工作流管理系统的安全访问控制研究
摘要
计算机支持的协同工作(CSCW)是指地域分散的一个群体借助于计算机及其网络技术,共同协调与协作来完成一项任务。随着信息技术与网络技术的进步,CSCW得到了广泛的应用,显著的提高了业务流程处理的性能与效率。工作流管理系统是一类典型的协同应用系统,广泛应用到办公、科研、商业等领域。由于在工作流系统中所有信息都是通过网络传输,并且在不同的执行者之间进行传递与执行,从而不可避免会遭受非法攻击,因此工作流系统中的信息安全是极为重要的。
本文正是基于工作流系统的安全需求开展了相关的研究工作。首先介绍了工作流管理系统的概念,指出了工作流的静态和动态特性,并由此归纳出了由工作流系统本身决定的、区别于非工作流系统的特殊访问控制需求:严格最小特权原则、职责分离原则和事件顺序原则。
传统的访问控制模型如:DAC、MAC、RBAC等都是从系统的角度去保护资源,是被动的访问控制,不适用于工作流系统。TBAC模型是一种以任务为中心的、采用动态授权的主动安全模型,但该模型没有把任务跟角色分开,没有考虑到实际工作中也存在非工作流的任务。本文在分析了传统安全模型的基础上提出了一种新的访问控制模型,较好的解决了上述各模型的缺陷。该模型是以TBAC模型为基础,结合了RBAC模型的思想,把TBAC中授权步的受托人集明确定义为角色,即把TBAC模型的三层结构改为四层结构,有效的克服了传统工作流安全模型的缺陷。由于约束粒度达到了任务实例级,从而提高了工作流系统的安全性、灵活性和实用性。随后,提出了任务分类的概念,对不同类的任务实行不同的访问控制策略。为了确保工作流系统中职责分离原则的实现,本文随后对模型中的各相关元素间的关系进行定义和约束,通过施加各种约束防止了用户具有过多的权利。
文章最后通过个人住房贷款业务处理流程验证了新模型的正确性和可行性。
CSCW means a group of people in different places cooperate to finish a task through the use of computer and network. With the development of information technology and network technology CSCW has had an increasing use and led to significant increase in processing performance and inefficiency. Workflow management system is a typical cooperation system, it has had a extensive use in office、. research、business and so on. As all the information in workflow system is transported through network and executed by different users, lawless attack is unavoidable. As a result, information security is a great problem in workflow system.
This paper focuses on the access control service that is one part of security mechanism in workflow system. First, this paper gives the conception of workflow government system, then its static feature and dynamic features. Based on the features, special access control requirement of workflow system, such as strict least privilege, separation of duty and order of events, are analyzed.
The traditional access control models, such as DAC、MAC、RBAC ,which protect resource in the view of system itself and are passively access control, are not suitable for workflow system. TBAC model is an active access model, focused on task, but the model makes no differences between role and task, it doesn't take the tasks which don't belong to workflow into consider. This paper proposed a new access control model based on the analysis of the traditional access control models. The model is based on TBAC, puts the thought of RBAC into TBAC, so it overcomes the drawbacks of traditional workflow security models. The restriction achieve to task level, so it increases the security, flexibility and practicality of the workflow system. Then we advance the conception of task classification, we take different access strategy according to task. To insure the realization of the separation of duty, the paper gives definitions and restrictions to all the related factors in the model. By the application of constrictions we can prevent users from having redundant permissions.
At the end of the paper, we use the personal lodging loan disposal process to validate the correctness and feasibility of the new model.
