摘要
表述性状态传递(RESTful)服务已成为当前以云计算、物联网为代表的泛在服务体系结构中使用最广泛的服务交互方式.与传统SOAP/WS-*Web服务不同,RESTful服务的超媒体特性使得其服务响应中常包含能作为引擎驱动新资源调用的链接.RESTful服务请求/响应过程包含复杂的内部状态变迁,也带来了更大的隐私泄露风险.如何在超媒体驱动的动态交互方式中精确刻画隐私活动并支持面向隐私需求的验证,是RESTful服务隐私保护的1个基本问题.提出了一种RESTful服务应用状态隐私的形式化模型并研究了从RESTful服务描述向此模型的自动转换方法.在该模型中,不仅通过RESTful服务中隐私活动的元建模确保了对隐私操作的精确刻画,同时形式化定义了RESTful服务资源操作、链接等基本概念以及之间的关联关系.最后讨论了该理论方法的实现框架,并通过案例分析和基于自行开发的实现工具的实验说明了方法的可用性.
Representational state transfer service(RESTful service)has gained widespread acceptance as a simpler alternative to SOAP/WS-"Web services.Acknowledging the hypermedia nature of RESTful service,the response of the RESTful usually contains links that can be used as the engine to fire new resource request.The complex internal state transitions in the service request/response process can lead to bigger privacy risks.How to accurately depict privacy actions in this dynamic interactive context driven by the hypermedia is one fundamental issue in RESTful service privacy protection research.In this paper we present a RESTful application state privacy model based on single-event finite automaton and discuss the automatical transformation method from RESTful service description to that formal model.We establish the privacy action meta-model to depict the atomic privacy action with accurate semantics and formally define some kernel elements of RESTful service and the relationship among them.We then discuss how to transform the RESTful service resources to the corresponding privacy actions.In addition,we propose a new data structure called resource link mapping tree to represent the relationship between the RESTful service resources and links.A transformation method based on the resource link mapping tree is introduced to generate the corresponding privacy actions from the RESTful service definition and further generate the formal single-event automata with the algorithm considering both protocol links and hypermedia links.We finally use a case-study of e_Bay‘add to watch list”service and the experiments based on our prototype tools to show the feasibility of our approach.
作者
王进
黄志球
Wang Jin;Huang Zhiqiu(College of Computer Science and Technology , Nanjing University of Aeronautics and Astronautics , Nanjing 210016)
出处
《计算机研究与发展》
EI
CSCD
北大核心
2017年第4期886-905,共20页
Journal of Computer Research and Development
基金
国家自然科学基金项目(61272083
61262002)
国家"八六三"高技术研究发展计划基金项目(2015AA015303)~~
