Research And Application On Access Control Model Based On Workflow

Workflow technology is the core technology of achieving the business process modeling, analysis, optimization, integration and management, and finally achieves business process automation. Along with the rapid development of information technology, workflow management system (WfMS) that computerizes business process developed fast and becomes more and more popular. However, WfMS not only meet application need but also have a higher request to its security, so it needs better security model applies in the workflow system. The access control technology has been researched widely in workflow system in recent years. The aim of access control is prevent illegal user access to system resources and data, even damage the accessibility of system. The Role-based Access Control model is widely accepted as the model of access control of WfMS.In the background of introducing and analyzing workflow and access control technology, this thesis mainly completed the following works:Firstly, the thesis introduces the concept and reference model of workflow management system, and several typical workflow models. Then the concept of access control, several mainstream access control technologies were introduced and their characteristics were compared. These contents discussed above lay the foundation of this thesis.Secondly, the thesis analyzing the advantages and disadvantages of some existing workflow security models. In order to meet the requirements of dynamic authorized constraints, the thesis puts forward a variable-based conditional RBAC model based on a lightweight workflow model, which improved the role-based access control model and time constraint was considered. Input variables, output variables and global variables were introduced in this model, through these variables build a relational expression to determine the current node authorized role sets during the workflow executing process. This model has good practicability because of it not only can predigest dynamic constraint authorization of workflow instance but also improve the efficiency of the workflow management system.Finally, the variable-based conditional RBAC model was successfully used in maintain schedule approval system, realizing the dynamic authority and phase authority of each approval node, it proves that variable-based conditional RBAC model is universal and effective by system testing.