本文正是基于工作流系统的安全需求开展了相关的研究工作。首先介绍了工作流管理系统的概念,指出了工作流的静态和动态特性,并由此归纳出了由工作流系统本身决定的、区别于非工作流系统的特殊访问控制需求:严格最小特权原则、职责分离原则和事件顺序原则。
传统的访问控制模型如:DAC、MAC、RBAC等都是从系统的角度去保护资源,是被动的访问控制,不适用于工作流系统。TBAC模型是一种以任务为中心的、采用动态授权的主动安全模型,但该模型没有把任务跟角色分开,没有考虑到实际工作中也存在非工作流的任务。本文在分析了传统安全模型的基础上提出了一种新的访问控制模型,较好的解决了上述各模型的缺陷。该模型是以TBAC模型为基础,结合了RBAC模型的思想,把TBAC中授权步的受托人集明确定义为角色,即把TBAC模型的三层结构改为四层结构,有效的克服了传统工作流安全模型的缺陷。由于约束粒度达到了任务实例级,从而提高了工作流系统的安全性、灵活性和实用性。随后,提出了任务分类的概念,对不同类的任务实行不同的访问控制策略。为了确保工作流系统中职责分离原则的实现,本文随后对模型中的各相关元素间的关系进行定义和约束,通过施加各种约束防止了用户具有过多的权利。
文章最后通过个人住房贷款业务处理流程验证了新模型的正确性和可行性。
CSCW means a group of people in different places cooperate to finish a task through the use of computer and network. With the development of information technology and network technology CSCW has had an increasing use and led to significant increase in processing performance and inefficiency. Workflow management system is a typical cooperation system, it has had a extensive use in office、. research、business and so on. As all the information in workflow system is transported through network and executed by different users, lawless attack is unavoidable. As a result, information security is a great problem in workflow system.
This paper focuses on the access control service that is one part of security mechanism in workflow system. First, this paper gives the conception of workflow government system, then its static feature and dynamic features. Based on the features, special access control requirement of workflow system, such as strict least privilege, separation of duty and order of events, are analyzed.
The traditional access control models, such as DAC、MAC、RBAC ,which protect resource in the view of system itself and are passively access control, are not suitable for workflow system. TBAC model is an active access model, focused on task, but the model makes no differences between role and task, it doesn't take the tasks which don't belong to workflow into consider. This paper proposed a new access control model based on the analysis of the traditional access control models. The model is based on TBAC, puts the thought of RBAC into TBAC, so it overcomes the drawbacks of traditional workflow security models. The restriction achieve to task level, so it increases the security, flexibility and practicality of the workflow system. Then we advance the conception of task classification, we take different access strategy according to task. To insure the realization of the separation of duty, the paper gives definitions and restrictions to all the related factors in the model. By the application of constrictions we can prevent users from having redundant permissions.
At the end of the paper, we use the personal lodging loan disposal process to validate the correctness and feasibility of the new model.
