摘要
针对现有基于角色访问控制的缺陷和分布式工作流管理系统的特性,在传统的基于角色的访问控制模型中引入任务集(Tasks)、任务实例集(TaskInstances)和任务上下文(TaskContext)的概念,将传统的user role permission权限赋予结构修改为user role task permission权限赋予结构,建立了基于任务和角色的访问控制模型,给出了其形式化定义。该模型解决了传统的基于角色访问控制中的动态适应性差和最小权限约束假象的问题,用于分布式工作流管理系统,提高了安全性、实用性。
This paper introduces the concept of tasks, task instances and task context into traditional role-based access control model according to the weaknesses of the current role-based access control and the characteristics of distributed workflow system. We propose a task & role-based access control model, whose architecture is not user-role-permission but user-role-task-permission, and its formal definition. This model overcomes the weaknesses of the bad dynamic adaption and the fake constraint of the least privilege. It can enhance the security and practicability of the distributed workflow system.
出处
《国防科技大学学报》
EI
CAS
CSCD
北大核心
2004年第3期57-62,共6页
Journal of National University of Defense Technology
基金
国家863计划资助项目(2003AA001023)