【作者】 武玲玲；

【导师】 刘晓松；

【作者基本信息】 江苏大学 ， 企业管理， 2006， 硕士

【摘要】 计算机支持的协同工作(CSCW)是指地域分散的一个群体借助于计算机及其网络技术,共同协调与协作来完成一项任务。随着信息技术与网络技术的进步,CSCW得到了广泛的应用,显著的提高了业务流程处理的性能与效率。工作流管理系统是一类典型的协同应用系统,广泛应用到办公、科研、商业等领域。由于在工作流系统中所有信息都是通过网络传输,并且在不同的执行者之间进行传递与执行,从而不可避免会遭受非法攻击,因此工作流系统中的信息安全是极为重要的。本文正是基于工作流系统的安全需求开展了相关的研究工作。首先介绍了工作流管理系统的概念,指出了工作流的静态和动态特性,并由此归纳出了由工作流系统本身决定的、区别于非工作流系统的特殊访问控制需求:严格最小特权原则、职责分离原则和事件顺序原则。传统的访问控制模型如:DAC、MAC、RBAC等都是从系统的角度去保护资源,是被动的访问控制,不适用于工作流系统。TBAC模型是一种以任务为中心的、采用动态授权的主动安全模型,但该模型没有把任务跟角色分开,没有考虑到实际工作中也存在非工作流的任务。本文在分析了传统安全模型的基础上提出了一种新的访问控制模型,较好的解决了上述各模型的缺陷。该模型是以TBAC模型为基础,结合了RBAC模型的思想,把TBAC中授权步的受托人集明确定义为角色,即把TBAC模型的三层结构改为四层结构,有效的克服了传统工作流安全模型的缺陷。由于约束粒度达到了任务实例级,从而提高了工作流系统的安全性、灵活性和实用性。随后,提出了任务分类的概念,对不同类的任务实行不同的访问控制策略。为了确保工作流系统中职责分离原则的实现,本文随后对模型中的各相关元素间的关系进行定义和约束,通过施加各种约束防止了用户具有过多的权利。文章最后通过个人住房贷款业务处理流程验证了新模型的正确性和可行性。更多还原

【Abstract】 CSCW means a group of people in different places cooperate to finish a task through the use of computer and network. With the development of information technology and network technology CSCW has had an increasing use and led to significant increase in processing performance and inefficiency. Workflow management system is a typical cooperation system, it has had a extensive use in office、. research、business and so on. As all the information in workflow system is transported through network and executed by different users, lawless attack is unavoidable. As a result, information security is a great problem in workflow system.This paper focuses on the access control service that is one part of security mechanism in workflow system. First, this paper gives the conception of workflow government system, then its static feature and dynamic features. Based on the features, special access control requirement of workflow system, such as strict least privilege, separation of duty and order of events, are analyzed.The traditional access control models, such as DAC、MAC、RBAC ,which protect resource in the view of system itself and are passively access control, are not suitable for workflow system. TBAC model is an active access model, focused on task, but the model makes no differences between role and task, it doesn’t take the tasks which don’t belong to workflow into consider. This paper proposed a new access control model based on the analysis of the traditional access control models. The model is based on TBAC, puts the thought of RBAC into TBAC, so it overcomes the drawbacks of traditional workflow security models. The restriction achieve to task level, so it increases the security, flexibility and practicality of the workflow system. Then we advance the conception of task classification, we take different access strategy according to task. To insure the realization of the separation of duty, the paper gives definitions and restrictions to all the related factors in the model. By the application of constrictions we can prevent users from having redundant permissions.At the end of the paper, we use the personal lodging loan disposal process to validate the correctness and feasibility of the new model.更多还原