引文
[1]http://www.qhei.gov.cn/qhxxh/xxzy/llwk/t20060417_202418_2.shtml
[2]李静.安全工作流管理系统的任务管理机制研究(硕士论文).华中科技大学.2002
[3]段江波.工作流管理系统的安全研究(硕士论文).大连理工大学.2005
[4]徐仁佐,郑红军.基于角色和上下文的访问控制模型.计算机应用研究,2004,第12期,P:140-142
[5]宋善德,刘伟.基于任务-角色的访问控制模型.计算机工程与科学,2005,第27卷,第6期,P:4-6
[6]沈海波,洪帆.基于企业环境的访问控制模型.计算机工程,2005,第31卷,第14期,P:144-146
[7]刘宏.整合RBAC和TBAC的访问控制模型的研究在电子政务系统中的应用.宜宾学院学报,2005年第6期,P:39-42
[8]陈丽侠,陈刚.基于任务的工作流访问控制模型和实现框架.计算机应用研究,2003,第9期,P:42-44
[9]崔鹏,李丽亚.RBAC在企业管理信息系统中的应用.机电产品开发与创新,2004,第17卷,第1期,P:17-19
[10]Sejong Oh,Park S.An Improved Administration Method on Role-based Access Control in the Enterprise Environment.Journal of Information Science and Engineering,2001(17):921-944
[11]Thomas RK,Sandhu RS.Task-based authentication controls(TBAC):a family of models for active and enterprise-oriented authentication management.1997,11-13
[12]Snyder L.formal models of capability-based protection system.IEEE transaction on computer,1981,30(3):172-181
[13]邓集波,洪帆.基于任务的访问控制模型.软件学报,2003,第14卷,第1期,P:76-81
[14]洪帆,邓集波.基于任务的授权控制及其实现.计算机工程与科学,2002,第24卷,第2期,P:62-65
[15]Oh Sejong,Park Seog.Task-role-based access control model.Information system,Volume 28,Issue 6,September,2003,pp:533-562
[16]Sandhu R,Conyne EJ,Lfeinstein H,Youman CE.Role based access control models.IEEE Computer,1996,29(2):38-47
[17]蔡文进.工作流系统的安全访问控制研究和实现(硕士论文).南开大学.2002
[18]Ferraiolo D,Kuhn R.Role-based access control.In:proceeding of the 15th NIST-NCSC National Computer Security Conference.1992.554-563
[19]马亮,顾明.基于角色的工作流系统的访问控制模型.小型微型计算机系统,2006,第23卷,第1期:136-140
[20]陈林,阳富民.基于角色的多级访问控制模型.华中科技大学学报.2002,第30卷,第2期:102-104
[21]李成锴,詹永照.基于角色的CSCW系统访问控制模型.软件学报,2000.11(7):931-937
[22]刘建勋,张申生.基于角色访问控制在工作流管理系统中的应用研究.小型微型计算机系统,2003,第24卷,第6期,P:1067-1070
[23]洪帆,韩兰胜.基于角色访问控制的办公自动化系统.华中科技大学学报(自然科学报),2002,第30卷,第6期,P67-69
[24]许春根,贡生.一种新型的基于角色访问控制的角色管理模型.计算机工程,2003,第29卷,第8期:26-29
[25]陈凤珍,洪帆.基于任务的访问控制(TBAC)模型.小型微型计算机系统,2003,第24卷,第3期,P:611-614
[26]洪帆,赵晓雯.基于任务的访问控制模型及其实现.华中科技大学学报(自然科学版),2002,第30卷,第1期,P:17-19
[27]董光宇,卿斯汉,刘克龙.带时间特性的角色授权约束.软件学报,2003,第13卷,第8期,P1521-1527
[28]杜栓柱,谭建荣,陆国栋.工作流模型中多粒度时间约束描述及其分析.软件学报.2003,第14卷,第11期,P1834-1840
[29]洪帆等.多级安全工作流授权模型.华中科技大学学报.2002,第30卷,第1期,P20-22
[30]范玉顺.工作流管理技术基础[.北京:清华大学出版社,2001
[31]张文艺.工作流程管理系统的访问控制研究与实现(硕士论文).南京航天航空大学.2004
[32]孙亚盅.基于WEB的工作流管理系统研究(硕士论文).武汉理工大学.2004
[33]史美林,杨光信,向勇,伍尚广.WfMS:工作流管理信息系统.计算机学报,1999,22(3):325-334
[34]Workflow Management Coalition.The Workflow reference model.WfMC TC00-1003,19th Jan,1995:13-41
[35]Workflow Management Coalition.Workflow Management Coalition workflow client application(interface 2)application programming interface(WAPI)specification Workflow Management Coalition.1996.9-16
[36]Ellis C A,Gibbs S J,Rein G L.Groupware:some issues and experiences.Communication of the ACM,1991,34(1):39-58
