| 基于角色的工作流系统访问控制模型 |
| |
| 引用本文: | 马亮,顾明.基于角色的工作流系统访问控制模型[J].小型微型计算机系统,2006,27(1):136-140. |
| |
| 作者姓名: | 马亮 顾明 |
| |
| 作者单位: | 清华大学,软件学院,北京,100084 |
| |
| 摘 要: | 工作流技术在办公自动化、电子商务、电子政务等领域得到广泛关注,工作流系统的安全问题变得日益突出.访问控制是工作流系统安全机制的重要环节.本文在NIST推荐的标准RBAC模型的基础上,结合实际情况,提出一种基于角色的工作流系统访问控制模型WRBAC.该模型描述了用户、角色、许可、活动等要素之间的关系,给出了静态和动态授权约束规则,能有效防止重要信息的泄漏和商业欺诈,满足工作流系统对访问控制的需求.
|
| 关 键 词: | 工作流 安全 访问控制 角色 |
| 文章编号: | 1000-1220(2006)01-0136-05 |
| 收稿时间: | 2004-08-31 |
| 修稿时间: | 2004-08-31 |
Role-Based Access Control Model for Workflow Systems |
| |
| MA Liang,GU Ming.Role-Based Access Control Model for Workflow Systems[J].Mini-micro Systems,2006,27(1):136-140. |
| |
| Authors: | MA Liang GU Ming |
| |
| Affiliation: | Software School, Tsinghua University, Beijing 100084, China |
| |
| Abstract: | Nowadays workflow is coming into more and more notice in many areas such as OA, e-government, e-business. Security is a important problem in workflow environment. Access control is a vital component of Security. In this paper, a RBAC model in workflow environment (WRBAC) is introduced. The model is based on proposed NIST standard for RBAC, formally describes the relationship between the key elements of access control in workflow systems such as user, role, permission and activity, presents the static and dynamic constraints. The model can effectively reduce the risk of information leakage and fraud, meet the requirements for access control in workflow systems. |
| |
| Keywords: | workflow security access control role |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
