| Workflow technology separates business process management of the enterprise from application system, which provides advanced method to achieve business objectives for enterprises. However, when workflow brings higher efficiency, its safety is facing serious challenges. Access control becomes a research hotspot in the multitudinous security mechanism, whose goal is to prevent invasion of illegal users or illegal usage of the system resources by legitimate users.In the complex organization structure and heterogeneous distributed workflow application environments, information resources of high safety requirements not only need to ensure that information use safely, but also need authorized management and access control practical and efficient. TRBAC is now considered as excellent model suitable for workflow system, however, TRBAC model is only studied theoretically, there are several questions in practical application. For example, low user matching distribution relationship efficiency, poor distribution rights and rights management safety, user role lacks of association with authentication mechanism, the execution of special task lacks of role inheriting restrictions, roles real-time executive consistency is pool, the minimum permissions of realization is not enough strict and so on.Aiming at the existing security flaws of the role-based access control, this article proposes the multitudinous constraint P-TRBAC workflow access control model in the basis on the public key security infrastructure (PKI) and on the permission management infrastructure (PMI). The access efficiency is improved through changing structure of mapping users to task permissions, the model's security application properties is improved through adding authentication constraints of the user role, private character constraints, time constraints of the role task and permission admining constraints. This also proposes Implementation scheme and operation rules for the multitudinous constraint P-TRBAC model. At the same time, standard access control language XACML is used to describe implementation of access control strategy, which facilitates cross-platform operation and system extension.At last, in the background of an institute examining and approving documents, through using JBOSS JBPM workflow middleware, the multitudinous constraint P-TRBAC model is used in the workflow system of the official examination and approval. Through the experiments, safety and effectiveness of the multitudinous constraint P-TRBAC model proposed are validated, which has important practical significance in application research realizing safe access control in the workflow system.
|
PDF Full Text Request