LI Jinyan,YU Zhonghua

DOI: https://doi.org/10.13196/j.cims.2017.06.009

2017-01-01

Abstract:With gradual improvement of collaborative manufacturing mode,the played an important role for the adjustment of organizational structure and business process reengineering.How to balance the To solve the problem that collaboration oriented flexible workflow should combine flexibility and security in dynamic environment,according to the characteristics of collaborative,the concept of team was introduced based on the hierarchical authorization management to realize the combination of role-based static authorization and task-based dynamic control,and a novel access control model was proposed for cooperation-oriented flexible workflow.As for the potential conflict of constraints at different levels due to the flexibility and cooperation,task-based separation of duty was provided,so as to better solve the problem of information security and access control for flexible workflow in dynamic environment.

Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

裘炅,谭建荣,张树有,马晨华

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.07.020

2004-01-01

Abstract:The model formally describes the key elements of access control such as role, user, privilege, task unit, authorization strategy, authorization constraint and the relationship between these elements. We identify the following four types of authorization constraints: require role constraints, require user constraints, deny role constraints and deny user constraints, then provide constraint consistency checking rules upon them. In this model, authorization flow is synchronized with workflow and the workflow can be efficiently executed through the constraint consistency checking rules. The main advantage of the model is its comprehensiveness, flexibility and practicability.

Sun Yong,Kong Feng,Wang Xiong,Wang Weijian

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.36.051

2005-01-01

Abstract:A dynamic workflow authorization model is proposed,which describes the triggers and constraints of tasks by expression.Unlike other role-based models,the role set in this model is only one property of a user.It's simple to extend the model by design more properties of users and functions.The model describes permissions of users and roles,constraints of task state transitions,count of task instances,dependencies of tasks,separation of duties,time and organization via expression.The flexible of expression brings the model capability and adaptability.This model supports complex workflows include multi startup task,multi end task,and-split,or-split,multiple-split,and-join,or-join,multiple-join and loop.

YUN Ya-li,HAN Hai-xiao,LI Ya-ping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.04.018

2013-01-01

Abstract:In order to solve the problem of inflexible access control and lack of dynamic task allocation for workflow,this paper presents a new workflow access control model.It integrates both users and roles authorization on workflow tasks in two level of modeling stage and instance stage,and also designs dynamic user assignment rules for the model by introducing the load equilibrium-based user assignment strategy on the user busy factor.Analysis result shows that this model can produce dynamic user assignment according to history executive condition,and improve workflow's executive efficiency.

MA Chen-hua,WANG Jing,QIU Jiong,LU Guo-dong

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.12.011

2010-01-01

Abstract:Access control models proposed so far provide no support for context-based dynamic authorization and flexible authorization policy definition for tasks.To address these issues,a flexible context-constraint-based access control model was proposed for workfolws.The concepts of contextconstraint-based role assignment policy and context-constraint-based role authorization policy were defined.The interrelationships between policies were analyzed and the conflicts exhibited by policies were classified.Static and dynamic conflict detection methods were provided to maintain the consistency of policies.By the introduction of two new concepts,priority rule and conflict resolution policy,a flexible approach to resolve conflicts were provide.The security administrator can choose the method of resolving conflicts flexibly according to system requirements by defining priority rules and conflict resolution policies.Furthermore,the role assignment algorithm and the authorization decision algorithm based on the minimum sets of role assignment policies and role authorization policies were given.The model provides support for context-based dynamic authorization,automatic user-role and role-permission assignment.

Xu Liao,Li Zhang,Stephen C. F. Chan

DOI: https://doi.org/10.1007/978-3-540-31979-5_15

2005-01-01

Abstract:One of the shortcomings of the Role-Based Access Control model (RBAC), used in Workflow Management Systems (WfMS), is that it cannot grant permissions to users dynamically while business processes are being executed., We propose a Take-Oriented Access Control (TOAC) model based on RBAC to remedy this problem. In TOAC, permissions are associated with tasks as well as roles. Users can get permissions through tasks that they carry out in certain processes. And when they are out of processes, permissions can be granted by the roles that they are associated with. Moreover, to facilitate delegation in WfMS, we present a task delegation model which is aim at TOAC.

