Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

WU Qian,ZHOU Qing

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.09.045

2012-01-01

Abstract:In order to ensure the workflow system secure and reliable,this paper introduces three relation elements of Target Case(TC),User Management(UM) and Target(T) in the conventional access control model based on role,designs the dynamic authorization mechanism,and builds a sort of security access model in workflow based on dynamic control mechanism,which ensures the secure running of the model by means of basic constraint relation and dynamic constraint conditions.The model is integrated with workflow engine component to provide the security authorization service for the application of independent security field.Application results show that the model can better separate the dynamic responsibility and reciprocal responsibility,make the binding of dynamic responsibility,and provide technical support for security access of system workflow.

LI Jinyan,YU Zhonghua

DOI: https://doi.org/10.13196/j.cims.2017.06.009

2017-01-01

Abstract:With gradual improvement of collaborative manufacturing mode,the played an important role for the adjustment of organizational structure and business process reengineering.How to balance the To solve the problem that collaboration oriented flexible workflow should combine flexibility and security in dynamic environment,according to the characteristics of collaborative,the concept of team was introduced based on the hierarchical authorization management to realize the combination of role-based static authorization and task-based dynamic control,and a novel access control model was proposed for cooperation-oriented flexible workflow.As for the potential conflict of constraints at different levels due to the flexibility and cooperation,task-based separation of duty was provided,so as to better solve the problem of information security and access control for flexible workflow in dynamic environment.

Sun Yong,Kong Feng,Wang Xiong,Wang Weijian

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.36.051

2005-01-01

Abstract:A dynamic workflow authorization model is proposed,which describes the triggers and constraints of tasks by expression.Unlike other role-based models,the role set in this model is only one property of a user.It's simple to extend the model by design more properties of users and functions.The model describes permissions of users and roles,constraints of task state transitions,count of task instances,dependencies of tasks,separation of duties,time and organization via expression.The flexible of expression brings the model capability and adaptability.This model supports complex workflows include multi startup task,multi end task,and-split,or-split,multiple-split,and-join,or-join,multiple-join and loop.

YUN Ya-li,HAN Hai-xiao,LI Ya-ping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.04.018

2013-01-01

Abstract:In order to solve the problem of inflexible access control and lack of dynamic task allocation for workflow,this paper presents a new workflow access control model.It integrates both users and roles authorization on workflow tasks in two level of modeling stage and instance stage,and also designs dynamic user assignment rules for the model by introducing the load equilibrium-based user assignment strategy on the user busy factor.Analysis result shows that this model can produce dynamic user assignment according to history executive condition,and improve workflow's executive efficiency.

单徐梅,虞慧群

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.04.053

2010-01-01

Abstract:To satisfy dynamic authorization of WorkFlow Management System(WFMS) ,this paper proposes a Role-Based Access Control(RBAC) model that supports authorization constraint. In this model,authorization constraint model for WFMS is specified by Datalog logical language and an authorization algorithm is implemented using Datalog's decision,making mechanisms. WFMS's dynamic constrained authorization problem is solved with the method.

CHEN Chuan-bo,XIONG Fei

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.07.003

2005-01-01

Abstract:Access control is an important protection mechanism for information systems, an access control matrix grants subject access right to objects. This paper proposes the role concept, discusses the dynamic access control of role-based workflow status, and describes and analyses the formal model. In the end, we present a workflow-net instance to show that the mechanism can not only low the hazard of nonauthorized access and data misuse, but also provide a certain assurance for the privilege management in workflow management systems.

YU Wan-jun,LIU Da-you,LIU Quan,LI Jia-fei

DOI: https://doi.org/10.3969/j.issn.1006-5911.2005.09.021

2005-01-01

Abstract:The existing approaches of authorization constraints cannot describe the separation of duties well in the workflow management systems under which with the data movement from one task to next, and the change of task executors and users' access control at any moment. To solve this problem, a model of workflow authorization constraints was proposed. The role level function, the task partial relationship and the conflicting tasks in the context of workflow application were defined in the model. Based on the model, a language named role-task-based Workflow Authorization Language (WAL) was put forward to specify the workflow authorization constraints. The requests on the separation of duties in the workflow system could be correctly described by WAL. Static and authorized historical information could also be expressed. Meanwhile, the size of rules set obtained was relatively smaller. Finally the feasibility of the consistency validation in the time and the space was verified.

