电子商务安全中间件负载控制机制的设计与实现
|
摘要
网络技术的飞速发展和广泛应用,从根本上改变了人类的传统交易方式和观念。建立在高速、开放的因特网上的电子商务,其交易安全与交易效率一直是理论和实际中的热门研究课题。本文的课题研究正是基于这一背景展开的。
论文深入研究了J2EE安全机制、身份认证与授权,总结了在电子商务中基于PKI和SSL构建安全中间件的主流技术。结合安全协议的Petri网建模分析,针对网上安全交易模式中的效率问题,提出了构建会话恢复及连接分类的负载控制机制,以优化系统性能,提高应用安全和交互效率,增强商务网站的竞争力与影响力。
基于构建安全中间件负载控制机制的设计模式、方案和功能划分,论文重点讨论了采用OpenSSL工具建立CA中心,使用JSP实现身份认证、数字签名的过程。根据数据库设计,类结构设计,分析了数据库连接、实现JavaBean及Servlet的方法,给出了用工具类及DWR技术,实现负载控制机制的详细过程。
论文介绍了建立模拟环境,采用LoadRunner工具虚拟用户访问,按两套方案分别测试负载控制机制的过程和效果。对测试结果的比较分析表明,使用会话分类负载控制机制能有效缩短服务器平均响应时间,提高电子商务网站响应效率。
论文最后总结了课题所做的工作,给出进一步的研究展望。
The rapid development and extensive application of Internet technology have changed human traditional trading methods and concepts. The security and efficiency of EC, built on high-speed and open-Internet, are always the popular topics in theory and practices. This research topic is deployed on these backgrounds.
In this paper, security mechanisms, authentication and authorization of J2EE are intensively studied, the mainstream technologies of building secure middleware in EC, which is based on PKI and SSL, are summarized. Combined with the modeling-analysis of Petri net on secure protocol, aiming at the efficiency problems in internet secure transactional model, the overload control mechanism based on session-resumed and session classification is proposed, to optimize system performance, enhance application security and interactive efficiency, strengthen the competitiveness and influence of business site.
Based on the design method、project and functional partitioning of secure middleware overload control mechanism, building Certification Authority by OpenSSL, realizing the Identify Authentication by JSP, and the process of Digital Signature are discussed significantly in this paper. According to the design of database and classes, the method of database connectivity, realizing of JavaBeans and Servlet is analyzed, the detail process of using tool-class and DWR to realize overload control mechanism is given.
In this paper, the virtual environment is built, in which we can use LoadRunner to simulate users' visitation for the purpose of testing the process and effects of overload control mechanism by two different ways. According to the comparative analysis, the average response time is sharply reduced, the efficiency of EC site is raised by the overload control mechanism based on Session classification
At last the completed work is summarized, and the further research expectations are given.
论文深入研究了J2EE安全机制、身份认证与授权,总结了在电子商务中基于PKI和SSL构建安全中间件的主流技术。结合安全协议的Petri网建模分析,针对网上安全交易模式中的效率问题,提出了构建会话恢复及连接分类的负载控制机制,以优化系统性能,提高应用安全和交互效率,增强商务网站的竞争力与影响力。
基于构建安全中间件负载控制机制的设计模式、方案和功能划分,论文重点讨论了采用OpenSSL工具建立CA中心,使用JSP实现身份认证、数字签名的过程。根据数据库设计,类结构设计,分析了数据库连接、实现JavaBean及Servlet的方法,给出了用工具类及DWR技术,实现负载控制机制的详细过程。
论文介绍了建立模拟环境,采用LoadRunner工具虚拟用户访问,按两套方案分别测试负载控制机制的过程和效果。对测试结果的比较分析表明,使用会话分类负载控制机制能有效缩短服务器平均响应时间,提高电子商务网站响应效率。
论文最后总结了课题所做的工作,给出进一步的研究展望。
The rapid development and extensive application of Internet technology have changed human traditional trading methods and concepts. The security and efficiency of EC, built on high-speed and open-Internet, are always the popular topics in theory and practices. This research topic is deployed on these backgrounds.
In this paper, security mechanisms, authentication and authorization of J2EE are intensively studied, the mainstream technologies of building secure middleware in EC, which is based on PKI and SSL, are summarized. Combined with the modeling-analysis of Petri net on secure protocol, aiming at the efficiency problems in internet secure transactional model, the overload control mechanism based on session-resumed and session classification is proposed, to optimize system performance, enhance application security and interactive efficiency, strengthen the competitiveness and influence of business site.
