检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]陕西师范大学计算机科学学院,西安710062
出 处:《计算机科学》2006年第12期101-104,124,共5页Computer Science
基 金:国家自然科学基金项目(10571112)资助。
摘 要:访问控制是提高工作流系统安全性的重要机制。基于角色的访问控制(RBAC)被绝大多数工作流系统所采用,已成为工作流领域研究的热点。但是,现有的基于角色的访问控制模型没有考虑工作流上下文对任务执行授权安全的影响,容易造成权限冗余,也不支持职责分离策略。该文提出一种工作流上下文相关访问控制模型WfCAC,首先,定义该模型的构成要素和体系结构,然后讨论工作流职责分离和访问控制机制,并对模型性质进行分析。WfCAC模型支持用户组及其层次结构,支持最小权限授权策略和职责分离策略,实现了工作流上下文相关访问控制。Access control is an important mechanism for enhancing workflow system security, Role-based access con trol model (RBAC)is used in the most of workflow systems, and it has become a research topic in the area of workflow. However, in the existing role-based access control models, the influence produced by workflow context and task histories to authorization security is not token into account, redundant properties for running workflow tasks are produced easily, and the policies of separation of duties are not effectively supported. In this paper, a context-related actess control model for workflow system is proposed, named as WfCAC. Firstly, the elements and architecture of this model are defined, respectively. Secondly, the mechanisms for achieving the policies of separation of duties and access control mechanism are discussed. Finally, the properties of this model are analyzed. WfCAC model supports the policy of the user group with hierarchy structure, the context- sensitive access control of workflow, the minimizing authorization policies and the policies of separation of duties, respectively.
关 键 词:工作流系统 访问控制 上下文相关 安全策略 规则
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15
