LI Jinyan,YU Zhonghua

DOI: https://doi.org/10.13196/j.cims.2017.06.009

2017-01-01

Abstract:With gradual improvement of collaborative manufacturing mode,the played an important role for the adjustment of organizational structure and business process reengineering.How to balance the To solve the problem that collaboration oriented flexible workflow should combine flexibility and security in dynamic environment,according to the characteristics of collaborative,the concept of team was introduced based on the hierarchical authorization management to realize the combination of role-based static authorization and task-based dynamic control,and a novel access control model was proposed for cooperation-oriented flexible workflow.As for the potential conflict of constraints at different levels due to the flexibility and cooperation,task-based separation of duty was provided,so as to better solve the problem of information security and access control for flexible workflow in dynamic environment.

MA Chen-hua,WANG Jing,QIU Jiong,LU Guo-dong

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.12.011

2010-01-01

Abstract:Access control models proposed so far provide no support for context-based dynamic authorization and flexible authorization policy definition for tasks.To address these issues,a flexible context-constraint-based access control model was proposed for workfolws.The concepts of contextconstraint-based role assignment policy and context-constraint-based role authorization policy were defined.The interrelationships between policies were analyzed and the conflicts exhibited by policies were classified.Static and dynamic conflict detection methods were provided to maintain the consistency of policies.By the introduction of two new concepts,priority rule and conflict resolution policy,a flexible approach to resolve conflicts were provide.The security administrator can choose the method of resolving conflicts flexibly according to system requirements by defining priority rules and conflict resolution policies.Furthermore,the role assignment algorithm and the authorization decision algorithm based on the minimum sets of role assignment policies and role authorization policies were given.The model provides support for context-based dynamic authorization,automatic user-role and role-permission assignment.

Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

裘炅,谭建荣,张树有,马晨华

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.07.020

2004-01-01

Abstract:The model formally describes the key elements of access control such as role, user, privilege, task unit, authorization strategy, authorization constraint and the relationship between these elements. We identify the following four types of authorization constraints: require role constraints, require user constraints, deny role constraints and deny user constraints, then provide constraint consistency checking rules upon them. In this model, authorization flow is synchronized with workflow and the workflow can be efficiently executed through the constraint consistency checking rules. The main advantage of the model is its comprehensiveness, flexibility and practicability.

Chen-hua Ma,Guo-dong Lu,Jiong Qiu

DOI: https://doi.org/10.1631/jzus.a0820366

2009-01-01

Journal of Zhejiang University SCIENCE A

Abstract:The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems (WFMSs). Furthermore, existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs. To address these concerns, we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied. Based on the definition, we put forward static and dynamic conflict detection methods for authorization policies. By defining two new concepts, the precedence establishment rule and the conflict resolution policy, we provide a flexible approach to resolving conflicts.

YUN Ya-li,HAN Hai-xiao,LI Ya-ping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.04.018

2013-01-01

Abstract:In order to solve the problem of inflexible access control and lack of dynamic task allocation for workflow,this paper presents a new workflow access control model.It integrates both users and roles authorization on workflow tasks in two level of modeling stage and instance stage,and also designs dynamic user assignment rules for the model by introducing the load equilibrium-based user assignment strategy on the user busy factor.Analysis result shows that this model can produce dynamic user assignment according to history executive condition,and improve workflow's executive efficiency.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

Sun Yong,Kong Feng,Wang Xiong,Wang Weijian

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.36.051

2005-01-01

Abstract:A dynamic workflow authorization model is proposed,which describes the triggers and constraints of tasks by expression.Unlike other role-based models,the role set in this model is only one property of a user.It's simple to extend the model by design more properties of users and functions.The model describes permissions of users and roles,constraints of task state transitions,count of task instances,dependencies of tasks,separation of duties,time and organization via expression.The flexible of expression brings the model capability and adaptability.This model supports complex workflows include multi startup task,multi end task,and-split,or-split,multiple-split,and-join,or-join,multiple-join and loop.

MA Liang,GU Ming

DOI: https://doi.org/10.3969/j.issn.1000-1220.2006.01.031

2006-01-01

Abstract:Nowadays workflow is coming into more and more notice in many areas such as OA, e-government, e-business. Security is a important problem in workflow environment. Access control is a vital component of Security. In this paper, a RBAC model in workflow environment (WRBAC) is introduced. The model is based on proposed NIST standard for RBAC, formally describes the relationship between the key elements of access control in workflow systems such as user, role, permission and activity, presents the static and dynamic constraints. The model can effectively reduce the risk of information leakage and fraud, meet the requirements for access control in workflow systems.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

Yan-Bin Peng,Gao Ji,Bei-Shui Liao,Cun-Hao Wang,Hang Guo

DOI: https://doi.org/10.1109/icmlc.2008.4620564

2008-01-01

Abstract:Due to the dynamic nature of virtual organization (VO), it is necessary that multi-agent system aimed to form and operate VO should be robust in cooperating process. We present a model of flexible exception handling facilitated by polices and contracts, in which the flexible evolvement process of exception handling is divided into three phases: exception analysis, plan generation, and plan deployment. On the one hand, contract signed by cooperative partners describes the cooperation process of the partners, and on the other hand, policies can be used to describe the way to handle exception happened during cooperating process. The three phrases and the import of polices makes the exception handling process more flexible, thus makes the MAS more robust.

