工作流系统带权角色与周期时间访问控制模型
作者:
基金项目:

Supported by the National Natural Science Foundation of China under Grant No.90204012 (国家自然科学基金); the National High-Tech Research and Development Plan of China under Grant No.2002AA143021 (国家高技术研究发展计划(863))


A Weighted Role and Periodic Time Access Control Model of WorkFlow System
  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [12]
  • |
  • 相似文献
  • |
  • 引证文献
  • | |
  • 文章评论
    摘要:

    带权角色激活任务和周期时间授权是工作流系统访问控制研究尚未解决的核心问题.以基于角色的访问控制模型为基础,提出了一种新的工作流系统带权角色与周期时间访问控制模型WRPTAC(weighted role and periodic time access control).讨论了周期时间表示方法,定义了工作流系统授权新概念和时态授权推导规则,给出了时间复杂度为O(n2)的时态授权推导规则一致性验证图论算法,并定义了任务激活约束规则.它能够表达复杂的工作流系统访问控制约束.

    Abstract:

    A weighted role for activating task and periodic time authorization is an unsolved major problem for the access control of a workflow management system (WfMS). In this paper, a novel weighted role and periodic time access control (WRPTAC) model for WfMS is proposed on the basis of a role-based access control model. The periodic time expression method is discussed and then the new authorization concepts and the temporal authorization derivation rules for WfMS are defined respectively. An algorithm based on the graph theory for verifying the consistency of all the authorization derivation rules is presented, which has the time complexity of O(n2). The constraint rule for activating task is defined, which can express complex access control constraints for WfMS.

    参考文献
    [1]Ferraiolo DF, Sandhu R, Guirila S, Kuhn DR, Chandramouli R. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 2001,4(3):224~274.
    [2]Botha RA, Eloff JHP. Access control in document centric workflow system: an agent-based approach. Computers & Security, 2001,20(6):525~532.
    [3]Wu SL, Sheth A, Miller J, Luo ZW. Authorization and access control of application data in workflow system. Journal of Intelligent Information System, 2002,18(1):71~94.
    [4]Bertino E, Bonatti PA, Ferrari E. TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security, 2001,4(3):191~223.
    [5]Dong GY, Qing SH, Liu KL. Role-Based authorization constraint with time character. Journal of Software, 2002,13(8):1521~1527 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/13/1521.pdf.
    [6]Deng JB, Hong F. Task-Based access control model. Journal of Software, 2003,14(1):76~82 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/14/76.htm.
    [7]Shi ML,Yang GX, Xiang Y, Wu SG. WfMS: Workflow management system. Chinese Journal of Computers, 1999,22(3):325~334 (in Chinese with English abstract).
    [8]Li HF, Fan YS. Overview on managing time in workflow systems. Journal of Software, 2002,13(8):1552~1558 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/13/1552.pdf.
    [9]董光宇,卿斯汉,刘克龙.带时间特性的角色授权约束.软件学报,2002,13(8):1521~1527. http://www.jos.org.cn/1000-9825/13/ 1521.pdf.
    [10]邓集波,洪帆.基于任务的授权模型.软件学报,2003,14(1):76~82. http://www.jos.org.cn/1000-9825/14/76.htm.
    [11]史美林,杨光信,向勇,伍尚广.WfMS:工作流管理系统.计算机学报,1999,22(3):325~334.
    [12]李慧芳,范玉顺.工作流系统时间管理.软件学报,2002,13(8):1552~1558. http://www.jos.org.cn/1000-9825/13/1552.pdf.
    相似文献
    引证文献
引用本文

王小明,赵宗涛,郝克刚.工作流系统带权角色与周期时间访问控制模型.软件学报,2003,14(11):1841-1848

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2003-01-09
  • 最后修改日期:2003-01-09
文章二维码
您是第19868077位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号