Research And Application Of Secure Access Control Model In Workflow Management System

With the popularity and wide usage of computer and network technique, the workflow technology has obtained unprecedented attention and development at an alarming speed. Workflow Management System (WfMS) is a tool to realize Computer Aided Cooperative Work. It can realize the automatical management of workflow entirely or partially. At the same time, the security of WfMS obtains more and more attention increasingly. The implementation of business process needs many users to work together, sharing of resource and so on. Therefore, the workflow management system is not only to prevent external intrusion, but also to prevent unauthorized access by internal authorization. Dynamic allocation and withdrawal of permission become an important part of the workflow's security. And the access control technology which decides the authority of access to the resources by verifying the users' authority prevents the destruction from the legitimate user' misoperation. Therefor, it can stop the act of threating the security of the system.Until now various access control models have been raised, such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role Based Access Control (RBAC), Task Based Access Control (TBAC) and etc, none of these models could completely meet the needs of access control under workflow environment. This thesis mainly introduces the access mechanism of RBAC and TBAC, and analyses the limitation of these two kinds of access control models under workflow environment. Based of these analysis, this thesis researches the Task-Role Based Access Control (T-RBAC), presents the concept and formalization definition of T-RBAC, and expands in the RCL2000, forms a new constraint description language to be suitable for T-RBAC model-T-RCL(Task-Role Based Constrains Language). Through introducing the concepts of workflow, task, time and etc, T-RCL can satisfy the request of the T-RBAC model basically.Based on the study of the workflow technology and the structure of Workflow Reference Model which is raised by Workflow Management Coalition(WfMC), this thesis analyses and confirms a model design of a workflow management prototype system, and completes the designs of process model, organization model and information model. The access control in the organization model of this system adopts the T-RBAC model, which satisfy the complexity requirement of permission management. This thesis also realizes the analysis and design of workflow engine and management monitor, and intruduces the structure of the workflow engine, implementation and scheduling mechanism and process templates and intendance of instances and system security with management monitor. It verifies the applicability of T-RBAC model in workflow management through this system. At last, the Workflow Management System is applied to the sale management of an automobile manufactory.