基于Web的工作流细粒度授权框架

基于Web环境下的工作流系统面临复杂的数据安全管理难题。Web环境下的授权资源种类繁多、差异性大,需要控制模型具有较细的授权粒度,以保证工作流系统管理的安全性和灵活性。文中分析传统授权模型,结合Web系统基于表单的特点,提出一种由表单模型、授权模型、流程模型构成的工作流细粒度授权框架。并对该方案进行描述,给予实现。     

Web-based evolutionary and adaptive information retrieval

The Internet and World Wide Web are becoming more and more dynamic in terms of their content and use. Information retrieval (IR) efforts aim to keep up with this dynamic environment by designing intelligent systems which can deliver Web content in real time to various wired or wireless devices. Evolutionary and adaptive systems (EASs) are emerging as typical examples of such systems. This paper contains one of the first attempts to gather and evaluate the nature of current research on Web-based IR using EAS and proposes future research directions in parallel to developments on the Web environments.     

A web-based cooperative tool for risk management with adaptive security

Risk management can benefit from Web-based tools fostering actions for treating risks in an environment, while having several individuals collaborating to face the endeavors related to risks. During the intervention, the security rules in place to preserve resources from unauthorized access, might need to be modified on the fly, e.g., increasing the privileges of risk managers or letting rescue teams view the exact position of the victims. Modifications should respect the overall security policies and avoid security conflicts. This paper presents a dynamic access control model for environmental risks involving physical resources. Data structures included in our Web application to represent both risk and security are given. To keep the dynamic security rules compliant with overall organization security objectives, we consider rules grouped in Access Control Domains so that changes do not create security conflicts during collaboration in risk management. Considering work environments as an example, risk and access control models are introduced. Security is built on the ABAC (Attribute Based Access Control) paradigm. A Risk Management System (RMS) is illustrated: it captures events, signals potential risks, and outputs strategies to prevent the risk. Dynamic authorization is included in the RMS to vary subjects’ privileges on physical resources based on risk level, people position and so on. These concepts are implemented in a prototype Web application appearing as a Web Dashboard for risk management.     

Integrating AJAX and Web Services for Cooperative Image Editing

AJAX (asynchronous JavaScript and XML) is a powerful Web development model for browser-based Web applications. While Web services essentially are universally accessible software components deployed on the Web and designed to support interoperable machine-to-machine interaction over a network. Because technologies that support both AJAX and Web services are XML-based, the two can leverage each others' strengths. More and more companies and organizations are taking advantage of this relationship, working to improve their Web applications through AJAX and Web services. Our system integrates the two for Web-based cooperative image editing. For message exchange delays and browser security limitations have hampered Web-based cooperative image editing. This integration resolves these issues and offers a framework for generic cooperative business processes     

Information commitments: evaluative standards and information searching strategies in web-based learning environments

Abstract 'Information commitments' include both a set of evaluative standards that Web users utilize to assess the accuracy and usefulness of information in Web-based learning environments (implicit component), and the information searching strategies that Web users use on the Internet (explicit component). An 'Information Commitment Survey' (ICS), consisting of aforementioned components, was developed. The participants of this study were 610 university students, coming from four universities in Taiwan, and their information commitments were surveyed. Through a series of structural equation modelling (SEM) analyses with Linear Structure RELationships (LISREL), this study confirmed the reliability and validity of ICS. More importantly, the causal relationships between the two components of ICS were also examined. The findings showed that learners' evaluative standards on Web materials (implicit component) had significant effects on their information searching strategies in Web-based learning environments (explicit component). For example, learners who utilized an advanced evaluative standard, such as using multiple sources to judge the accuracy of Web materials, were significantly more oriented toward using a sophisticated information searching strategy, such as carefully exploring and elaborating information in Web-based learning environments. In other words, learners' evaluative standards for Web materials should be viewed as important predictors for their searching strategies in Web-based learning environments.     