[37]Shen Hong-hai,Dewan P.Access control for collaborative environments.In:Turner J,Kraut R ends.Proceedings of the ACM CSCW'92 Conference on Computer Cooperative Work.New York:ACM Press,1994.51-58
[38]宁葵.访问控制安全技术及应用,北京:电子工业出版社,2005
[39]付松龄.工作流系统中的安全技术研究(硕士论文).国防科学技术大学.2003
[40]http://www.fcc.com.cn/MAGAZINE/shownews.asp?newsid=666
[41]Sandhu R.Role-based Access Control Model.IEEE computer,1996,29(2):33-47
[42]夏志雄.基于角色的访问控制在工作流系统中的应用研究(硕士论文).武汉大学.2004
[43]金琼铮,杨树堂.基于T-RBAC的企业权限管理方法.计算机工程,2004,第30卷,第19期,P:93-95
[44]任侠,谭庆平.基于任务与角色的分布式工作流授权控制模型.计算机工程,2006,第32卷,第5期,P:80-82
[45]尹存燕等.公文流转系统的授权机制.计算机工程与应用,2002,第9期,P218-224
[46]S.Oh,S.Park.the RBAC agent model on enterprise environment,5-minute talk,2000 IEEE Symposium on Security and Privacy,Berkeley,CA,May 2000
[47]S.Oh,S.Park.Task-role-based access control(T-RBAC):an improvement access control method for enterprise environment,Lecture Note in Computer Science,Vol.1873,Database and Expert System Applications,Springer,Berlin,Proceedings of the 11th International Conference,DEXA 2000,London,September 2000
[48]S.Oh,S.Park.An integration model of role-based access and activity-based access control using task,Proceedings of the 14th Annual IFIP WG11.3 Working Conference on Database Security,Schoorl,the Netherlands,August 2000
[49]S.Oh,S.Park.Task-role-based access control model for enterprise environment,J Korea Inst Information Security Cryptology 11(1)(2000)2
[50]http://www.ccb.com
[2]李静.安全工作流管理系统的任务管理机制研究(硕士论文).华中科技大学.2002
[3]段江波.工作流管理系统的安全研究(硕士论文).大连理工大学.2005
[4]徐仁佐,郑红军.基于角色和上下文的访问控制模型.计算机应用研究,2004,第12期,P:140-142
[5]宋善德,刘伟.基于任务-角色的访问控制模型.计算机工程与科学,2005,第27卷,第6期,P:4-6
[6]沈海波,洪帆.基于企业环境的访问控制模型.计算机工程,2005,第31卷,第14期,P:144-146
[7]刘宏.整合RBAC和TBAC的访问控制模型的研究在电子政务系统中的应用.宜宾学院学报,2005年第6期,P:39-42
[8]陈丽侠,陈刚.基于任务的工作流访问控制模型和实现框架.计算机应用研究,2003,第9期,P:42-44
[9]崔鹏,李丽亚.RBAC在企业管理信息系统中的应用.机电产品开发与创新,2004,第17卷,第1期,P:17-19
[10]Sejong Oh,Park S.An Improved Administration Method on Role-based Access Control in the Enterprise Environment.Journal of Information Science and Engineering,2001(17):921-944
[11]Thomas RK,Sandhu RS.Task-based authentication controls(TBAC):a family of models for active and enterprise-oriented authentication management.1997,11-13
[12]Snyder L.formal models of capability-based protection system.IEEE transaction on computer,1981,30(3):172-181
[13]邓集波,洪帆.基于任务的访问控制模型.软件学报,2003,第14卷,第1期,P:76-81
[14]洪帆,邓集波.基于任务的授权控制及其实现.计算机工程与科学,2002,第24卷,第2期,P:62-65
[15]Oh Sejong,Park Seog.Task-role-based access control model.Information system,Volume 28,Issue 6,September,2003,pp:533-562
[16]Sandhu R,Conyne EJ,Lfeinstein H,Youman CE.Role based access control models.IEEE Computer,1996,29(2):38-47
[17]蔡文进.工作流系统的安全访问控制研究和实现(硕士论文).南开大学.2002
[18]Ferraiolo D,Kuhn R.Role-based access control.In:proceeding of the 15th NIST-NCSC National Computer Security Conference.1992.554-563
