ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (4): 886-905.doi: 10.7544/issn1000-1239.2017.20151122

• 软件技术 • 上一篇    

面向超媒体链接的RESTful服务隐私建模方法

王进,黄志球   

  1. (南京航空航天大学计算机科学与技术学院 南京 210016) (woodenwang55@hotmail.com)
  • 出版日期: 2017-04-01
  • 基金资助: 
    国家自然科学基金项目(61272083,61262002);国家“八六三”高技术研究发展计划基金项目(2015AA015303)

Hypermedia Oriented Privacy Modeling Method for RESTful Service

Wang Jin, Huang Zhiqiu   

  1. (College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016)
  • Online: 2017-04-01

摘要: 表述性状态传递(RESTful)服务已成为当前以云计算、物联网为代表的泛在服务体系结构中使用最广泛的服务交互方式.与传统SOAP/WS-\+*Web服务不同,RESTful服务的超媒体特性使得其服务响应中常包含能作为引擎驱动新资源调用的链接.RESTful服务请求/响应过程包含复杂的内部状态变迁,也带来了更大的隐私泄露风险.如何在超媒体驱动的动态交互方式中精确刻画隐私活动并支持面向隐私需求的验证,是RESTful服务隐私保护的1个基本问题.提出了一种RESTful服务应用状态隐私的形式化模型并研究了从RESTful服务描述向此模型的自动转换方法.在该模型中,不仅通过RESTful服务中隐私活动的元建模确保了对隐私操作的精确刻画,同时形式化定义了RESTful服务资源操作、链接等基本概念以及之间的关联关系.最后讨论了该理论方法的实现框架,并通过案例分析和基于自行开发的实现工具的实验说明了方法的可用性.

关键词: RESTful服务, 隐私模型, 超媒体, 应用状态引擎, 互联网+

Abstract: Representational state transfer service(RESTful service) has gained widespread acceptance as a simpler alternative to SOAP/WS-\+*Web services. Acknowledging the hypermedia nature of RESTful service, the response of the RESTful usually contains links that can be used as the engine to fire new resource request. The complex internal state transitions in the service request/response process can lead to bigger privacy risks. How to accurately depict privacy actions in this dynamic interactive context driven by the hypermedia is one fundamental issue in RESTful service privacy protection research. In this paper we present a RESTful application state privacy model based on single-event finite automaton and discuss the automatical transformation method from RESTful service description to that formal model. We establish the privacy action meta-model to depict the atomic privacy action with accurate semantics and formally define some kernel elements of RESTful service and the relationship among them. We then discuss how to transform the RESTful service resources to the corresponding privacy actions. In addition, we propose a new data structure called resource link mapping tree to represent the relationship between the RESTful service resources and links. A transformation method based on the resource link mapping tree is introduced to generate the corresponding privacy actions from the RESTful service definition and further generate the formal single-event automata with the algorithm considering both protocol links and hypermedia links. We finally use a case-study of e-Bay “add to watch list” service and the experiments based on our prototype tools to show the feasibility of our approach.

Key words: RESTful service, privacy model, hypermedia, engine of application state, Internet+

中图分类号: