible. Certainly, there will be a need for these same individuals to work with the JSP source pages, but the dependency is reduced, and these pages become the focus of the Web-production team instead. Of course, if the same individual fulfills both roles, as is typical on a smaller project, such dependencies are not a major concern.So, we should try to minimize the Java code that we include within our JSP page, in order to uphold this cleaner separation of developer roles. As we have discussed, some of this Java code is appropriately factored to a mediating servlet. Code that is common to multiple requests, such as authentication, is a good candidate for a mediating servlet. Such code is included in one place, the servlet, instead of potentially being cut and pasted into multiple JSPs.We will also want to remove much of our business logic and data access code from our JSP page and encapsulate it within JavaBeans, called worker or helper beans. We start to see a pattern of code movement from our JSP into two areas: a servlet (or JSP) that sits in front of the main JSP, and JavaBeans that sit in back. We refer to this common pattern as "Factor Forward -- Factor Back," as shown in the figure below:Factor Forward -- Factor Back:Another way to think about what code should be localized and encapsulated is that our JSP page should reveal as little as possible of our Java code implementation details.Rather, the page should communicate our intent by revealing the delegating messages we send to worker beans, instructing them to get state from a model, or to complete some business processing.12.4 Redirecting and forwardingRedirecting and forwarding requests in JSPs and servlets takes place often, and it is important to understand the subtle difference between these two mechanisms even though they achieve the same goal (that is, a client asks for a resource on the server and a different resource is served to it):●When a servlet or JSP resource chooses to redirect the client (using aresponse.sendRedirect(url)) the request object does not reach the second resource directly since the underlying implementation is an HTTP redirect.The server sends an HTTP 302 message back to the client telling it that the resource has moved to another URL, and that the client should access it there.The bottom line is that the lifecycle of the initial request object that was accessed in the first JSP terminates with the end of the service method in the first JSP, or with the reply from the server.●In a forward mechanism the request object is forwarded to the second resource,thus maintaining any object bindings to the request and its state, without a round trip to the client on the network. This allows the first JSP to do some work internally and then send information to the second JSP asking it to do itsbit. (Servlets used a chaining mechanism to do this). See Chapter 5, JSP Sessions, in Professional JSP to get a clearer picture of scope. JSPs and servlets can use the forwarding mechanism to delegate tasks among themselves, in the process of separating dynamic and static content.Now, let's investigate how we build these systems.12.5 ArchitecturesBefore discussing specific architectures that we can use to build systems with servlets and JSP, it is worth mentioning two basic ways of using the JSP technology. Each of the architectures discussed in this chapter will be based on one of these approaches:●The first method is referred to here as the page-centric (or client-server)approach. This approach involves request invocations being made directly to JSP page.●In the second method, the dispatcher (or n-tier) approach, a basic servlet orJSP acts as a mediator or controller, delegating requests to JSP pages and JavaBeans.We will examine these approaches in light of a simple example, which will evolve to satisfy the requirements of various scenarios. The initial scenario involves providing a Web interface for guessing statistics about a soon-to-be-born baby. The guesses are stored, and can be reviewed later by the parents, to see who has guessed the closest. As the requirement scenarios become more sophisticated, such as adding the desire for a persistence mechanism, the solution scenarios will become more sophisticated, as well. Thus, our example will evolve and we will gain an understanding of how the various architectures that we discuss will help us build a system that satisfies these requirements in an elegant and effective manner.12.6 The page-centric approachApplications built using a client-server approach have been around for some time; they consist of one or more application programs running on client machines and connecting to a server-based application to work. (A good example would be a PowerBuilder or Oracle Forms-based system.) CGIs and pre-servlet applications were generally based on this simple 2-tier model, and with the introduction of servlets, 2-tier applications could also be created in Java.This model allows JSPs or servlets direct access to some resource like a database or legacy application to service a client's request: the early JSP specifications termed this a "Model 1" programming approach. The JSP page is where the incoming request is intercepted and processed, and the response is sent back to the client;JSPs only differed from servlets in this scenario by providing cleaner code and separating code from the content by placing data access in beans.Model 1 programming approach:The advantage of such an approach is that it is siple to program,and allows the page author to Generate dynamic content easily,based upon the request and the state resources.However this architecture does not scale up well for a large number of simultaneous clients since there would be a significant amount of request processing to be performed,and each request must establish or share a potentially scarce/expensive connection to the resource in question.(A good example would be JDBC connectons in servlets or JSPs and the need for connection pools.) Indiscriminate usage of this architecture usually leads to a significant amount of Java code embedded within the JSP page,this may not seem to be much of a problem for Java developers but it is certainly an issue if the JSP pages are maintained by designers:the code tends to get in the designe’s way,and you run the risk of your code becoming corrupted when others are tweaking the look and feel.译文12.1前言好的Web应用设计试图将业务对象，简报以及操作对象分为不同的层面。