Research Of Task-role-based Dynamic Access Control In Wfms

At present, information security and structure optimization of workflow management systems draws plenty of research interests. With the rapid development of computer technology, workflow technologies urgently need an appropriate strategy of access control to avoid the frauds from people. However, an appropriate strategy of access control must be at least with three conditions:①separation of duties (SoD);②least privilege;③safety of dynamic authorization. Therefore, the paper study on the typical models and analyze the advantages and disadvantages respectively, some of the more widely used role-based access control model (RBAC) and task-based access control model (TBAC) as well as the task-role based access control model (TRBAC) of the combination of the two characteristics while achieving the distribution of task and role, but they can not be well meet the environment demands of dynamically changing workflow. To solve this problem, the paper has been presented a workflow dynamic authorization model based on the tasks and roles (TRBWDAM) and the implementation framework.Some of TRBWDAM ideas:①permissions associated with the task status, roles associated with tasks, and refined workflow business processes into a sequence of indivisible task stream.②we use the constraints of mutually exclusive roles to enhance the principle of separation of duties: the workflow history information has been proposed, which improved the formal description of constraints of mutually exclusive roles to make up for the deficiency of SMER and DMER constraints, and verification algorithm based on the improvement is presented, so the system can automatically determine whether an application of a user is legitimate or not;③In order to meet the needs of dynamic workflow, A dynamic authorization algorithm under the premise of the verification algorithm is proposed to make sure the security and flexibility of authorization, and while fine-grained access control can be based on the needs of the actual situation to achieve a reasonable degree;④TRBWDAM access control subsystem framework on the basis of the workflow reference model and workflow management system architecture is further proposed, and the feasibility, originality, application, dynamic security of access control system is analyzed.Finally, the paper takes business processes of "bank loans management system" for example, and presents the system operation from the three aspects of separation of duties constraints, least privilege and dynamic authorization, which can demonstrate the feasibility, safety and wide application of model and implementation framework based on TRBWDAM. It may be a very good framework for workflow management system to meet the security and dynamic nature of demand, and will have a good application prospects.