| Access control technology is one of the important methods for information protection in information security field.At present,the hotspot of access control research is role-based access control model RBAC,which separate user and limits of authority through role.But the definition of role in actual operation will bring insufficient for tight control.Aiming at the end-user type which become increasing complex and the complicated safety management strategy,on the basis of RBAC access control model,the paper present TW-RBAC which is weak control RBAC access control model driven by task.The model adopts dispatch imposed by workflow system to task in business management to drive definition and management of the role and authority of access control.State change of task becomes the major factor of authority constraint rule.The factor will determine the opportunity whether user's authority passes or not.On the link of separation between function and power,management mechanism of "separation of the three powers" is established.Licensor,rule constitutor and supervisor are strictly separated to ensure the impartiality of authority management,and well connect with business management mechanism.In addition,on the link of authorization and authority certification,the idea of weak control is adopted to postpone the timing when authority passes rule verification and reduce the authorization problems caused by complicated rule,which will enable the use to flexibly gain the chance on obtaining authority.Finally,the model is applied to the management application system SANERP which is a kind of ERP for manufacturing.The practice shows that the model offers clearer using connector and more flexible monitoring mechanism,which enhance practicability of RBAC model,make it easier for authority management,and suit access control modeling under the complicated system and workflow. |
PDF Full Text Request