马晨华,陆国栋,裘炅

DOI: https://doi.org/10.3785/j.issn.1008-973x.2008.12.014

2008-01-01

Abstract:Access control models proposed so far cannot satisfy the access requirements in workflow systems very well.To address the issue,a flexible policy access control model for workflows was proposed.By the introduction of authorization certificate,which defines the authorization that can be performed during task execution and the constraints should be satisfied,dynamic access control in workflows is realized and the flexible definition of authorization policies is supported.For the description of complicated authorization rules,authorization certificate related constraints were defined.Furthermore,efficient conflict detection and resolution rules for authorization constraints were also provided.Analysis shows that the model has good security and practicability.It can meet the requirements for access control in workflow systems adequately.

MA Liang,GU Ming

DOI: https://doi.org/10.3969/j.issn.1000-1220.2006.01.031

2006-01-01

Abstract:Nowadays workflow is coming into more and more notice in many areas such as OA, e-government, e-business. Security is a important problem in workflow environment. Access control is a vital component of Security. In this paper, a RBAC model in workflow environment (WRBAC) is introduced. The model is based on proposed NIST standard for RBAC, formally describes the relationship between the key elements of access control in workflow systems such as user, role, permission and activity, presents the static and dynamic constraints. The model can effectively reduce the risk of information leakage and fraud, meet the requirements for access control in workflow systems.

Chen-hua Ma,Guo-dong Lu,Jiong Qiu

DOI: https://doi.org/10.1631/jzus.a0820366

2009-01-01

Journal of Zhejiang University SCIENCE A

Abstract:The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems (WFMSs). Furthermore, existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs. To address these concerns, we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied. Based on the definition, we put forward static and dynamic conflict detection methods for authorization policies. By defining two new concepts, the precedence establishment rule and the conflict resolution policy, we provide a flexible approach to resolving conflicts.

Chen-hua Ma,Guo-dong Lu,Jiong Qiu

DOI: https://doi.org/10.1631/jzus.c0910564

2010-01-01

Journal of Zhejiang University SCIENCE C

Abstract:Collaborative access control is receiving growing attention in both military and commercial areas due to an urgent need to protect confidential resources and sensitive tasks. Collaborative access control means that multiple subjects should participate to make access control decisions to prevent fraud or the abuse of rights. Existing approaches to access control cannot satisfy the requirements of collaborative access control. To address this concern, we propose an authorization model for collaborative access control. The central notions of the model are collaborative permission, collaboration constraint, and collaborative authorization policy, which make it possible to define the collaboration among multiple subjects involved in gaining a permission. The implementation architecture of the model is also provided. Furthermore, we present effective conflict detection and resolution methods for maintaining the consistency of collaborative authorization policies.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

Haibing Lu,Xi Chen,Qi Liu,Michele Samorani,Guojie Song,Yanjiang Yang

DOI: https://doi.org/10.1109/TDSC.2020.3026296

2021-01-01

Abstract:Cloud-based workflow architecture has been widely used in e-science, e-business, smart city, and others, to automate business processes and improve their flexibility and maintainability. Online workflow executes in a collaborative and distributed environment and is prone to fraud and information leakage. Workflow authorization models are implemented to ensure that tasks are performed by authorized subjects with compliance of security/privacy polices. However, existing workflow authorization models have some limitations. First, most of the existing research focuses on static workflows, where an order arriving at a workflow traverses tasks in a fixed sequence. In many real applications, however, task routing is not deterministic, having a probability distribution or pattern that may be estimated from historical data. Second, existing research ignores practical resource constraints, like user utilization, order waiting time, etc. To address the limitations, this article studies the workflow authorization model under the more realistic dynamic settings. We formulate a workflow as a queueing system, so business constraints can be analytically represented, under reasonable assumptions. We model the studied problems as pseudo-Boolean satisfiaiblity problems and investigate their theoretical properties. We also develop algorithms and carry out computational studies. The experimental results show the effectiveness and efficiency of our developed solutions. Our research results are useful for production and process design in many real-life settings such as health care, online banking and electronic payment systems.

Yahui Lu,Li Zhang,Jiaguang Sun

DOI: https://doi.org/10.1016/j.compind.2009.02.009

IF: 10

2009-01-01

Computers in Industry

Abstract:The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and resources in information systems. However, the traditional centralized authorization and administration mechanism in access control can not satisfy the administrative requirements in process collaboration environments. In this paper, we propose a domain based administration model for task-role based access control (DATRBAC), in which the authorization and administration permissions are distributed to multiple administrative domains and administrative roles. Then we propose the solution to detect and resolve the conflicts between access control policies defined by different administrative roles. We also described the implementation of the model in the PLM product and the experiments based on the practical application data.