Based on the design method、project and functional partitioning of secure middleware overload control mechanism, building Certification Authority by OpenSSL, realizing the Identify Authentication by JSP, and the process of Digital Signature are discussed significantly in this paper. According to the design of database and classes, the method of database connectivity, realizing of JavaBeans and Servlet is analyzed, the detail process of using tool-class and DWR to realize overload control mechanism is given.
In this paper, the virtual environment is built, in which we can use LoadRunner to simulate users' visitation for the purpose of testing the process and effects of overload control mechanism by two different ways. According to the comparative analysis, the average response time is sharply reduced, the efficiency of EC site is raised by the overload control mechanism based on Session classification
At last the completed work is summarized, and the further research expectations are given.
引文
[1]王刊良.基于分类的企业电子商务模式创新方法[J].系统工程理论与实践,2003,3:18-22.
[2]FablOCasati,Ming-ChienShan: Event-Based Interaction Management for Composite E-Services in eFlow, 《Information system Frontiers》,2002,4(1):19-31.
[3]张大陆,杨哲.基于中间件的电子商务服务集成[J].计算机工程,2003,8:68-69.
[4]http://www.cs.kuleuven.be/conference/MidSec2008/
[5]徐杰科.SSL协议密码算法的高效实现[D].合肥:国防科学技术大学,2008.
[6]Xiaodong Lin, Johnny W. Wong and Weidong Kou. Performance Analysis of Secure Web Server Based on SSL. Springer Berlin/Heidelberg,2000.
[7]张明龙,冯博琴,王雪平.并发多媒体服务系统超载模型分析[J].西安交通大学学报,2006,40-2:161-164
[8](美)Roger A.Grimes著,张志斌,贾旺盛等译.恶意传播代码:Windows病毒防护.北京:机械工业出版社,2005:33-41.
[9]翟雪峰.SSL的安全分析及被劫持的研究、实现[D].成都:四川大学,2004.
[10]Wonjoo Park; Dong-il Seo; Jong-soo Jang; Daeyoung Kim. A Study on Security Middleware Framework for the Ubiquitous Platform. Vehicular Technology Conference,2006. VTC-2006 Fall.2006 IEEE 64th,Volume, Issue,25-28 Sept 2006 Page(s):1-5.
[11]秦璨,高文,储方.中间件技术研究[J]计算机应用研究,2003,8:35-37.
[12]王丹.基于消息中间件的过程控制软件开发平台Plature的研究与实践[D].西安:西安建筑科技大学,2004.
[13]齐芳,贾维嘉,王国军.SSL握手协议中客户端平衡密钥交换算法[J].计算机工程与应用,2007,43(19):1-3.
[14]向建生.安全中间件系统关键技术研究[D].成都:电子科技大学,2006.
[15]许立.安全中间件的研究及相关模块的设计和实现[D].成都:电子科技大学,2002.
[16]王鸿.电子商务安全体系结构及关键技术研究[D].济南:山东大学,2006.
[17]谢冬青,冷健.PKI原理与技术.北京:清华大学出版社,2005.
[18]Ali Nasrat Haidar Ali E. Abdallah. Formal Modelling of PKI Based Authentication[J]. Electronic Notes in Theoretical Computer Science,235 (2009):55-70.
[19]张福德.电子商务安全认证实用技术.北京:中国对外经济贸易出版社,2004.
[20](美)Marco Pistoja,Nataraj Nagaratnam等著,尹亚,明喻卫,严进宝译.企业级java安全性(构建安全的j2ee应用).北京:清华大学出版社,2006.
[21]The Open SSL Project. OpenSSL:The Open Source toolkit for SSL/TSL. http://Openssl.org/
[22]http://openssl.en/default.asp
[23]刘中兵,许晓昕,薛道铭.精通Tomc-JavaWeb应用开发、框架分析与组件配置、系统集成与案例实战.北京:清华大学出版社,2008.
[24]http://www.eclipse.org/org/
[25]SSL技术白皮书.杭州:华三通信技术有限公司www.h3c.com.cn
[26]Frier Pkarlton, P Kocher. The SSL3.0 Protocol. USA:Netscape Communication Corp,1996.
[27]CA全新ITIL解决方案以最低成本创造最高价值,http://www.zdnet.com.cn/managesoft
[28]顾成威.SSL技术研究及其安全代理设计[D].重庆:西南交通大学,2003.
[29]舒之兵.一种改进的SSL握手协议及在VPN中的应用[D].武汉:华中科技大学,2006.
[30]Shacham H,Boneh D. Improving SSL handshake performance via batching.LNCS RSA'2001. San Francisco,CA,USA:Spring-Verlag,2001,2020:28-43.
