Research And Application On Group Based Ccess Control Model In Workflow System

At present, Workflow System has been widely used in personnel-intensive officeenvironment of varied domains. In the past, almost all searchers focused on the design ofworkflow engine and workflow modeling when they studied Workflow System, but payless attention to the security issues of Workflow System. If wanting to make theWorkflow System to be further widely applied in enterprises, it must be fully guaranteedthe information security in the system. Meanwhile, the access control technology is justthe mean of ensuring the information security in Workflow System. Especially with theexpanding scale of enterprise, its organizational structure has become increasinglycomplex, and often there are roles which have the same function within differentorganization units. As to this kind of enterprise with such organizations, the access controlissue for its Workflow System is specific. Therefore, security issue in Workflow Systemthis kind of enterprise is more worthy of attention. Under this background, the accesscontrol technology in Workflow System is studied and explored in this paper.First of all, by analyzing the features of several access control models, the task-rolebased access control model is extended, an access control model supporting organizationGT-RBAC (Group-Task-Role-Based Access Control) is put forward, to meet therequirement of access control in workflow system of group enterprises and decrease thecomplexity of authorization management. At the same time, aiming at the problem ofprivate rights, an effective solution is proposed.Secondly, the realization of authorization constrains (the principle of Duty Seperation)in Workflow System which is studied based on the model GT-RBAC is proposed. Fourmutually exclusive entities are defined: mutually exclusive users, mutually exclusive roles,mutually exclusive privileges and exclusive tasks. And the static and dynamic constrainedrules between them are deeply discussed. Meanwhile, a dynamic access control algorithmwhich is appropriate for the workflow system based on these rules is presented. A case inactual project is presented, checking that the model and algorithm proposed are correct,after that, the property of the model GT-RBAC is analyzed in three aspects. Finally, based on an actual project, a workflow approval system of a large enterprisefor Auto Sales in Beijing and according to its business needs, the design ideas of themodel GT-RBAC are used, proving that the good effect of the model in reality.