Xu Liao,Li Zhang,Stephen C. F. Chan

DOI: https://doi.org/10.1007/978-3-540-31979-5_15

2005-01-01

Abstract:One of the shortcomings of the Role-Based Access Control model (RBAC), used in Workflow Management Systems (WfMS), is that it cannot grant permissions to users dynamically while business processes are being executed., We propose a Take-Oriented Access Control (TOAC) model based on RBAC to remedy this problem. In TOAC, permissions are associated with tasks as well as roles. Users can get permissions through tasks that they carry out in certain processes. And when they are out of processes, permissions can be granted by the roles that they are associated with. Moreover, to facilitate delegation in WfMS, we present a task delegation model which is aim at TOAC.

鞠秀芳,孙建军,陈鑫

DOI: https://doi.org/10.3969/j.issn.1007-7634.2005.01.022

IF: 8.1

2005-01-01

Information Sciences

Abstract:In this paper,we solve the problem how to integrate access control service into work flow systems.Several access control models are introduced by formalized definition.And their features are compared based on the security requirement of work flow systems.The existing problem of current model and future research direction is discussed in the end.

Chen-hua Ma,Guo-dong Lu,Jiong Qiu

DOI: https://doi.org/10.1631/jzus.c0910564

2010-01-01

Journal of Zhejiang University SCIENCE C

Abstract:Collaborative access control is receiving growing attention in both military and commercial areas due to an urgent need to protect confidential resources and sensitive tasks. Collaborative access control means that multiple subjects should participate to make access control decisions to prevent fraud or the abuse of rights. Existing approaches to access control cannot satisfy the requirements of collaborative access control. To address this concern, we propose an authorization model for collaborative access control. The central notions of the model are collaborative permission, collaboration constraint, and collaborative authorization policy, which make it possible to define the collaboration among multiple subjects involved in gaining a permission. The implementation architecture of the model is also provided. Furthermore, we present effective conflict detection and resolution methods for maintaining the consistency of collaborative authorization policies.

Bs Liao,J Gao,J Hu,Jj Chen

DOI: https://doi.org/10.1007/978-3-540-30483-8_42

2004-01-01

Abstract:The integration of web services and intelligent agents is promising for automated service discovery, negotiation, and cooperation. But due to the dynamic and heterogeneous nature of web services and agents, it is challenging to guide the behaviors of underlying agents to meet the high-level business (changeful) requirements. Traditional Policy-driven methods (Ponder, Rei, KAoS, etc) are not adaptable to direct the discovery, negotiation and cooperation of dynamic agents who may join in or leave out of a specific community or organization (virtual organization) at run time. The purpose of this paper is to model an ontology-based, policy-driven control framework that is suitable to supervise the dynamic agents according to high-level policies. On the basis of federated multi-agents infrastructure and ontologies of policies, domain concepts, and agent federations, a model of role-based policy specification framework is presented in this paper.

Shuiguang Deng,Zhen Yu,Zhaohui Wu,Lican Huang

DOI: https://doi.org/10.1109/cacwd.2004.1349056

2004-01-01

Abstract:Dealing with changes in processes has become unavoidable in deploying workflow. To improve the ability of workflow management in dealing with changes has emerged as a hot research topic in the area of workflow management. According to the changeable characteristics, workflow processes are categorized into dynamic, adaptive and flexible processes. In this paper, we primarily deal with the flexible processes. Flexibility is the ability of workflow process to execute on the basis of a loosely, or partially specified model, where the full specification of the model is made at runtime, and may be unique to each instance. To provide full support for flexibility, we propose a simple but applicable flexible workflow model based on ECA rules and composition of activities at runtime. Furthermore, selection constraints and composition constraints are put forward to ensure the valid selection and composition of activities at runtime. We also design two algorithms, one is to automate the composition with the best concurrence which is defined as the ability of activities to be executed in parallel and the other is to verify the validness of the manual selection and composition. ©2003 IEEE.

Yahui Lu,Li Zhang

DOI: https://doi.org/10.1109/services-i.2009.78

2009-01-01

Abstract:Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between Web services. Access control is an important security mechanism to protect the resources to be only accessed by authorized users in such collaborative environments. In this paper, we aim at developing a method for formalizing and analyzing workflow access control in Web service context. To achieve this goal, we first present WSPI, Web Service Pi calculus, to formalize Web services and workflow processes. Based on WSPI, a type system is proposed to ensure that the specified TBAC policy is respected during system reductions. By subject reduction, the well-typed system can guarantee the system security and avoid access violations in run time.

Fábio José Muneratti Ortega,Wilson Vicente Ruggiero

DOI: https://doi.org/10.48550/arXiv.1304.5938

2013-04-22

Cryptography and Security

Abstract:This paper introduces a formal metamodel for the specification of security policies for workflows in online service systems designed to be suitable for the modeling and analysis of complex business-related rules as well as traditional access control. A translation of the model into a colored Petri net is shown and an example of policy for an online banking system is described. By writing predicates for querying the resulting state-space of the Petri net, a connection between the formalized model and a higher-level description of the security policy can be made, indicating the feasibility of the intended method for validating such descriptions. Thanks to the independent nature among tasks related to different business services, represented by restrictions in the information flow within the metamodel, the state-space may be fractioned for analysis, avoiding the state-space explosion problem. Related existing models are discussed, pointing the gain in expressiveness of business rules and the analysis of insecure state paths rather than simply insecure states in the proposed model. The successful representation and analysis of the policy from the example combined with reasonings for the general case attest the adequacy of the proposed approach for its intended application.

JIAO Zhen-hai,DING Er-yu,LUO Bin

2008-01-01

Abstract:This paper presented a design and implemented approach of rule strategy based access control to fulfill this requirement.And started with the set expressions and definition of the rule model,and focused on the implement of rule interpreter and some detailed algorithms.At last,also presented a practical application.