[31]赵榛,鲍飞,刘克钧.用Java Applet实现SSL的128位强加密[J].华中科技大学学报(自然科学版),2004,32:74-76.
[32]张雪,马光思,毛宏燕.基于SSL提高网上安全交易性能的研究[J].微电子学与计算机,2011,2(已录用).
[33]林松.电子支付安全体系结构的研究与实现[D].成都:四川大学,2005.
[34]Tadao Murata.Petri Nets:Properties,Analysis and Applications.Proceedings of the IEEE,vol,77,No.4,April 1989:541-579.
[35]金仑,谢俊元.Web环境下提高TLS性能的研究[J].计算机工程与应用,2005,21:136-138.
[36]翟东锴,徐孟春,赵欣,韩儒博.一种加强SSL协议安全性的解决方案[J].计算机应用与软件,2005,22.
[37]辛阳,高雪松,高程,杨义先.改进安全套接层协议性能的安全系统设计[J].北京邮电大学学报,2007,30,6:89-93.
[38]Ashraf Elgoharya, Tarek S. Sobha, M. Zakib, Design of an enhancement for SSL/TLS protocols[J]. Computers & Security,2006,25:297-306.
[39]Jordi Guitart, David Carrera, Vicenc Beltran, Jordi Torres, Eduard Ayguade. Designing an overload control strategy for securee-commerce applications [J]. Computer Networks, 2007,51:297-306.
[40]Jordi Guitart, David Carrera, Vicenc Beltran, Jordi Torres, Eduard Ayguade. Dynamic CPU provisioning for self-managed secure web applications in SMP hosting platforms[J]. Computer Networks,2008,52:1390-1409.
[41]Jordi Guitart, David Carrera, Vicenc Beltran, Jordi Torres, Eduard Ayguade'.Preventing Secure Web Applications Overload through Dynamic Resource Provisioning and Admission Control[J]. E Ayguade,2006.
[42]唐思臣.基于JZEE架构的业务中间件的研究与实现[D].武汉:武汉理工大学.2007.
[43]http://blog.csdn.net/defonds/archive/2009/04/11/4065458.aspx
[44]张新曼..JSP-Web开发技术与典型应用.北京:人民邮电出版社,2007.
[45]马臣云,王彦.PKI网络安全认证技术与编程实现.北京:人民邮电出版社,2009.
[46]http://directwebremoting.org/dwr/
[47]Henry Story, Bruno Harbulot, Ian Jacobi, Mike Jones. FOAF+SSL: RESTful Authentication for the Social Web. http://creativecommons.org/licenses/by/3.0
[48]http://www.csai.cn
[49]Loadrunner使用手册.http://wenku.baidu.com/view/2b792a0c844769eae009edaf.html
[2]FablOCasati,Ming-ChienShan: Event-Based Interaction Management for Composite E-Services in eFlow, 《Information system Frontiers》,2002,4(1):19-31.
[3]张大陆,杨哲.基于中间件的电子商务服务集成[J].计算机工程,2003,8:68-69.
[4]http://www.cs.kuleuven.be/conference/MidSec2008/
[5]徐杰科.SSL协议密码算法的高效实现[D].合肥:国防科学技术大学,2008.
[6]Xiaodong Lin, Johnny W. Wong and Weidong Kou. Performance Analysis of Secure Web Server Based on SSL. Springer Berlin/Heidelberg,2000.
[7]张明龙,冯博琴,王雪平.并发多媒体服务系统超载模型分析[J].西安交通大学学报,2006,40-2:161-164
[8](美)Roger A.Grimes著,张志斌,贾旺盛等译.恶意传播代码:Windows病毒防护.北京:机械工业出版社,2005:33-41.
[9]翟雪峰.SSL的安全分析及被劫持的研究、实现[D].成都:四川大学,2004.
[10]Wonjoo Park; Dong-il Seo; Jong-soo Jang; Daeyoung Kim. A Study on Security Middleware Framework for the Ubiquitous Platform. Vehicular Technology Conference,2006. VTC-2006 Fall.2006 IEEE 64th,Volume, Issue,25-28 Sept 2006 Page(s):1-5.
[11]秦璨,高文,储方.中间件技术研究[J]计算机应用研究,2003,8:35-37.
[12]王丹.基于消息中间件的过程控制软件开发平台Plature的研究与实践[D].西安:西安建筑科技大学,2004.
[13]齐芳,贾维嘉,王国军.SSL握手协议中客户端平衡密钥交换算法[J].计算机工程与应用,2007,43(19):1-3.
[14]向建生.安全中间件系统关键技术研究[D].成都:电子科技大学,2006.
