Task-based Workflow Security Model Research And Applications

With the development and popularization of workflow technology, the security problem of workflow system has to be a focus of attention both in academic area and in industry field. The performance of business process needs numbers of users to cooperate and share sensitive information and recourses. Therefore, workflow systems are supposed to prevent not only the inbreak outside, but also the incorrect use of inner authorization. The reasonable assignment and callback of authorizations is the important issue of access control. The research of access control model and technology has become the focus of the security mechanism and the emphasis of information security area.At the aspect of workflow security models, the Role-Based Access Control (RBAC) adopt role to enclose privilege, which simplify the management of privilege. However, the static authorization makes it lack reaction to workflow states immediately, which make it difficult to authorize and take back the permission in time, and the description of access policy of workflow system is not supposed well enough; The Context-based Team Access Control model(C-TMAC) integrate the context, roles and teams into an entity to implement the cooperation basing on the information of environment in organization, but it lacks management of assign relationship among these entities; The Task-Based Access control model(TBAC) introduces the authorization step to implement dynamic authorization, but the authorization policy is complicated without consideration of classification of roles, so it is not perfect in management of privileges.In order to get rid of the drawbacks of the models above, this paper builds a task-based security model of workflow system, which resolves the problems of active authorization and roles management in large organizations. Privileges are controlled and managed in little granularity by subdividing tasks; Authorization is performed by the assignment relationships between tasks and roles, and permissions are given and taken back by the state of tasks so as to satisfy the requirement of authorization in...