Research On Risk-based Optimization Model For Workflow Access Control

In today's information and knowledge driven business environment, there was an increasing need to share information across traditional organizational boundaries and with partners to support informed decision making and to rapidly respond to external events,yet sensitive business information must be protected from unauthorized disclosure. Access control is a crucial security technology. It can control the legal users to sensitive resources effectively and ensure users to access relative resource.There was always inherent uncertainty in access control in distributed system, and such uncertainty leads to unpredictable risk.The traditional access control model could not evaluate these risks because of its static permission distribution and delegation policys. Through introducing the concept of risk, this paper establishes an integrated theoretic framework. This paper represents access control policy and the ordering relation among roles based risk. It made the security of access control polices can be compared according their various risk bands. This paper illuminates the basic relationship between the roles. The properties and principle are proposed for the policies'delegation and reallocate based risk. Based on the algorithm of computing the MUS, this paper proposed a method to optimize the users'access control polices. It is able to ensure the executions of the policy are under the minimum risk. This method which introduces risk in access control can control the high risky authorization and delegation. And it can advance the security of the system.Assignment relationship between roles and tasks are static in traditional workflow access control system,once the policy been configured,it is difficult to change along the whole running process of workflow system.However,the same assignment policy could have different performance under different state of system.In response to these issues, based on the service-oriented role-based access control model in workflow system, the concept of risk was introduced .Through comparing the risks of implementing a task by different roles, system can select better access control assignment.And It can also balance the task load among roles with the change of risk weight of roles.The schemes could enhance the system security and flexibility.