| Workflow is one of the fast growing technologies that have been widely used in the office automation field. Workflow system help people raise office efficiency, reduce consumed cost, optimize procedure. Workflow management system gets a large amount of use in the people-intensive official environment. Especially, in the course of present military information construction, workflow management system is applied to the army office businesses. With the popularization of workflow system, the security problem which workflow management system can't avoid gets more and more attention too.Workflow management system with multilevel security is an expansion of traditional workflow management system. In multilevel secure workflow management system, operators and the objectives have secure level, and on the basis of these levels the security management of workflow is accomplished. Classical BLP model was proposed in 1973 and revised, combined and improved in 1976. It stems from the military field with the strict security demand and is a kind of foundational multilevel security model, but BLP model cannot construct a really practical multilevel security model.Based on BLP model, this paper presents the EBLP model according to the workflow security demand. First, the time and space factors are introduced in the EBLP. Second, it is different from BLP in which an operator just has one sensitivity label, it has reading sensitivity label and writing label separately. At last, it improves the rules of credible operators and incredible operators.On the basis of EBLP model, this paper combines the advantages of RBAC and TBAC, presents RTMLS model. RTMLS has its'roles'and'constraints'which are different from TBAC and RBAC. RTMLS adopts the management idea of RBAC based on'role'and considers authorization assignment mechanism of TBAC based on'task'. It has multilevel security characteristics due to EBLP multilevel security model.We model a multilevel security workflow based on RTMLS. We divide tasks and provide model by making use of level Petri nets based on original workflow Petri nets. In this way, we need not to modify the original model thoroughly and only need to carry on more elaborate careful modeling to the special security demand.At the end of this paper, a prototype based on RTMLS is implemented. With an open source workflow system, the RTMLS can be implemented on it easily. Experiment data show that the performance is lowered, but prototype can be improved by adding buffer and optimizing roleset. |
PDF Full Text Request