电子商务平台的组件及其安全性研究
摘要
电子商务是增强企业竞争力的动力,已成为国际现代经济和商业不可或缺的工具,并将逐渐成为21世纪的主要贸易方式。因此如何快速、便捷地开发一个完善的、可高度复用的、安全的电子商务系统是互联网时代对企业提出的新的挑战。
随着对象技术、分布计算技术以及软件工程技术的发展,面向对象的组件技术逐渐成为开发电子商务系统的主流技术。组件技术的引入使得快速迅捷地开发大规模电子商务系统成为可能。论文分析了和总结了电子商务框架的作用,阐述了基于组件的电子商务开发方法并提出了一个基于组件的电子商务软件支撑平台。安全性始终是电子商务得以广泛推广的重要保证,论文在对基于组件技术的电子商务讨论的基础上还针对电子商务中的安全问题提出了电子商务的安全体系结构。围绕这样的电子商务平台框架,我们设计并实现了分布式数据交换、基于LDAP的访问控制以及安全支付等三个电子商务平台关键组件。
针对B2B电子商务环境下供应链环节企业内部以及企业之间的数据整合的需要,我们设计了分布式数据传输组件DataTrans,实现了异构数据源(数据库数据、文本文件、XML文件)之间的可基于消息通信/Ftp/Email的、传送双方彼此独立的、用户界面友好的异步数据传送功能。论文论述了数据交换组件DataTrans的设计和实现,并用UML对其软件体系结构加以描述,更进一步讨论了面向对象设计模式技术在设计和实现工作中的应用,大大提高了软件的重用性。
在分布式环境下,如果没有完善的用户身份认证和访问控制机制,就无法保证电子商务系统的安全运行,无法充分发挥分布式应用的灵活性。传统的基于数据库的安全访问控制已经不能适于分布式环境下电子商务的应用。论文在分析了现有的访问控制模型的基础上,提出了基于LDAP的RBAC安全访问控制和安全管理的模型,并对分布式数据传输组件DataTrans进行安全性访问控制的扩充设计。
作为电子商务的重要组成部分,安全电子支付在电子交易的过程中起着举足轻重的作用。论文的最后还分析了网上支付系统的相关技术,并对现有的网上支付系统的安全性进行折衷,基于JDK的加密体系实现了一个网上支付原型组件系统,对网上支付组件技术做了初步探讨。
E-Business is an indispensable way in modern international economy and commerce and it is becoming the main trading way in 21 century gradually. So how to develop a perfect, highly reusable and secure e-Business system quickly and conveniently is a new challenge brought to enterprises by Internet era.
With the development of the object technology, distributed computing technology and software engineering technology, the object-oriented component technology is becoming a mainstream technology to develop e-Business systems. The component technology makes it possible to develop a large-scale e-Business system quickly and conveniently. In this thesis, we analyze and summarize the functionality of the e-Business framework, interpret the developing method of component-based e-Business and we further bring forward a component-based e-Business software supporting platform. We also give a security architecture model of e-Business, which is the necessary guarantee for the e-Business. Within this framework, we design and implement three key components in e-Business platform: the distributed data transfer component, the LDAP-based access control component and the online payment component.
As to the data integration in the supply chain inside and outside the enterprise in e-Business environment, we design and implement a distributed data transfer component DataTrans. We realize the asynchronous transfer function with good user interface between heterogeneous data sources such as Relational Database, Text files, XML files and etc, and we integrate different communication modes, such as Message Queue, Ftp, Email and etc, in which the sender and receiver are both independent. We elaborate the design and implementation of this component, describe the software architecture using UML and further discuss the application of object-oriented design pattern technology, which improves the reusability of the software greatly.
In distributed environment, if there is not a perfect mechanism to authenticate the users and access control, the security of e-Business systems could not be guaranteed and the distributed agility could not be exerted sufficiently. Traditional security access control based on the database could not accommodate the application of e-Business in distributed environment. In this thesis, after analyzing the existed access control technology, we bring forward a RBAC security access control and manage model based on LDAP and design the security access control for the component DataTrans.
In e-Business, security electronic payment always plays an important role in the electronic transaction. At the end, we analyze the related online payment technology, implement an online payment prototype component system based on the Java cryptography architecture and discuss the online payment component technology briefly.
