摘要
针对传统的RBAC模型不能表达复杂的工作流安全访问控制约束的缺点,提出了一个适合工作流系统的基于多权角色和规则的条件化安全访问控制模型CMWRRBSAC(conditioned multi-weighted role and rule based secure access control model)。该模型基于传统的RBAC模型,提出了基于动态角色分配的条件化RBAC方法,定义了基于多权角色的工作流系统访问授权新概念,并针对多个角色和多个用户协同激活任务的序约束问题,给出了基于令牌的序约束算法和基于加权角色综合的序约束算法,讨论了一个基于规则的职责分离约束建模方法,并给出了改进的规则一致性检验算法。
The traditional RBAC model cannot express complicated workflow secure access control constraint, so a new conditioned RBAC model suit for WfMS (workflow management system)-CMWRRBSAC (conditioned multi-weighted role and rule based secure access control model) was proposed on the basis of multi-weighted roles and rules. Based on the traditional RBAC model, a conditioned RBAC method was discussed on the basis of dynamic role assignment and a new concept of workflow access authorization was defined on the basis of multi-weighted roles. A sort algorithm based on token and a sort algorithm based on weighted roles synthesis were presented in allusion to the problem of multi-roles and multi-users sequence constraint in the process of executing tasks. A rule-based modeling method of separation of duties was discussed and its improved rule consistency check arithmetic was given.
出处
《通信学报》
EI
CSCD
北大核心
2008年第2期8-16,共9页
Journal on Communications
基金
国家自然科学基金重大基金资助项目(60496321)
国家自然科学基金资助项目(60473003)
吉林省科技发展项目(20040526)~~
关键词
工作流
访问控制
职责分离
规则
多权角色
令牌
workflow
access control
separation of duties
rule
multi-weighted roles
token