| Traditional workflow security models often ignore the convenience of security management and can not effectively control the accessing permissions of a task. Therefore, they can not suitably meet the requirements of modern Workflow Management Systems. Although the concept of task has been introduced into Role Based Access Control models to solve the security issues in some articles, it does not change the 3-layer structure (user-role-permission) of traditional RBAC models, which results in many security problems, such as the gloss of minimal permissions constraint, data redundancy and lack of dynamic ability. Moreover, the traditional workflow security models doesn't mention the control over the accessing permissions required to execute tasks, thus making it possible for users to acquire the permissions without task assignment.This paper presents a new access control model to solve the issues as we mentioned above. Firstly, the workflow technology and traditional access control technologies are introduced, and then the main disadvantages of traditional workflow security models are analyzed. Accordingly a series of Task and Role Based Access Control models are elaborately designed, then a model family is established which contains 4 formal models. The remarkable feature of this new model is that it imports the concept of task into traditional RBAC model and sets up reasonable 4-layer architecture (user-role-task-permission) to solve issues in traditional workflow security. The concept of level enhances the security of the model, and the introduction of some concepts makes security management jobs more convenient and more flexible such as context constraint, task assigning policy, task hierarchies and private task.This new model has been successfully implemented in our own distributed workflow infrastructure system. Comparing to traditional workflow security model, the new model has increased the security, flexibility and practicability of our workflow system.
|
PDF Full Text Request