[15]许立.安全中间件的研究及相关模块的设计和实现[D].成都:电子科技大学,2002.
[16]王鸿.电子商务安全体系结构及关键技术研究[D].济南:山东大学,2006.
[17]谢冬青,冷健.PKI原理与技术.北京:清华大学出版社,2005.
[18]Ali Nasrat Haidar Ali E. Abdallah. Formal Modelling of PKI Based Authentication[J]. Electronic Notes in Theoretical Computer Science,235 (2009):55-70.
[19]张福德.电子商务安全认证实用技术.北京:中国对外经济贸易出版社,2004.
[20](美)Marco Pistoja,Nataraj Nagaratnam等著,尹亚,明喻卫,严进宝译.企业级java安全性(构建安全的j2ee应用).北京:清华大学出版社,2006.
[21]The Open SSL Project. OpenSSL:The Open Source toolkit for SSL/TSL. http://Openssl.org/
[22]http://openssl.en/default.asp
[23]刘中兵,许晓昕,薛道铭.精通Tomc-JavaWeb应用开发、框架分析与组件配置、系统集成与案例实战.北京:清华大学出版社,2008.
[24]http://www.eclipse.org/org/
[25]SSL技术白皮书.杭州:华三通信技术有限公司www.h3c.com.cn
[26]Frier Pkarlton, P Kocher. The SSL3.0 Protocol. USA:Netscape Communication Corp,1996.
[27]CA全新ITIL解决方案以最低成本创造最高价值,http://www.zdnet.com.cn/managesoft
[28]顾成威.SSL技术研究及其安全代理设计[D].重庆:西南交通大学,2003.
[29]舒之兵.一种改进的SSL握手协议及在VPN中的应用[D].武汉:华中科技大学,2006.
[30]Shacham H,Boneh D. Improving SSL handshake performance via batching.LNCS RSA'2001. San Francisco,CA,USA:Spring-Verlag,2001,2020:28-43.
[31]赵榛,鲍飞,刘克钧.用Java Applet实现SSL的128位强加密[J].华中科技大学学报(自然科学版),2004,32:74-76.
[32]张雪,马光思,毛宏燕.基于SSL提高网上安全交易性能的研究[J].微电子学与计算机,2011,2(已录用).
[33]林松.电子支付安全体系结构的研究与实现[D].成都:四川大学,2005.
[34]Tadao Murata.Petri Nets:Properties,Analysis and Applications.Proceedings of the IEEE,vol,77,No.4,April 1989:541-579.
[35]金仑,谢俊元.Web环境下提高TLS性能的研究[J].计算机工程与应用,2005,21:136-138.
[36]翟东锴,徐孟春,赵欣,韩儒博.一种加强SSL协议安全性的解决方案[J].计算机应用与软件,2005,22.
[37]辛阳,高雪松,高程,杨义先.改进安全套接层协议性能的安全系统设计[J].北京邮电大学学报,2007,30,6:89-93.
[38]Ashraf Elgoharya, Tarek S. Sobha, M. Zakib, Design of an enhancement for SSL/TLS protocols[J]. Computers & Security,2006,25:297-306.
[39]Jordi Guitart, David Carrera, Vicenc Beltran, Jordi Torres, Eduard Ayguade. Designing an overload control strategy for securee-commerce applications [J]. Computer Networks, 2007,51:297-306.
[40]Jordi Guitart, David Carrera, Vicenc Beltran, Jordi Torres, Eduard Ayguade. Dynamic CPU provisioning for self-managed secure web applications in SMP hosting platforms[J]. Computer Networks,2008,52:1390-1409.
[41]Jordi Guitart, David Carrera, Vicenc Beltran, Jordi Torres, Eduard Ayguade'.Preventing Secure Web Applications Overload through Dynamic Resource Provisioning and Admission Control[J]. E Ayguade,2006.
[42]唐思臣.基于JZEE架构的业务中间件的研究与实现[D].武汉:武汉理工大学.2007.
[43]http://blog.csdn.net/defonds/archive/2009/04/11/4065458.aspx
[44]张新曼..JSP-Web开发技术与典型应用.北京:人民邮电出版社,2007.
[45]马臣云,王彦.PKI网络安全认证技术与编程实现.北京:人民邮电出版社,2009.
[46]http://directwebremoting.org/dwr/
[47]Henry Story, Bruno Harbulot, Ian Jacobi, Mike Jones. FOAF+SSL: RESTful Authentication for the Social Web. http://creativecommons.org/licenses/by/3.0
[48]http://www.csai.cn
[49]Loadrunner使用手册.http://wenku.baidu.com/view/2b792a0c844769eae009edaf.html