博碩士論文 111453016 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊管理學系在職專班zh_TW
DC.creator陳怡雯zh_TW
DC.creatorYi-Wen Chenen_US
dc.date.accessioned2024-7-25T07:39:07Z
dc.date.available2024-7-25T07:39:07Z
dc.date.issued2024
dc.identifier.urihttp://ir.lib.ncu.edu.tw:444/thesis/view_etd.asp?URN=111453016
dc.contributor.department資訊管理學系在職專班zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract隨著科技的快速發展,API(應用程式介面)已成為數位轉型的關鍵技術之一。API提高了系統間便利性、促進系統整合與創新合作。然而,伴隨著API使用的爆炸性增長,安全風險顯著上升,尤其是身份驗證與授權相關的問題。 為了應對API面臨的安全威脅,各界提出了API框架的概念。歐盟在2020年提出了一個適用於政府環境的API框架,包含12項實施建議。然而,該框架在身份識別和存取管理(IAM)方面的指引尚有不足。在零信任安概念的潮流下,身份已成為新的安全邊界,可以通過IAM機制來強化身份認證和細粒度存取控制,貫徹最小權限原則。 本研究旨在探討並改善歐盟提出的API框架,將基於屬性的存取控制(ABAC)和零信任的概念整合到安全流程中,提出一個基於ABAC的API安全框架,提高API在動態和複雜環境中的靈活性和安全性,通過動態評估使用者、資源和環境的屬性來決定存取權限,提供更細粒度和情境相關的安全控制能力。這一框架讓API設計和開發人員在制定和設計API時有明確的參考依據,從而提高API的安全。本研究期望能為API安全領域提供新的視角和實踐框架,助力組織在實現數位轉型的同時,有效保護API及相關資源免受安全威脅,協助組織向零信任安全邁進。zh_TW
dc.description.abstractWith the rapid advancement of technology, APIs (Application Programming Interfaces) have become crucial for digital transformation. APIs enhance system convenience, integration, and innovation. However, their explosive growth has significantly increased security risks, especially in authentication and authorization. To address API security threats, various frameworks have been proposed. In 2020, the EU introduced an API framework for government environments with 12 implementation recommendations. However, it lacks sufficient guidance in identity and access management (IAM). With the rise of zero trust security, identity is the new security perimeter. Strengthening identity authentication and fine-grained access control through IAM mechanisms enforces the principle of least privilege. This study aims to improve the EU′s API framework by integrating attribute-based access control (ABAC) and zero trust concepts. It proposes an ABAC-based API security framework to enhance flexibility and security in dynamic environments. By evaluating user, resource, and environment attributes dynamically to determine access permissions, it offers more fine-grained, context-related security controls. This framework provides clear guidelines for API designers and developers, improving API security. The study aims to offer a new perspective and practical framework for API security, helping organizations achieve digital transformation while protecting APIs and related resources from security threats, and advancing towards zero trust security.en_US
DC.subject應用程式介面安全zh_TW
DC.subject身份識別和存取管理zh_TW
DC.subject基於屬性的存取控制zh_TW
DC.subject零信任zh_TW
DC.subject最小權限原則zh_TW
DC.subjectAPI Securityen_US
DC.subjectIdentity and Access Management(IAM)en_US
DC.subjectAttribute-Based Access Control(ABAC)en_US
DC.subjectZero Trusten_US
DC.subjectPrinciple of Least Privilegeen_US
DC.title基於屬性存取控制之應用程式介面安全框架研究zh_TW
dc.language.isozh-TWzh-TW
DC.titleResearch on Application Programming Interface Security Framework Based on Attribute-Based Access Controlen_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明