Yang Shuxin,Zheng Jian,Wang Jian

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.02.017

2009-01-01

Abstract:Some existing access control model for workflow systems are limited to tasks execution.It is difficult to satisfy the security requirement for adaptive workflow systems.To solve the problem,operation behaviors of adaptive workflow management systems are analyzed and summarized.Object,user and operation are considered as the main elements for research.Formal description and fine granularity partition about these elements are given.Finally,based on the above work,a role-based access control model and integration with systems are proposed,and relationships among role,user and operation are described.In addition,authorization method is given to guarantee operation security and rationality.The problem of security is solved effectively,and the users' flexible requirements for permission are satisfied.

马晨华,陆国栋,裘炅

DOI: https://doi.org/10.3785/j.issn.1008-973x.2008.12.014

2008-01-01

Abstract:Access control models proposed so far cannot satisfy the access requirements in workflow systems very well.To address the issue,a flexible policy access control model for workflows was proposed.By the introduction of authorization certificate,which defines the authorization that can be performed during task execution and the constraints should be satisfied,dynamic access control in workflows is realized and the flexible definition of authorization policies is supported.For the description of complicated authorization rules,authorization certificate related constraints were defined.Furthermore,efficient conflict detection and resolution rules for authorization constraints were also provided.Analysis shows that the model has good security and practicability.It can meet the requirements for access control in workflow systems adequately.

MA Liang,GU Ming

DOI: https://doi.org/10.3969/j.issn.1000-1220.2006.01.031

2006-01-01

Abstract:Nowadays workflow is coming into more and more notice in many areas such as OA, e-government, e-business. Security is a important problem in workflow environment. Access control is a vital component of Security. In this paper, a RBAC model in workflow environment (WRBAC) is introduced. The model is based on proposed NIST standard for RBAC, formally describes the relationship between the key elements of access control in workflow systems such as user, role, permission and activity, presents the static and dynamic constraints. The model can effectively reduce the risk of information leakage and fraud, meet the requirements for access control in workflow systems.

liu jianxun,zhang shensheng,bu fenglin

DOI: https://doi.org/10.3969/j.issn.1000-1220.2003.06.032

2003-01-01

Abstract:Taking the characteristics of WFMS (workflow management system) and the requirement of real application into consideration, this paper presents a role based access control model, which is suitable to workflow management systems, and applies it to the process discomposing based workflow model. The problem of the static and dynamic constraints in role based access control and authorization is introduced in some detail. Finally, it analyzes the architecture and implementation of a WFMS enactment system which supports RBAC.

Jianyong Pi,Xinsong Liu,Qingyun Fu,Ai Wu,Dan Liu

2006-01-01

Abstract:Mobile computing systems introduce new requirements for role-based access control, which can not be met by using traditional RBAC. In this paper, a novel RBAC model of workflow based dynamic roles constraint relation is introduced to meet these requirements. This novel RBAC model formally describes the concurrent transaction logic by the extended predicate workflow model, and describes the dynamic constraint relations among the subtasks of workflows by analyzing the concurrent executive network of workflow. The static role constraint in the traditional RBAC was extended. The novel RBAC scheme is suitable for the workflow based mobile computing system. The analysis of the performance evaluating showed the novel RBAC model has favorable access control efficiency in the practical workflow based mobile computing environment.

张栋,刘飞,宋豫川,谢静

DOI: https://doi.org/10.3969/j.issn.1009-0134.2004.05.014

2004-01-01

Abstract:Based on the popular RBAC mechanism, the paper analyzed the new requirement of ac-cess control mechanism in workflow environment and built an RBACEx-AWE model torealize the function of dynamic access control. An integrated framework which effectivelycombined the RBACEx-AWE based authorization services and workflow engine compo-nents was presented. A secure authorization was successfully achieved in an individualsecure domain.

CHEN Chuan-bo,HUANG Jun-hua

DOI: https://doi.org/10.3969/j.issn.1007-130x.2006.07.028

2006-01-01

Abstract:Authorization is a key problem in workflow access control. Based on the status of tasks, the relationships between roles and tasks, tasks and status, and status and privileges are depicted with a two-dimensional matrix. Using the table of database to calculate the relationship between the role, task and privilege, it can dynamically distribute privileges and improve the security of data access.

