Mashup应用作为企业情境应用程序,它利用从外部数据源检索到的内容来创建全新的服务.由于缺乏安全标准和核实鉴别的信任机制,随着更多的企业用户构建基于Mashup的应用,潜在的安全风险急剧增加.为了解决这个问题,以开发者的视角,通过解构Mashup应用的开发过程,集静态和动态安全风险因素于一体,透视Mashup应用的组件和行为特征,提出Mashup应用的定量风险评估框架,定义风险评估模型,在满足假设条件基础上,应用Markov链予以定量评估,为开发安全的应用提供参考.%An exciting type of data-integrated application based on Web is sprouting up all across the Internet, which is called Mashup application. At the same time, some new technologies and social challenges reveal themselves sequentially. This paper researches in Mashup application from a perspective of security, discusses how to assess the risks of Mashup application, and puts forward a risk evaluation model and some possible metrics for the actual assessment.
展开▼
