| The security in workflow management system (WfMS) is becoming more and more important when workflow is used in more wide fields. But the study of security in WfMS is insufficient compared with the study of WfMS. Therefore, it is very significant to study the security in WfMS.The security of WFMS can be sorted into two classes: public security and special security. Public security can be solved by the existed security technology. The study of special security is concentrated on authorization, access control and constraint, and so on. Role based access control (RBAC) simplifies authorization access control and security control since the authorization method that it assigns roles to users, and then assigns different privileges to different roles according to the character of the roles. Task based access control (TBAC) is an initiative security model, where task is focus of work and dynamic authorization is used.Then the workflow authorization model was described. As well the authorization model was presented by integrating with separation of duties (SoD). Based on the SoD constraint the authorization was given dynamically in the new model according to the execution of workflow task instances.Then a general security WfMS model was constructed. The model was based on TBAC and RBAC, and the security module of the model was divided into two relatively independence modules: authorization module and constraint module. The model realized granting and revoking of privileges dynamically depending on assigning privileges to tasks, assigning tasks to roles. What's more, the model realized dynamic constraint depending on granularity of task instances too.Finally, on the foundations of the model we have developed a workflow management system based on the B/S three layers structure through the project of the eroding database system.
|
PDF Full Text Request