| Nowadays, Workflow Management System (WfMS) has been used more and more widely in the enterprise to support the business management and business control. It supplies an integral framework for enterprise business process. This framework includes the building, management, running and analysis of the workflow model. It avails to improve the business process. It also helps the enterprises to elevate the production level, increse work efficiency and profit, and reduce the burden for the staff.With the rapid development of modern computer technology, the computing environment of the workflow has become distributed and heterogeneous. The security management of WfMS became weak and the opportunity of security leak increased. The important information and data are threatened from both inside and outside. How to ensure the workflow's security is a focus of the research organizations and enterprises.One important way to solve the security of workflow is to consider the security problem sufficiently at the building time. That is to say, we need build a security workflow model. Role-based access control model (RBAC) can simplify the authority management and map the access control mechanism to the organization of the enterprises, so it is very popular in the design of workflow.The paper mainly describes two feasible security workflow models. One is a role-based security workflow model, the other is a workflow model based on the role and the explicit and implicit privilege management.The role-based security workflow model is the improvement and optimization of the secure workflow model proposed by P. C. K. Hung which couldn't relect the organization's structure. There are three parts to describe the model, which are the entity definations and their relations, the security constraints and mathematical proofs, the authorization function and multi-layered state machine. Entity definitions and their relations define the basic parts of the workflow, the security constraints and mathematical proofs proof the correctness of the security considerations for the workflow, while the authorization functions and the multi-layered state graph can express and imitate the workflow which can find the problem in advance.The workflow model based on the role and the explicit and implicit privilege management defines the concepts of DcAC(sepecification of the document access control ), EP, EPA, IP, IPA to manage the authorization of the workflow model. The formal description and graph expression are given to describe the model. Compared with the models proposed in the past, we are intensively to deal with the relations among the document, task, role and we also strengthen the document management.The two models realize the priciples of SoD (Separation of Duty) and the least privilege, some security sevices such as authorization, integrity, and availability. |
PDF Full Text Request