Web-based information visualization

Increasingly, the World Wide Web is being used to help visualize complex relational information. We have developed a number of Web-based information visualization prototypes and applications by adapting several well-known information visualization ideas and techniques for use within Web environments. Before delving into specific examples, we offer some relevant background about the Web and our use of visualization for analysis     

A WEB-BASED MULTI-AGENT SYSTEM FOR TRANSPORTATION MANAGEMENT TO PROTECT OUR NATURAL ENVIRONMENT

To improve the situation of wasting natural resources, the existing transportation systems have to be optimized. This means that we should not only think about new technologies for saving energy but also about better use of the existing trafficways. The most efficient way to achieve these objectives is to automate the existing means of communication and to improve transportation management. Since most of the communication channels and technologies for automation in transportation management are Web-based, we want to describe how to improve Web-based transportation management. Talking about Web-based environments means talking about the Internet and services it offers. These Web-based environments build up a good basis for an agent-based approach, because all aspects for communication and information processing are also used in agent systems. In this approach, Web servers build the agents by themselves and an agent-based interaction works with the support of Web services. Thus, we can build an agent-based structure for transportation control that is similar to the structure of the Internet. Agent-based transportation management is a possible contribution to make transportation management more effective in regard to saving energy (fuel) and protecting our environment by stopping the increase of existing trafficways.     

Academic Articles on the Web: Reading Patterns and Formats

This article explores user reading activities and user preferences in the formats of Web-based academic articles by using the data from 2 online surveys. Researchers use the Web as a resource for academic articles. Despite this popular use, no generally agreed format exists on the Web. The Web environments of distributed users encourage the use of online remote evaluation. We applied an e-mail-based survey and a Web-based survey to the evaluation of some concepts for Web-based academic articles. The participants of the surveys were researchers in information technology and related areas. Our survey results show that readers take an overview of a Web-based academic article from the screen, print it out, and then read the printed article. The results also show that the formats employed by most of the Web sites for academic articles are against readers' preferences. The simple 2-frame format among the 5 given formats was most preferred by 47% of our respondents, but the cascaded page-windows format was regarded as the worst by 65% because of its high visual complexity on the screen. An interesting result is that 26% of the respondents regarded the paperlike format as the worst, but this format is widely used for Web-based articles. In addition, the importance of interactive examples embedded in a Web-based questionnaire was revealed from the 2 consecutive surveys. Details are discussed in this article. In the online remote surveys, the issues of Web-based academic articles were successfully addressed. The methods used in the surveys would be useful for usability tests of various concepts of other Web genres at an early design or redesign stage.     

一种支持可信Web服务的应用框架

Web服务技术给开发基于Web的应用带来了新的机遇和效益，但系统安全性却不利于其应用性。本文通过扩展Web服务安全规范实现了一种支持可信服务的机制．提出了电子商务和电子政务中Web服务安全性的实际解决方案。     

Using Semantic Web Technologies to Analyze Learning Content

The authors demonstrate how to use semantic Web technologies to improve the state-of-the-art in online learning environments and bridge the gap between students on the one hand, and authors or teachers on the other. The ontological framework presented here helps formalize learning object context as a complex interplay of different learning-related elements and shows how we can use semantic annotation to interrelate diverse learning artifacts. On top of this framework, the authors implemented several feedback channels for educators to improve the delivery of future Web-based courses.     

Web Service的安全机制

Web Service采用松散的方式将计算服务整合在一起,在电子商务、企业应用系统集成等分布式计算环境中发挥着重要的作用,随着Web Service应用的普及,安全问题也受到了重视。针对利用SSL和防火墙技术实现Web Service安全的不足,本文从Web Service的体系结构入手,将Web Service的安全分为企业处理层安全、Web Service目录及注册层安全、通信层安全 3个层次,并阐明了Web Service不同层次的安全策略和实现方法。     

Model-driven component adaptation in the context of Web Engineering

Currently, Web-based applications are no longer monolithic and isolated systems but, rather, distributed applications that need to interoperate with third-party systems, such as external Web services, LDAP repositories or legacy applications. When one component provides a service that the Web application requires, it is often not possible to bind the two systems together if they were not programmed to have compatible collaboration specifications. Modeling the adaptation between a Web application and external assets becomes therefore an essential issue in any realistic model-driven development scenario. However, most of the existing Web Engineering proposals do not take this issue into account, or they simply address it at the implementation level (in a platform-specific way). In this work, we discuss the problems involved in dealing with component adaptation within the context of Model-Driven Web Engineering and show how design patterns can help addressing it. We first identify the major interoperability problems that can happen when integrating third-party application or legacy systems into our Web systems, and then propose the mechanisms that need to be put in place at the design level to generate the appropriate specification of adapters that compensate for the possible mismatches and differences. We base our proposal on well-known design patterns as they are established solutions to recurring problems, and the generation of code from them is normally straightforward.     

