| Today, as the increasingly wide use of computer and network, workflow management system is attracting more and more attention by research institute and industry field. In this thesis a new multi-roles access control model is proposed based on the traditional RBAC and TBAC model. It uses the method of static authorization based on roles and dynamic authorization based on tasks to ensure the access safety of the workflow system. The model overcomes the weaknesses of the traditional access control model and proposes a new role model which can manage roles more conveniently.This thesis adopts policy management technology to improve the access control abilities of the workflow management system, the main point of policy-based management is the notion of policy as a means of driving management procedures. Generally speaking, the object-oriented Ponder policy language is declarative and simple to specify both security and management policies. An object-oriented policy deployment model that forms part of the runtime support for Ponder is proposed in this thesis by the author. The policy deployment model is independent of the underlying policy enforcement mechanisms, and can also be employed in mixed policy environments. The policy deployment model supports the instantiation,distribution and enabling of policies as well as the disabling, unloading and deletion of policies, caters for changes in the memberships of domains since such changes also affect policy enforcement, and also supports distributed policy service.The Model of Distributed Secure Workflow Management System is an expansion of Role-Based Secure Workflow Model, it fits the management of role and authorization in distributed environment. The authorization and access control of the model use the atribute certificate policy of Privilege Management Infrastructure, the privilege allocate function and privilege verify function are implemented by role server and application gateway in the systems. |
PDF Full Text Request