电子发烧友App
创作
发文章
发帖 
提问 
发资料
发视频资料介绍
Security within information systems context is based on a complicated trust relations and questions on communication prospective. Trust relations are
established between two communicating parties in a relation such as sender/receiver and client/server. When such relations cannot establish trust directly, trusted third parties are used as mediators, which can complicate
matters even farther. Security is taken differently by different persons with different prospective of the communicating systems. To a user, security might mean
protection on privacy, identity theft and against framing.To an administrator, responsible for the correct working of the applications, security might mean protection on data and process integrity, information flow and recourses protection. The (user, application) pair leads to the necessary establishment of four trust relations among them; application-application, user-application,
application-user and user-user. In practice these trust relations are made mutual by, 'I trust you if you trust me'principle. For example, an application trusts a user if the user provides a valid credential at sign-on, the user in turn trusts the application to protect its data and process such that, his/her identity has not being compromised.
Whose fault is it when an identity is caught doing an illegal act? Is it a dishonest user, who is the owner of the identity, or an application with weak security policies and implementation, which allow identities theft to occur? It
might well be the fault of a weak communication link protocol which leak users' identity under the establishment of trust relations mention above. In this paper we propose some security tools based on open-source software for Web applications/services for teams of developers and implementers of limited size.
Web applications/services have been developed and deployed due to necessity and not based on commercial goals.
Members of development teams (developers and engineers), normally have different levels of technical knowledge, experience and know-how. Usually, such a project concentrates on workability of a system in a complex environment rather than producing commercial grade software for an assumed environment. To meet the
workability goal, security concerns are not taken into consideration due to lack of experience and/or work knowledge. We believe that by using simple and openended
software tools, developers, and implementers can achieve both workability and a higher level of security due to the fact that a system being developed is under a
full control of the developers. The paper is organized as follows. Related work is
presented in Section 2. Trust relations are discussed in Section 3. In Section 4 we proposed the use of signed massage of digital envelope package to be used in XMLRPC communication that ensures security, privacy and non-repudiation. A method of using password card called PASS-card for Web sign-on that does not disclose users' system credentials is presented in Section 5. The paper ends with a conclusion.
established between two communicating parties in a relation such as sender/receiver and client/server. When such relations cannot establish trust directly, trusted third parties are used as mediators, which can complicate
matters even farther. Security is taken differently by different persons with different prospective of the communicating systems. To a user, security might mean
protection on privacy, identity theft and against framing.To an administrator, responsible for the correct working of the applications, security might mean protection on data and process integrity, information flow and recourses protection. The (user, application) pair leads to the necessary establishment of four trust relations among them; application-application, user-application,
application-user and user-user. In practice these trust relations are made mutual by, 'I trust you if you trust me'principle. For example, an application trusts a user if the user provides a valid credential at sign-on, the user in turn trusts the application to protect its data and process such that, his/her identity has not being compromised.
Whose fault is it when an identity is caught doing an illegal act? Is it a dishonest user, who is the owner of the identity, or an application with weak security policies and implementation, which allow identities theft to occur? It
might well be the fault of a weak communication link protocol which leak users' identity under the establishment of trust relations mention above. In this paper we propose some security tools based on open-source software for Web applications/services for teams of developers and implementers of limited size.
Web applications/services have been developed and deployed due to necessity and not based on commercial goals.
Members of development teams (developers and engineers), normally have different levels of technical knowledge, experience and know-how. Usually, such a project concentrates on workability of a system in a complex environment rather than producing commercial grade software for an assumed environment. To meet the
workability goal, security concerns are not taken into consideration due to lack of experience and/or work knowledge. We believe that by using simple and openended
software tools, developers, and implementers can achieve both workability and a higher level of security due to the fact that a system being developed is under a
full control of the developers. The paper is organized as follows. Related work is
presented in Section 2. Trust relations are discussed in Section 3. In Section 4 we proposed the use of signed massage of digital envelope package to be used in XMLRPC communication that ensures security, privacy and non-repudiation. A method of using password card called PASS-card for Web sign-on that does not disclose users' system credentials is presented in Section 5. The paper ends with a conclusion.