Shiqiang ZENG,Chunxiao YE,Yifeng YU

DOI: https://doi.org/10.3778/j.issn.1002-8331.1301-0025

2015-01-01

Abstract:In order to resolve the problem that users who lack of corresponding qualifications and ability in workflow environment might get access rights through its role, this paper presents attribute constraints before the tasks assignment. Users and tasks have certain attributes and corresponding attribute expressions, user attributes reflect their equipped apti-tude and ability and task attributes indicate its requirements to users in qualifications and ability. The system authorizes to users only when the corresponding rules are satisfied by attribute expressions. Case analysis shows this approach can pre-vent the users who lack of corresponding qualifications and ability to get the tasks so as to eliminate the safety hazards and achieve a more fine-grained access control.

MA Chen-hua,WANG Jing,QIU Jiong,LU Guo-dong

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.12.011

2010-01-01

Abstract:Access control models proposed so far provide no support for context-based dynamic authorization and flexible authorization policy definition for tasks.To address these issues,a flexible context-constraint-based access control model was proposed for workfolws.The concepts of contextconstraint-based role assignment policy and context-constraint-based role authorization policy were defined.The interrelationships between policies were analyzed and the conflicts exhibited by policies were classified.Static and dynamic conflict detection methods were provided to maintain the consistency of policies.By the introduction of two new concepts,priority rule and conflict resolution policy,a flexible approach to resolve conflicts were provide.The security administrator can choose the method of resolving conflicts flexibly according to system requirements by defining priority rules and conflict resolution policies.Furthermore,the role assignment algorithm and the authorization decision algorithm based on the minimum sets of role assignment policies and role authorization policies were given.The model provides support for context-based dynamic authorization,automatic user-role and role-permission assignment.

Jian Cao,Jinjun Chen,Haiyan Zhao,Minglu Li

DOI: https://doi.org/10.1016/j.jnca.2008.02.021

IF: 7.574

2009-01-01

Journal of Network and Computer Applications

Abstract:Although workflow has been widely used to support the modeling and execution of business process, the majority of current workflow management systems are not designed and suited for supporting dynamic business processes. One of the deficiencies is the inability to model realistically the organization of an enterprise to manage the dynamic human-centric business processes. A framework for workflow-enabled dynamic business process management is described in the paper. It includes an organizational model and an authorization model for supporting dynamic business processes. More specifically, authorization policies are expressed in an SQL-like language which can be easily rewritten into query sentences for execution. In addition, the framework supports dynamic integration and execution of multiple access control polices from disparate enterprise resources. Finally, a prototype implementation of the dynamic business process management framework is described.

Hao Jiang,Shengye Lu

DOI: https://doi.org/10.1007/978-3-540-72863-4_63

2007-01-01

Abstract:In workflow environments, access control is an important issue of security. Especially, a suitable access control model to meet the special secure requirements is needed. In this paper, we present a formal model, called RTFW, which allows for some ubiquitous problems in workflow environments, such as separation of duty and dynamic authorization, combining the notions of role– based access control (RBAC) and task- based access control (TBAC) models. Furthermore, we describe how to design and implement its prototype system and discuss some key issues and challenges.

Ligang He,Kewei Duan,Xueguang Chen,Deqing Zou,Zongfen Han,Ali Fadavinia,Stephen A. Jarvis

DOI: https://doi.org/10.1109/scc.2011.56

2011-01-01

Abstract:Workflows are often used to represent enterprise-type activities, and authorisation control is an important security consideration in enterprise-level applications. Role-Based Access Control (RBAC) is a popular authorisation control scheme under which users are assigned to certain roles, and the roles are associated with permissions. This paper presents a novel mechanism for modelling workflow execution in cluster-based resource pools under Role-Based Access Control (RBAC) schemes. Our modelling approach uses Coloured Timed Petri-Nets, and various authorisation constraints are modelled, including role constraints, temporal constraints, cardinality constraints, Binding of Duty and Separation of Duty constraints, etc. The interactions between workflow authorisation and workflow execution are also captured in the model. In this paper, the modelling mechanism is developed in such a fashion that the construction of the authorisation model for a workflow can be automated. This feature is very helpful in modelling a large collection of authorisation policies or complex workflows. A Petri-net simulation tool, the CPN-Tool, is utilised to implement the developed modelling mechanism and simulate the constructed model. Both system-level performance (e.g., utilisation of resource pools) and application-level performance (e.g., workflow response time) can be obtained from model simulations. This work can be used to plan system capacity and investigate the impact of authorization policies on system and application performance.