【作者】 邓金侠；

【导师】 刘益良；

【作者基本信息】 重庆工学院 ， 测试计量技术及仪器， 2008， 硕士

【摘要】 随着信息技术的发展,工作流系统变得越来越复杂,在满足应用需求的同时对其安全性有了更高的要求,因而需要更好的安全模型应用于工作流系统,其安全模型中运用最典型的安全技术是访问控制技术。近年来工作流系统中访问控制技术得到广泛的研究,其中两种广泛应用的访问控制模型RBAC（Role-Based Access Control）和RTAC（Task-Based Access Control）在一定的程度上解决了角色授权和任务分配的控制问题。但是,随着系统复杂性增加,这两种模型并没有真正解决最小特权和职责分割问题,也不能满足用户工作流流程频繁变动的需求。针对这些不足,本文构建了一种可变流的动态角色_任务_视图访问控制（DRTVBAC）的细粒度访问控制模型,通过一种可变流的动态任务授权方法和在实际系统中的算法实现,有效解决了实际应用中复杂系统的最小特权和动态职责分割的安全问题。DRTVBAC模型根据角色策略进行动态角色分配管理,非敏感角色可以进行交叉分配,敏感角色不能交叉分配。角色在特定的任务流条件下,根据职责被分配一定的任务,该任务是工作流中一个原子性节点任务。角色满足预定的相容和相斥属性,通过获得访问某种功能模块权限的动态视图,实现具有层次关系的可执行任务的角色集R（Role）的动态管理,提高了界面操作的简洁和界面信息的安全。为满足实际应用需求,在活动视图的基础上通过可变流算法改变任务流的执行顺序,不影响各个角色执行相应的任务,但会改变各个角色执行任务的时间顺序,并通过视图展示出各角色的相关任务;无论任务流的顺序怎么改变,DRTVBAC模型始终保持了角色、任务和视图三者的安全关联关系。DRTVBAC模型可变流算法实现基本思想是:K_i表示一个工作流中任务单元N_i的状态,K_i+1表示一个工作流中任务单元N_i+1的状态,i表示一个任务在工作流中的位置,通过判断Ni的状态Ki和N_i+1的状态K_i+1而确定是否执行N_i+1直到工作流执行完毕。DRTVBAC模型在机动车驾驶员培训管理系统已经成功应用,特点是:与任务相关联的动态角色管理,灵活的权限控制、授予与收回;符合权限激活角色执行某一特定任务的最小特权原则;实现了工作流中的权限授予和任务完成分离的职责分割原则;防止敏感信息泄露的简洁动态视图操作界面;满足用户实际需求的可变任务流。更多还原

【Abstract】 With information technology development, workflow system becomes more and more complex, not only meet application need but also have a higher request to its security, so need better security model applies in the work flow system, the typical safety technology is the access control technology in its security model. In recent years, the access control technology has been researched widely in workflow system, two typical technologies of this are RBAC （Role-Based Access Control） and RTAC （Task-Based Access Control） model, which has been successfully used in the role authorizing and assigning in a certain extent, however, during the process of complicating a system’s structure, these two technologies can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow’s process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view（DRTVBAC） of fine-grained access control model is constructed on the basis existed model. During the process of applying this model, a algorithm, which is used to authorize dynamic task for a variable flow, is implemented in the actual system, that is to say, it solves effectively complex system fine-grained principle of privileges minimum and security problem of principle of dynamic separation of duties in practical application system.In the DRTVBAC model, dynamic role’s assigning and managing will be processed based on the role policy, that is to say, the insensitive role could be intersect assigned, the sensitive role could not be intersect assigned. In a specific task flow situation, roles will be assigned a certain task based on their duties, this task is a atomicity node task in the workflow. The roles have the designated attribute– acceptance and exclusion, after getting a dynamic view which could be used to obtain an authority in order to access a certain function model, the roles management is becoming a dynamic management used for those roles R （Role） which have hierarchy and could process a certain task. It is satisfied for easy operation, and improves the security for interface information. In order to meet the practical application need, it change the execution sequence of task flow by variable flow arithmetic based on active view, it does not change that each role carry out corresponding task, it will affect to each role carry out the task time sequence, show role’s related task by views; how regardless of task flow’s order does change, DRTVBAC model always maintain security association among the role, the task and the view.The essential point of implementing DRTVBAC model variable flow arithmetic is: suppose Ki is the task unit N_i’s status in a workflow, suppose K_i+1 is the task unit N_i+1’s status in a workflow , i is the position of a task in the task flow, estimate Ni’s status Ki and N_i+1’s status K_i+1 in order to confirm if N_i+1 should be processed or not till finish processing the workflow.DRTVBAC model is successfully applied in the motor vehicle drivers training management system. It has these special features: the dynamic role managing is connected with the task, it could flexibly control, authorize and revoke access right; it is qualified for the minimum privilege principle, that is to say, a role could process a certain task when the access right is activated; the access right is authorized in the workflow, and the tasks are assigned based on the role duty; the dynamic view operation interface is easy to operate, and is helpful for preventing reveal confidential information; the task flow is alterable and satisfied for user’s practical request.更多还原