基于Petri网工作流的动态访问控制

Dynamic Access Control through Workflow Based on Petri Nets

访问控制是信息系统的一项重要安全保护机制,它是通过限制主体对资源的访问权限,从而保证资源的可用性、完整性和可信性的机制。此种机制通过访问控制矩阵实现,但现在的访问控制矩阵是静态的,它们不随时间的变化而改变。文中通过访问控制矩阵和基于Petri网的工作流结合提出了动态访问控制。访问权限是根据工作流的状态来赋予的,这样减少了对资源和数据的误操作,提高了系统访问的安全性和适时性。文中的工作流模型采用Petri网来描述,Petri网具有坚实的数学分析基础,很适合于表述工作流这样的离散模型。

Access control is an important protection for information systems.It is mechanism of ensuring the usability ,integrality and creditability of resource through granting limit privilege of access resource to subject.Legitimate users should be allowed to access resource and data items,illegitimate users should be detained from resource and data access.An access control matrix grants subjects privileges to objects.Today,access control matrices are static,they are rarely change during time.This paper shows how to make access control matrices dynamic by means of workflows.Access rights are granted according to the state of the workflow.By this the risk of data misuse is decreased .The concept of workflow is defined by Petri nets which offer a solid mathematical foundation and are well suited to represent discrete models like workflows.