随着对象技术、分布计算技术以及软件工程技术的发展,面向对象的组件技术逐渐成为开发电子商务系统的主流技术。组件技术的引入使得快速迅捷地开发大规模电子商务系统成为可能。论文分析了和总结了电子商务框架的作用,阐述了基于组件的电子商务开发方法并提出了一个基于组件的电子商务软件支撑平台。安全性始终是电子商务得以广泛推广的重要保证,论文在对基于组件技术的电子商务讨论的基础上还针对电子商务中的安全问题提出了电子商务的安全体系结构。围绕这样的电子商务平台框架,我们设计并实现了分布式数据交换、基于LDAP的访问控制以及安全支付等三个电子商务平台关键组件。
针对B2B电子商务环境下供应链环节企业内部以及企业之间的数据整合的需要,我们设计了分布式数据传输组件DataTrans,实现了异构数据源(数据库数据、文本文件、XML文件)之间的可基于消息通信/Ftp/Email的、传送双方彼此独立的、用户界面友好的异步数据传送功能。论文论述了数据交换组件DataTrans的设计和实现,并用UML对其软件体系结构加以描述,更进一步讨论了面向对象设计模式技术在设计和实现工作中的应用,大大提高了软件的重用性。
在分布式环境下,如果没有完善的用户身份认证和访问控制机制,就无法保证电子商务系统的安全运行,无法充分发挥分布式应用的灵活性。传统的基于数据库的安全访问控制已经不能适于分布式环境下电子商务的应用。论文在分析了现有的访问控制模型的基础上,提出了基于LDAP的RBAC安全访问控制和安全管理的模型,并对分布式数据传输组件DataTrans进行安全性访问控制的扩充设计。
作为电子商务的重要组成部分,安全电子支付在电子交易的过程中起着举足轻重的作用。论文的最后还分析了网上支付系统的相关技术,并对现有的网上支付系统的安全性进行折衷,基于JDK的加密体系实现了一个网上支付原型组件系统,对网上支付组件技术做了初步探讨。
E-Business is an indispensable way in modern international economy and commerce and it is becoming the main trading way in 21 century gradually. So how to develop a perfect, highly reusable and secure e-Business system quickly and conveniently is a new challenge brought to enterprises by Internet era.
With the development of the object technology, distributed computing technology and software engineering technology, the object-oriented component technology is becoming a mainstream technology to develop e-Business systems. The component technology makes it possible to develop a large-scale e-Business system quickly and conveniently. In this thesis, we analyze and summarize the functionality of the e-Business framework, interpret the developing method of component-based e-Business and we further bring forward a component-based e-Business software supporting platform. We also give a security architecture model of e-Business, which is the necessary guarantee for the e-Business. Within this framework, we design and implement three key components in e-Business platform: the distributed data transfer component, the LDAP-based access control component and the online payment component.
As to the data integration in the supply chain inside and outside the enterprise in e-Business environment, we design and implement a distributed data transfer component DataTrans. We realize the asynchronous transfer function with good user interface between heterogeneous data sources such as Relational Database, Text files, XML files and etc, and we integrate different communication modes, such as Message Queue, Ftp, Email and etc, in which the sender and receiver are both independent. We elaborate the design and implementation of this component, describe the software architecture using UML and further discuss the application of object-oriented design pattern technology, which improves the reusability of the software greatly.
In distributed environment, if there is not a perfect mechanism to authenticate the users and access control, the security of e-Business systems could not be guaranteed and the distributed agility could not be exerted sufficiently. Traditional security access control based on the database could not accommodate the application of e-Business in distributed environment. In this thesis, after analyzing the existed access control technology, we bring forward a RBAC security access control and manage model based on LDAP and design the security access control for the component DataTrans.
In e-Business, security electronic payment always plays an important role in the electronic transaction. At the end, we analyze the related online payment technology, implement an online payment prototype component system based on the Java cryptography architecture and discuss the online payment component technology briefly.
