【作者】 蒋精；

【导师】 欧阳松；

【作者基本信息】 中南大学 ， 计算机应用技术， 2007， 硕士

【摘要】 在计算机和网络使用越来越广泛的今天，工作流管理系统也越来越多地受到研究机构以及产业界的关注。本文在基于任务的访问控制和基于角色的访问控制模型的基础上提出了基于多维角色和任务的MDR&TBAC模型。该模型通过基于角色的静态授权和基于任务的动态授权加强了工作流系统访问控制的安全性，解决了传统的访问控制模型的缺陷，新的角色模型开也方便管理一定数量的角色。文中引入策略来提高工作流管理系统的安全访问控制能力，策略管理技术的核心观点就是以策略驱动管理过程。论文中的基于Ponder策略语言的策略部署模型与底层的策略实施机制无关，能够应用在混合策略环境中。策略部署模型支持策略的实例化，支持策略对象的分发、启用、禁用、卸载以及删除，能够根据域内成员关系的变化对策略实施做出相应的调整，对分布式策略服务以及策略的动态自管理提供了更完善的支持。在面向对象的策略部署模型中，由于被管理对象就是策略本身，因此策略的动态自管理机制具有了一些特殊性。论文从POP策略的分发和实施两个方面对策略动态自管理的特点和过程进行了分析，还提出了分布式策略服务中的策略自管理代理。论文最后的分布式工作流安全管理模型是在基于角色的工作流访问控制模型基础之上的扩展，它能够适应分布式环境中的角色和授权管理，其授权和访问控制采用了授权管理基础设施的属性证书机制，通过系统中的角色服务器和应用网关实现权限分配以及权限验证的功能。更多还原

【Abstract】 Today, as the increasingly wide use of computer and network, workflow management system is attracting more and more attention by research institute and industry field. In this thesis a new multi-roles access control model is proposed based on the traditional RBAC and TBAC model. It uses the method of static authorization based on roles and dynamic authorization based on tasks to ensure the access safety of the workflow system. The model overcomes the weaknesses of the traditional access control model and proposes a new role model which can manage roles more conveniently.This thesis adopts policy management technology to improve the access control abilities of the workflow management system, the main point of policy-based management is the notion of policy as a means of driving management procedures. Generally speaking, the object-oriented Ponder policy language is declarative and simple to specify both security and management policies. An object-oriented policy deployment model that forms part of the runtime support for Ponder is proposed in this thesis by the author. The policy deployment model is independent of the underlying policy enforcement mechanisms, and can also be employed in mixed policy environments. The policy deployment model supports the instantiation,distribution and enabling of policies as well as the disabling, unloading and deletion of policies, caters for changes in the memberships of domains since such changes also affect policy enforcement, and also supports distributed policy service.The Model of Distributed Secure Workflow Management System is an expansion of Role-Based Secure Workflow Model, it fits the management of role and authorization in distributed environment. The authorization and access control of the model use the atribute certificate policy of Privilege Management Infrastructure, the privilege allocate function and privilege verify function are implemented by role server and application gateway in the systems.更多还原