下载该资料的人也在下载
下载该资料的人还在阅读
更多 >
- 配网自动化技术
- bacnet技术的智能楼宇自动化系统的设计
- 基于机器视觉和运动控制的工业自动化 35次下载
- FA工业自动化设备设计基础 18次下载
- 汽车制造的机械自动化技术应用发展 4次下载
- 谷歌眼镜在工业自动化领域的应用 8次下载
- 工业自动化技术的组成及功能和发展应用的介绍 7次下载
- 蓝牙在工业自动化数据通信中的应用 4次下载
- TI针对工业通信的工业自动化解决方案 45次下载
- 工业自动化与控制环境下实现无线通信的新近动 19次下载
- 工业交换机在制浆自动化中的应用
- 工业交换机在造纸自动化中的应用
- 信息时代工业自动化的发展趋势
- 基于工业以太网的配电自动化系统的设计
- 基于SIMATIC工业自动化技术的说明
- 继电器在工业自动化领域的应用 584次阅读
- 工业自动化中的控制方式 469次阅读
- 工业机器人、PLC与自动化之间的关系 713次阅读
- 机器视觉技术在工业自动化中的应用 465次阅读
- 工业自动化和自动化区别是什么 1028次阅读
- SCADA系统在工业自动化中的应用 746次阅读
- 机器视觉检测技术在工业自动化中的应用 548次阅读
- 视觉控制器在工业自动化的应用 462次阅读
- PID控制器在工业自动化中的应用 989次阅读
- 过程自动化控制和运动自动化控制的原理详解 1349次阅读
- 实时控制和通信领域的IT/OT融合如何推动工业自动化 426次阅读
- 物联网技术在工业自动化中的关键技术有哪些 4394次阅读
- 工业自动化控制包括着哪些内容 1.2w次阅读
- 浅析传感器技术在机电自动化中的应用 4302次阅读
- 自动化领域初涉水 非标自动化和自动化到底有哪些区别? 6086次阅读
上传资料赚积分下载排行
本周
- 1电子电路原理第七版PDF电子教材免费下载
- 0.00 MB | 1490次下载 | 免费
- 2单片机典型实例介绍
- 18.19 MB | 92次下载 | 1 积分
- 3S7-200PLC编程实例详细资料
- 1.17 MB | 27次下载 | 1 积分
- 4笔记本电脑主板的元件识别和讲解说明
- 4.28 MB | 18次下载 | 4 积分
- 5开关电源原理及各功能电路详解
- 0.38 MB | 10次下载 | 免费
- 6基于AT89C2051/4051单片机编程器的实验
- 0.11 MB | 4次下载 | 免费
- 7蓝牙设备在嵌入式领域的广泛应用
- 0.63 MB | 3次下载 | 免费
- 89天练会电子电路识图
- 5.91 MB | 3次下载 | 免费
本月
- 1OrCAD10.5下载OrCAD10.5中文版软件
- 0.00 MB | 234313次下载 | 免费
- 2PADS 9.0 2009最新版 -下载
- 0.00 MB | 66304次下载 | 免费
- 3protel99下载protel99软件下载(中文版)
- 0.00 MB | 51209次下载 | 免费
- 4LabView 8.0 专业版下载 (3CD完整版)
- 0.00 MB | 51043次下载 | 免费
- 5555集成电路应用800例(新编版)
- 0.00 MB | 33562次下载 | 免费
- 6接口电路图大全
- 未知 | 30320次下载 | 免费
- 7Multisim 10下载Multisim 10 中文版
- 0.00 MB | 28588次下载 | 免费
- 8开关电源设计实例指南
- 未知 | 21539次下载 | 免费
总榜
- 1matlab软件下载入口
- 未知 | 935053次下载 | 免费
- 2protel99se软件下载(可英文版转中文版)
- 78.1 MB | 537791次下载 | 免费
- 3MATLAB 7.1 下载 (含软件介绍)
- 未知 | 420026次下载 | 免费
- 4OrCAD10.5下载OrCAD10.5中文版软件
- 0.00 MB | 234313次下载 | 免费
- 5Altium DXP2002下载入口
- 未知 | 233045次下载 | 免费
- 6电路仿真软件multisim 10.0免费下载
- 340992 | 191183次下载 | 免费
- 7十天学会AVR单片机与C语言视频教程 下载
- 158M | 183277次下载 | 免费
- 8proe5.0野火版下载(中文版免费下载)
- 未知 | 138039次下载 | 免费
工商网监
评论