引文
1. Simon S.Y Sbim,Visbnu S.Pendyala,Meera Sundaram,Jerry Z.Gao,Business-to-Business E-Commerce Frameworks,Computer 0018-9162 2000 IEEE Vol.33,No.10;October 2000,pp.40-47
2. Peter Fingar,Component-Based frameworks For E-Commerce,COMMUNICATIONS OF THE ACM,October 2000/Vol.43,No.10
3. 中科院软件所,cnXML需求规范,2001.3
4. Dick Brooks,Nick kassem,ebXml Message Envolope Specification v0-5,May 26,2000
5. 方美琪,“电子商务概论”,清华大学出版社,2000.2
6. 陈进,“电子商务金融与安全”,清华大学出版社,2000.8
7. 张福德,“电子商务安全技术”,中国城市出版社,2001.2
8. Objet Management Group,Security Service Specification,Version 1.7,http://www.omg.org/technology/documents/formal/omg_security.htm,2001.3
9. 冯玉琳、黄涛、倪彬,“对象技术导论”,科学出版社,1998
10. Philip A. Bernstein,Middleware:a model for distributed system services,Communication of the ACM Vol. 39,No. 2,1996
11. Frank Eliassen,Vera Goebel,Tom Kristensen and Thomas Plagemann,Next Generation Middleware: Requirements,Architecture,and Prototypes,Proceedings of the Seventh IEEE Workshop on Future Trends of Distributed Computing Systems,1999
12. Trygve Reenskaug,Component Based Development - The True Object Orientation,Proceedings of the Technology of Object-Oriented Languages and Systems,1998
13. Mary Shaw,David Garlan,Software Architecture:Perspectives on an Emerging Discipline,Prentice Hall,1996
14. Christine Hofmeister,Robert Nord,Dilip Soni,Applied Software Architecture,Addison-Wesley,2000
15. 中科院软件所对象技术中心技术报告,消息队列中间件ISMQ的设计和实现,2000.10
16. Erich Gamma,Richard Helm,Ralph Johnson,John Vlissides,Design Patterns Elements of Reusable Object-Oriented Software,Addison-Wesley,1995
17. W3C,Extensible Markup Language (XML) 1.0,http://www.w3.org/DOM/,April 13,2000
18. Charles F.Goldfarb,“XML实用技术”清华大学出版社,1999.9
19. 劳虎,“无废话XML”,两只老虎工作室,2001.3
20. G. Hicks,User FTP Documentation,RFC 412,1972.11
21. Jonathan B. Postel,SIMPLE MAIL TRANSFER PROTOCOL,RFC 821,1982.8
22. J. Myers,M. Rose,Post Office Protocol - Version 3,RFC 1725,1994.11
23. The Apache Software Foundation,Xerces-C++ Documentation v1.7.0,http://xml.apache.org/xerces-c/apiDocs/index.html,2000
24. Ravi S.Sandhu,Edward J. Coyne,Hal L. Feinstein,Charles E. Youman,Role-Based Access Control Models,Computer, 1996.2
25. W. Yeong,T. Howes,S. Kille,Lightweight Directory Access Protocol,RFC1777,1995.3
26. T. Howes,S. Kille,W. Yeong,C. Robbins,The String Representation of Standard Attribute Syntaxes,RFC1778,1995.3
27. M. Wahl,T. Howes,S. Kille,Lightweight Directory Access Protocol (v3),RFC2251,1997.12
28. 袁勤译,“Microsoft Windows 2000 目录服务器基础结构设计与管理”,北京希望电子出版社,2000.12
29. OpenLdap Foundation,OpenLDAP 2.1 Administrator's Guide,http://www.openldap.org/,2002.6
30. 陈广宇,中国科技文献资源网络服务系统的设计与实现,中科院软件所硕士论文
31. Objet Management Group,Unified Modeling Language Specification,Version 1.4,http://www.omg.org/technology/documents/formal/uml.htm,2001.9
32. James Rumbaugh著,姚淑珍等译,“UML参考手册”,机械工业出版社, 2001.1
33. William Stallings,Cryptography and Network Security,Principles and Practice Second Edition,“密码编码学与网络安全:原理与实践(第二版)”,电子工业出版社,2001.4
34. 施奈尔,“应用密码学-协议、算法与C源程序”,机械工业出版社,2000.1
35. Alan O. Freier,Philip Karlton,Paul C. Kocher,The SSL Protocol Version 3.0,Transport Layer Security Working Group,Internet Draft,http://www.netscape.com/eng/ssl3/,1996.11
36. VISA、MasterCard,SET Secure Electronic Transaction Specification Book1,Book2,Book3,Version 1,http://www.setco.org,1997.3
37. Li Gong,“Java2平台安全技术-结构、API设计和实现”,机械工业出版社,2000.2
38. Sun Ltd.,Java Cryptography Extension Reference Guide for the JavaTM 2 SDK,Standard Edition,v 1.4,http://java.sun.com/j2se/1.4/docs/guide/security/jce/JCERefGuide.html
39. 宋辉、江峰等,“Java服务器程序设计”,清华大学出版社,1999.6
40. Sun Microsystem,“JavaTM DevelopmentKitDocument”,http://www.sun.com,2001
41. John Zukowski,“Java2 从入门到精通”,电子工业出版社,2001.12