鞠秀芳,孙建军,陈鑫

DOI: https://doi.org/10.3969/j.issn.1007-7634.2005.01.022

IF: 8.1

2005-01-01

Information Sciences

Abstract:In this paper,we solve the problem how to integrate access control service into work flow systems.Several access control models are introduced by formalized definition.And their features are compared based on the security requirement of work flow systems.The existing problem of current model and future research direction is discussed in the end.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/GLOCOM.2011.6134072

2011-01-01

Abstract:In the service-oriented computing, a single transaction initiated by a client might invoke many different services in other administrative domains. Existing models for authorizing the access assume that all services involved in collaboration are managed by the central authority, which is not always a realistic premise. In this paper, we propose a novel authorization model for dynamic service collaboration. With the authorization discovery process, the client can discover the needed authorization for service access available in other autonomous domains. With extensions to SoD relationship, the conflicts of client interests can be formalized and expressed as constraints. The authorization problems are formalized to choose the optimal access path for each task. At last, the example and experiments show the practicality and the effectiveness of our scheme.

LIANG Yong-chao,ZHU Yu,ZHANG Kun-ao

DOI: https://doi.org/10.3969/j.issn.1009-3044.2011.19.079

2011-01-01

Abstract:Workflow technology is through workflow to the service flow process management,is auxiliary defines workflow logical gate in advance using the computer automatic or completely,the coordination advancement duty's process example achieves carries out the enter-prise service management process,and causes to follow in the flow example documents or the duty information can between the different performer the transmission and the execution At present the technology has been widely applied in the enterprise interior and between en-terprise's business.However,because of the rapidly changing market environment,enterprises need to constantly improve their business process,And the corresponding requirement application workflow technology business can also dynamic response of enterprise management process,Can dynamically modification process definition by the task of business process,so as to realize the process of task workflow is a high degree of flexibility and effective management of orderly.The main topic of research work is in the WfMC workflow management system architecture and dynamic workflow technique and its applications,SSH2-MVC design pattern theory,Based on above these basic theory,Design and implementation of Web services based on flexible,easy to extend the SSH2 dynamic workflow mode.This model may adapt to dynamically modify the task flow process,mainly in the process definition file,set the task in time level,model will be modified dynamically based on its task execution process.Model will be modified dynamically based on its mandate implementation process.Model adaptation process instance of the implementation of exception handling,the use of unusual activity to find node in the normal process of the implementation of the recent activities of the task nodes.At the same time start the compensation mechanism for active nodes,So as to achieve the purpose of exception handling process instance,so that the process complete the execution in the abnormal movement node and can submit gives the next active node.Regarding with the service related parameter,uses the dynamic form mechanism,the model with realizes to the form design separately from its data type,the input form as well as the independent memory dynamic form parameter and so on.Finally,dynamic workflow model SSH2 performance test,according to test results show that this model can adapt to the work-flow in the changing needs of enterprise-class business.

Wei Xu,Jianwen Su,Zhimin Yan,Jian Yang,Liang Zhang

DOI: https://doi.org/10.1007/978-3-642-25109-2_17

2011-01-01

Abstract:Being able to quickly respond to change is critical to any organizations to stay competitive in the marketplace. It is widely acknowledged that it is a necessity to provide flexibility in the process model to handle changes at both model level as well as instance level. Motivated by a business policy rich and highly dynamic business process in the real estate administration in China, we develop a dynamically modifiable workflow model. The model is based on the artifact-centric design principle as opposed to the traditional process-centric approach. Runtime execution variations can be specified as execution modification rules, which lead to deviations to the normal executions. With the support of rules and declarative constructs such as retract, skip, add, and replace, ad-hoc changes can be applied to execution at anytime depending on the runtime data and the instance status gathered through the use of artifacts in our model.

Jianwei Yin,Zhengqian Xu,Zhilin Feng,Gang Chen,Jinxiang Dong

DOI: https://doi.org/10.3321/j.issn:1003-9775.2006.01.023

2006-01-01

Abstract:Based on the rule of task, a novel task-based access control (TBAC) model was proposed to improve the permission administration and mechanism in the conventional TBAC model by the definitions of task-permission set alone. The permission constraints focus both on the task and permission, and some formal analyses and some constraints rules for permission set are presented. The proposed model was applied to the Aerospace Vehicle Collaborative Development Management system AVIDM. Experimental results show that the model could provide a more agile authorization and enhance the practicability of task model. Moreover, it simplifies the task complexity of permission administration. It is well suited to the access control in transaction management system and workflow system.