摘要
带有时间特性的访问控制模型一直是工作流安全研究的热点问题,尤其工作流在安全性要求较高的智能交通系统中的应用,时效性和安全性成为系统安全访问控制不可忽视的因素。本文从动态、时效的角度出发,综合了基于角色和基于任务的访问控制理论,同时考虑了工作流生命周期的时问参数,提出了一个适合智能交通工作流管理系统的动态时效访问控制模型——基于时间、任务和角色的访问控制模型(Time,TaskandRoleBasedAccessControl,T2RBAC)。此模型将客体从工作流和任务两个层面上进行划分,将角色执行任务的权限与时间关联,使角色的权限具有生命期,同时对每一个任务的权限细化到字段级,限制执行者的可操作对象。通过对铁路通信中一个实际工作流系统的应用分析,表明此种模型可以从访问控制层面上保护系统数据,同时不会降低系统的处理性能,具有一定的实际意义,其时间参数可以作为未来优化工作流程的依据。
Workflow security become an important problem since it is introduced into ITS recently, particularly the time factor is a serious limitation in applying workflow in the transportation system. In this paper, a novel time based access control model for the ITS workflow is proposed on the basic of RBAC and TBAC. The model studied the object and the authority control in workflow layer and task layer and combined the role and the authority with the time. With the application in China Tietong, it is shown that the model provides a good guidance for the workflow in ITS without the degrade the performance of the system.
