| CSCW means a group of people in different places cooperate to finish a task through the use of computer and network. With the development of information technology and network technology CSCW has had an increasing use and led to significant increase in processing performance and inefficiency. Workflow management system is a typical cooperation system, it has had a extensive use in office,. research,business and so on. As all the information in workflow system is transported through network and executed by different users, lawless attack is unavoidable. As a result, information security is a great problem in workflow system.This paper focuses on the access control service that is one part of security mechanism in workflow system. First, this paper gives the conception of workflow government system, then its static feature and dynamic features. Based on the features, special access control requirement of workflow system, such as strict least privilege, separation of duty and order of events, are analyzed.The traditional access control models, such as DAC,MAC,RBAC ,which protect resource in the view of system itself and are passively access control, are not suitable for workflow system. TBAC model is an active access model, focused on task, but the model makes no differences between role and task, it doesn't take the tasks which don't belong to workflow into consider. This paper proposed a new access control model based on the analysis of the traditional access control models. The model is based on TBAC, puts the thought of RBAC into TBAC, so it overcomes the drawbacks of traditional workflow security models. The restriction achieve to task level, so it increases the security, flexibility and practicality of the workflow system. Then we advance the conception of task classification, we take different access strategy according to task. To insure the realization of the separation of duty, the paper gives definitions and restrictions to all the related factors in the model. By the application of constrictions we can prevent users from having redundant permissions.At the end of the paper, we use the personal lodging loan disposal process to validate the correctness and feasibility of the new model. |
PDF Full Text Request