[19]马亮,顾明.基于角色的工作流系统的访问控制模型.小型微型计算机系统,2006,第23卷,第1期:136-140
[20]陈林,阳富民.基于角色的多级访问控制模型.华中科技大学学报.2002,第30卷,第2期:102-104
[21]李成锴,詹永照.基于角色的CSCW系统访问控制模型.软件学报,2000.11(7):931-937
[22]刘建勋,张申生.基于角色访问控制在工作流管理系统中的应用研究.小型微型计算机系统,2003,第24卷,第6期,P:1067-1070
[23]洪帆,韩兰胜.基于角色访问控制的办公自动化系统.华中科技大学学报(自然科学报),2002,第30卷,第6期,P67-69
[24]许春根,贡生.一种新型的基于角色访问控制的角色管理模型.计算机工程,2003,第29卷,第8期:26-29
[25]陈凤珍,洪帆.基于任务的访问控制(TBAC)模型.小型微型计算机系统,2003,第24卷,第3期,P:611-614
[26]洪帆,赵晓雯.基于任务的访问控制模型及其实现.华中科技大学学报(自然科学版),2002,第30卷,第1期,P:17-19
[27]董光宇,卿斯汉,刘克龙.带时间特性的角色授权约束.软件学报,2003,第13卷,第8期,P1521-1527
[28]杜栓柱,谭建荣,陆国栋.工作流模型中多粒度时间约束描述及其分析.软件学报.2003,第14卷,第11期,P1834-1840
[29]洪帆等.多级安全工作流授权模型.华中科技大学学报.2002,第30卷,第1期,P20-22
[30]范玉顺.工作流管理技术基础[.北京:清华大学出版社,2001
[31]张文艺.工作流程管理系统的访问控制研究与实现(硕士论文).南京航天航空大学.2004
[32]孙亚盅.基于WEB的工作流管理系统研究(硕士论文).武汉理工大学.2004
[33]史美林,杨光信,向勇,伍尚广.WfMS:工作流管理信息系统.计算机学报,1999,22(3):325-334
[34]Workflow Management Coalition.The Workflow reference model.WfMC TC00-1003,19th Jan,1995:13-41
[35]Workflow Management Coalition.Workflow Management Coalition workflow client application(interface 2)application programming interface(WAPI)specification Workflow Management Coalition.1996.9-16
[36]Ellis C A,Gibbs S J,Rein G L.Groupware:some issues and experiences.Communication of the ACM,1991,34(1):39-58
[37]Shen Hong-hai,Dewan P.Access control for collaborative environments.In:Turner J,Kraut R ends.Proceedings of the ACM CSCW'92 Conference on Computer Cooperative Work.New York:ACM Press,1994.51-58
[38]宁葵.访问控制安全技术及应用,北京:电子工业出版社,2005
[39]付松龄.工作流系统中的安全技术研究(硕士论文).国防科学技术大学.2003
[40]http://www.fcc.com.cn/MAGAZINE/shownews.asp?newsid=666
[41]Sandhu R.Role-based Access Control Model.IEEE computer,1996,29(2):33-47
[42]夏志雄.基于角色的访问控制在工作流系统中的应用研究(硕士论文).武汉大学.2004
[43]金琼铮,杨树堂.基于T-RBAC的企业权限管理方法.计算机工程,2004,第30卷,第19期,P:93-95
[44]任侠,谭庆平.基于任务与角色的分布式工作流授权控制模型.计算机工程,2006,第32卷,第5期,P:80-82
[45]尹存燕等.公文流转系统的授权机制.计算机工程与应用,2002,第9期,P218-224
[46]S.Oh,S.Park.the RBAC agent model on enterprise environment,5-minute talk,2000 IEEE Symposium on Security and Privacy,Berkeley,CA,May 2000
[47]S.Oh,S.Park.Task-role-based access control(T-RBAC):an improvement access control method for enterprise environment,Lecture Note in Computer Science,Vol.1873,Database and Expert System Applications,Springer,Berlin,Proceedings of the 11th International Conference,DEXA 2000,London,September 2000
[48]S.Oh,S.Park.An integration model of role-based access and activity-based access control using task,Proceedings of the 14th Annual IFIP WG11.3 Working Conference on Database Security,Schoorl,the Netherlands,August 2000
[49]S.Oh,S.Park.Task-role-based access control model for enterprise environment,J Korea Inst Information Security Cryptology 11(1)(2000)2
[50]http://www.ccb.com
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |