| 引用本文: | 付松龄,谭庆平.基于任务和角色的分布式工作流安全模型.[J].国防科技大学学报,2004,26(3):57-62.[点击复制] |
| FU Songling,TAN Qingping.Security Task & Role-based Distributed Workflow Model[J].Journal of National University of Defense Technology,2004,26(3):57-62[点击复制] |
|
| |
|
|
| 本文已被:浏览 6819次 下载 6422次 |
| 基于任务和角色的分布式工作流安全模型 |
| 付松龄, 谭庆平 |
|
(国防科技大学 计算机学院,湖南 长沙 410073)
|
| 摘要: |
| 针对现有基于角色访问控制的缺陷和分布式工作流管理系统的特性,在传统的基于角色的访问控制模型中引入任务集(Tasks)、任务实例集(Task Instances)和任务上下文(Task Context)的概念,将传统的 user-role-permission 权限赋予结构修改为 user-role-task-permission 权限赋予结构,建立了基于任务和角色的访问控制模型,给出了其形式化定义。该模型解决了传统的基于角色访问控制中的动态适应性差和最小权限约束假象的问题,用于分布式工作流管理系统,提高了安全性、实用性。 |
| 关键词: RBAC 基于任务和角色的访问控制 分布式工作流管理系统 任务 任务实例 任务上下文 |
| DOI: |
| 投稿日期:2003-12-27 |
| 基金项目:国家863计划资助项目(2003AA001023) |
|
| Security Task & Role-based Distributed Workflow Model |
| FU Songling, TAN Qingping |
|
(College of Computer, National Univ. of Defense Technology, Changsha 410073, China)
|
| Abstract: |
| This paper introduces the concept of tasks, task instances and task context into traditionalrole-basedaccesscontrol model according to the weaknesses of the current role-based access control and the characteristics of distributedworkflowsystem. We propose a task & role-based access control model, whose architecture is not user-role-permission but user-role-task-permission, and its formal definition. This model overcomes the weaknesses of the bad dynamicadaption and the fake constraint of the least privilege. It can enhance the security and practicability of the distributed workflow system. |
| Keywords: RBAC task & role-based access control distributed workflow management system task task instance task context |
|
|
