摘要
为企业级工作流授权机制定义了多维可泛化的职责分离框架,能够对团队任务涉及的多种分工形式进行深入全面的限制.系统分析了框架中的约束覆盖规则,并证明其正确性和完备性,为约束管理自动化奠定了基础.作为应用,根据规则给出了冗余动态约束的检测算法.最后通过案例研究验证了模型特性.
Based on some enterprise-level workflow authorization mechanisms ,a multi-dimensional and generalizable frame-work for Separation of Duty is specified ,and multiple labor dividing forms related to team-collaborated tasks can be restricted deeply and all-sidedly .Coverage rules among these constraints are analyzed systematically .The correctness and completeness of these rules are proved such that a basis for the automation of constraint administration is provided .As application of the rules ,a detecting algo-rithm for redundant dynamic constraints is given .Finally ,the features of this model are verified via a case study .
出处
《电子学报》
EI
CAS
CSCD
北大核心
2013年第10期2087-2093,共7页
Acta Electronica Sinica
基金
国家自然科学基金(No.6093114
No.60973100
No.51246002
No.61272200)
广东省自然科学基金(No.S2012040007746)
关键词
访问控制
任务
角色
细粒度职责分离
冗余约束
access control
task
role
fine-grained separation of duties
redundant constraint
