| In the recent years, workflow management system (WFMS) is applied to more and more various realms. However, there are many problems remaining unresolved, one of which is security issue. The thesis focuses on one of the most important means to secure the safety of workflow information system: Access Control Technique. The thesis focuses on access control in workflow environment. While access control itself is quite profound, the access control issues in workflow systems involve in how to incorporate access control model into workflow runtime context, in a simple and appropriate way, and making workflow to cooperate with manual operations coherently.Access control technique has a close relationship to the access control model theory, now various access control models have been raised, such as Discretionary Access Control, Mandatory Access Control, Role Based Access Control and etc. However, neither of these models would completely meet the needs of access control under workflow system. The thesis introduces the research status quo and development course of workflow and access control technique. Adopting the notion of extended RBAC and TBAC, the thesis presents an access control model: extended RTBAC. The model realizes the "Least Privilege Principle" and solves the "Dynamic Separation of Duty Constraint", and supplies access control of appropriate granularity for workflow.After that, the thesis narrates the design and implementation of a prototype system in detail, especially some key points and the design difficulties, including the system static model class map, the sequence diagram, worklist generation, the dynamic authorization etc. The prototype system provides access control service on the design/administration stage and the runtime stage. Finally, the conclusion is made, and the future work is simply prospected. |
PDF Full Text Request