基于行为语义分析的Web恶意代码检测机制研究

在Web安全问题的研究中,如何提高Web恶意代码的检测效率一直是Web恶意代码检测方法研究中需要解决的问题。为此,针对跨站脚本漏洞、ActiveX控件漏洞和Web Shellcode方面的检测,提出一种基于行为语义分析的Web恶意代码检测机制。通过对上述漏洞的行为和语义进行分析,提取行为特征,构建Web客户端脚本解析引擎和Web Shellcode检测引擎,实现对跨站脚本漏洞、ActiveX控件漏洞和Web Shellcode等的正确检测,以及对Web Shellcode攻击行为进行取证的功能。实验分析结果表明,新的Web恶意代码检测机制具有检测能力强、漏检率低的性能。     

Using a cognition-motivation-control view to assess the adoption intention for Web-based learning

People expect Web technology to facilitate learning, particularly in higher education. A key issue involves the factors motivating the adoption of the Web for learning. Drawing upon social cognitive theory (SCT) and the theory of planned behavior (TPB), this study adopts a cognition-motivation-control view to assess learner adoption intentions for Web-based learning. The proposed model is validated by surveying 319 undergraduate students who had enrolled in Web-based courses and attended a 12-hour training program on using a Web-based system for academic learning. The empirical findings identified that efficacy control and efficacy expectations can be used to guide learner adaptation learning behaviors on the Web. The limitations of this study are discussed and future research directions suggested.     

Protecting Your Internal Resources with Intranet Application Firewalls

Abstract

Web application firewalls (WAFs) are rapidly becoming a key component of end-to-end network security. Although the market is still struggling to move beyond the early adopter stages, WAF placement in the network is now well known and generally accepted as a necessary requirement. When looking at total security architecture, securing public Web applications over ports 80 and 443 is the next logical step to perimeter security: the concept of restricting access from the outside to the resources on the inside. Coupled with network firewalls, HTTP application firewalls can close perimeter security holes opened by allowing unrestricted access to public Web servers. Bui focusing solely on external, public application security is only half of the solution. Internal Web-based applications, such as corporate intranets, HR systems, CRM systems, HTTP-based databases, and report management applications, can also be al risk for the same open-access reasons, but from trusted internal attackers.     

Web application security assessment tools

Security testing a Web application or Web site requires careful thought and planning due to both tool and industry immaturity. Finding the right tools involves several steps, including analyzing the development environment and process, business needs, and the Web application's complexity. Here, we describe the different technology types for analyzing Web applications and Web services for security vulnerabilities, along with each type's advantages and disadvantages. At Foundstone, we work with some of the world's biggest banks and telecommunications companies to identify and resolve security issues. Together with our clients, we face challenging testing scenarios in the context of demanding applications and complex business environments. We've seen firsthand what works and what doesn't; what's marketing hype and what gets results. Our analysis here is based on our collective experiences and the lessons we've learned along the way.     

基于Web的数据仓库安全模型分析与探讨

对基于Web数据仓库安全隐患进行了深入的分析,在此基础上提出了基于Web的数据仓库安全策略模型及标准。     

Employing virtual humans for education and training in X3D/VRML worlds

Web-based education and training provides a new paradigm for imparting knowledge; students can access the learning material anytime by operating remotely from any location. Web3D open standards, such as X3D and VRML, support Web-based delivery of Educational Virtual Environments (EVEs). EVEs have a great potential for learning and training purposes, by allowing one to circumvent physical, safety, and cost constraints. Unfortunately, EVEs often leave to the user the onus of taking the initiative both in exploring the environment and interacting with its parts. A possible solution to this problem is the exploitation of virtual humans acting as informal coaches or more formal instructors. For example, virtual humans can be employed to show and explain maintenance procedures, allowing learners to receive more practical explanations which are easier to understand. However, virtual humans are rarely used in Web3D EVEs, since the programming effort to develop and re-use them in different environments can be considerable. In this paper, we present a general architecture that allows content creators to easily integrate virtual humans into Web3D EVEs. To test the generality of our solution, we present two practical examples showing how the proposed architecture has been used in different educational contexts.     

A unified framework for managing Web-based services

The emergence of Web technologies enables a variety of Web-based service applications, which can be examined from business process integration, supply chain management, and knowledge management perspectives. To categorize existing Web-based services while foreseeing potential new types, a unified view is needed to represent the structures and processes of Web-based services. This paper proposes a general framework to identify essential structures and operations of Web-based services, and then models these components. We articulate the framework with Web technologies, such as Web service and semantic Web, multi-agent and peer-to-peer, and Web information retrieval and mining. Two comprehensive examples in insurance and knowledge services are used to elaborate the use of Web-based service framework in fulfilling business processes. This study synthesizes essential structures and processes of Web-based services to build a framework for researchers and practitioners to develop Web-based services and techniques.