工作流系统中一个基于多权角色和规则的条件化RBAC安全访问控制模型  被引量:4

Conditioned secure access control model based on multi-weighted roles and rules in workflow system

在线阅读下载全文

作  者:张健[1,2] 孙吉贵[1,2] 李妮娅[1,2] 胡成全[1,2] 杨滨[1,2] 

机构地区:[1]吉林大学计算机科学与技术学院,吉林长春130012 [2]吉林大学符号计算与知识工程教育部重点实验室,吉林长春130012

出  处:《通信学报》2008年第2期8-16,共9页Journal on Communications

基  金:国家自然科学基金重大基金资助项目(60496321);国家自然科学基金资助项目(60473003);吉林省科技发展项目(20040526)~~

摘  要:针对传统的RBAC模型不能表达复杂的工作流安全访问控制约束的缺点,提出了一个适合工作流系统的基于多权角色和规则的条件化安全访问控制模型CMWRRBSAC(conditioned multi-weighted role and rule based secure access control model)。该模型基于传统的RBAC模型,提出了基于动态角色分配的条件化RBAC方法,定义了基于多权角色的工作流系统访问授权新概念,并针对多个角色和多个用户协同激活任务的序约束问题,给出了基于令牌的序约束算法和基于加权角色综合的序约束算法,讨论了一个基于规则的职责分离约束建模方法,并给出了改进的规则一致性检验算法。The traditional RBAC model cannot express complicated workflow secure access control constraint, so a new conditioned RBAC model suit for WfMS (workflow management system)-CMWRRBSAC (conditioned multi-weighted role and rule based secure access control model) was proposed on the basis of multi-weighted roles and rules. Based on the traditional RBAC model, a conditioned RBAC method was discussed on the basis of dynamic role assignment and a new concept of workflow access authorization was defined on the basis of multi-weighted roles. A sort algorithm based on token and a sort algorithm based on weighted roles synthesis were presented in allusion to the problem of multi-roles and multi-users sequence constraint in the process of executing tasks. A rule-based modeling method of separation of duties was discussed and its improved rule consistency check arithmetic was given.

关 键 词:工作流 访问控制 职责分离 规则 多权角色 令牌 

分 类 号:TP31[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象