42. George Coulouris,Jean Dollimore,Tim Kindberg,Distributed Systems Concepts and Design,Third edition,Addison-Wesley 2000
2. Peter Fingar,Component-Based frameworks For E-Commerce,COMMUNICATIONS OF THE ACM,October 2000/Vol.43,No.10
3. 中科院软件所,cnXML需求规范,2001.3
4. Dick Brooks,Nick kassem,ebXml Message Envolope Specification v0-5,May 26,2000
5. 方美琪,“电子商务概论”,清华大学出版社,2000.2
6. 陈进,“电子商务金融与安全”,清华大学出版社,2000.8
7. 张福德,“电子商务安全技术”,中国城市出版社,2001.2
8. Objet Management Group,Security Service Specification,Version 1.7,http://www.omg.org/technology/documents/formal/omg_security.htm,2001.3
9. 冯玉琳、黄涛、倪彬,“对象技术导论”,科学出版社,1998
10. Philip A. Bernstein,Middleware:a model for distributed system services,Communication of the ACM Vol. 39,No. 2,1996
11. Frank Eliassen,Vera Goebel,Tom Kristensen and Thomas Plagemann,Next Generation Middleware: Requirements,Architecture,and Prototypes,Proceedings of the Seventh IEEE Workshop on Future Trends of Distributed Computing Systems,1999
12. Trygve Reenskaug,Component Based Development - The True Object Orientation,Proceedings of the Technology of Object-Oriented Languages and Systems,1998
13. Mary Shaw,David Garlan,Software Architecture:Perspectives on an Emerging Discipline,Prentice Hall,1996
14. Christine Hofmeister,Robert Nord,Dilip Soni,Applied Software Architecture,Addison-Wesley,2000
15. 中科院软件所对象技术中心技术报告,消息队列中间件ISMQ的设计和实现,2000.10
16. Erich Gamma,Richard Helm,Ralph Johnson,John Vlissides,Design Patterns Elements of Reusable Object-Oriented Software,Addison-Wesley,1995
17. W3C,Extensible Markup Language (XML) 1.0,http://www.w3.org/DOM/,April 13,2000
18. Charles F.Goldfarb,“XML实用技术”清华大学出版社,1999.9
19. 劳虎,“无废话XML”,两只老虎工作室,2001.3
20. G. Hicks,User FTP Documentation,RFC 412,1972.11
21. Jonathan B. Postel,SIMPLE MAIL TRANSFER PROTOCOL,RFC 821,1982.8
22. J. Myers,M. Rose,Post Office Protocol - Version 3,RFC 1725,1994.11
23. The Apache Software Foundation,Xerces-C++ Documentation v1.7.0,http://xml.apache.org/xerces-c/apiDocs/index.html,2000
24. Ravi S.Sandhu,Edward J. Coyne,Hal L. Feinstein,Charles E. Youman,Role-Based Access Control Models,Computer, 1996.2
25. W. Yeong,T. Howes,S. Kille,Lightweight Directory Access Protocol,RFC1777,1995.3
26. T. Howes,S. Kille,W. Yeong,C. Robbins,The String Representation of Standard Attribute Syntaxes,RFC1778,1995.3
27. M. Wahl,T. Howes,S. Kille,Lightweight Directory Access Protocol (v3),RFC2251,1997.12
28. 袁勤译,“Microsoft Windows 2000 目录服务器基础结构设计与管理”,北京希望电子出版社,2000.12
29. OpenLdap Foundation,OpenLDAP 2.1 Administrator's Guide,http://www.openldap.org/,2002.6
30. 陈广宇,中国科技文献资源网络服务系统的设计与实现,中科院软件所硕士论文
31. Objet Management Group,Unified Modeling Language Specification,Version 1.4,http://www.omg.org/technology/documents/formal/uml.htm,2001.9
32. James Rumbaugh著,姚淑珍等译,“UML参考手册”,机械工业出版社, 2001.1
33. William Stallings,Cryptography and Network Security,Principles and Practice Second Edition,“密码编码学与网络安全:原理与实践(第二版)”,电子工业出版社,2001.4
34. 施奈尔,“应用密码学-协议、算法与C源程序”,机械工业出版社,2000.1
35. Alan O. Freier,Philip Karlton,Paul C. Kocher,The SSL Protocol Version 3.0,Transport Layer Security Working Group,Internet Draft,http://www.netscape.com/eng/ssl3/,1996.11
36. VISA、MasterCard,SET Secure Electronic Transaction Specification Book1,Book2,Book3,Version 1,http://www.setco.org,1997.3
37. Li Gong,“Java2平台安全技术-结构、API设计和实现”,机械工业出版社,2000.2
38. Sun Ltd.,Java Cryptography Extension Reference Guide for the JavaTM 2 SDK,Standard Edition,v 1.4,http://java.sun.com/j2se/1.4/docs/guide/security/jce/JCERefGuide.html
39. 宋辉、江峰等,“Java服务器程序设计”,清华大学出版社,1999.6
40. Sun Microsystem,“JavaTM DevelopmentKitDocument”,http://www.sun.com,2001
41. John Zukowski,“Java2 从入门到精通”,电子工业出版社,2001.12
42. George Coulouris,Jean Dollimore,Tim Kindberg,Distributed Systems Concepts and Design,Third edition,Addison-Wesley 2000