工作流系统中的PRBAC访问控制模型研究

doi:10.3969/j.issn.0255-8297.2020.05.002

Abstract

Abstract: Workflow management systems (WFMS) has been widely used in organizational business process management of enterprises and government, and role-based access control (RBAC) model is generally adopted in system tasks for solving the problem of authorization control, and performs good adaptability to the changes of employees; roles or departments. However, with the intensification of competition and the normalization of reform, the organization structures and roles are changing more and more frequently, thus a process system implemented to different organizations will face with much more serious variety of organization structures and roles. The RBAC model causes the task authorization in the business process definition to be heavily organization-dependent, thus the frequent changing of organization will require continuous changing of authorization system, or even worse, lead to its abnormal execution due to the improper process definition. For this problem, this paper proposes a position-role based access control (PRBAC) model, which divides the granularity of roles into organization positions, introduces the concept of business roles which are the only authorization objects, and establishes the corresponding relationship through a mapping layer. The equivalence of PRBAC and RBAC in expressivity is proved, and the granularity and complexity of authorization are analyzed. Through case analysis, we demonstrate that PRBAC model can effectively improve the adaptability and flexibility of WFMS in organizational changes, and realize the decoupling of organization model and business model.

Key words: workflow, PRBAC model, organization position, business role, authorization

CLC Number:

P751.1

XIONG Tianhong, YU Yang, LOU Dingjun. Research on PRBAC Access Control Model in Workflow System[J]. Journal of Applied Sciences, 2020, 38(5): 672-681.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

URL: https://www.jas.shu.edu.cn/EN/10.3969/j.issn.0255-8297.2020.05.002

https://www.jas.shu.edu.cn/EN/Y2020/V38/I5/672

References

[1] Aalst W V D, Hee K V. Workflow management:models, methods, and systems[M]. Cambridge:MIT Press, 2004.
[2] 余阳, 王颍, 刘醒梅, 等. 基于社会关系的工作流任务分派策略研究[J]. 软件学报, 2015, 26(3):562-573. Yu Y, Wang Y, Liu X M, et al. Workflow task assignment strategy based on social context[J]. Journal of Software, 2015, 26(3):562-573. (in Chinese)
[3] 郭秦龙, 闻立杰, 金涛, 等. NBAJ:一种基于网络流的工作流资源分配合理性判定方法[J]. 计算机集成制造系统, 2015, 21(2):326-335. Guo Q L, Wen L J, Jin T, et al. NBAJ:workflow resource assignment satisfaction judgment method based on network-flow[J]. Computer Integrated Manufacturing Systems, 2015, 21(2):326-335. (in Chinese)
[4] 熊厚仁, 陈性元, 张斌, 等. 基于RBAC的授权管理安全准则分析与研究[J]. 计算机科学, 2015, 42(3):117-123. Xiong H R, Chen X Y, Zhang B, et al. Security principles for RBAC-based authorization management[J]. Computer Science, 2015, 42(3):117-123. (in Chinese)
[5] Mitra B, Sural S, Vaidya J, et al. A survey of role mining[J]. ACM Computing Surveys, 2016, 48(4):1-37.
[6] 熊厚仁, 陈性元, 费晓飞, 等. 基于属性和RBAC的混合扩展访问控制模型[J]. 计算机应用研究, 2016, 33(7):2162-2169. Xiong H R, Chen X Y, Fei X F, et al. Attribute and RBAC-based hybrid access control model[J]. Application Research of Computers, 2016, 33(7):2162-2169. (in Chinese)
[7] 于会松, 孟照旭, 黄华晔, 等. 基于映射的角色访问控制模型的设计与实现[J]. 计算机仿真, 2016, 33(4):292-295. Yu H S, Meng Z X, Huang H Y, et al. Design and implementation of mapping-based role access control model[J]. Computer Simulation, 2016, 33(4):292-295. (in Chinese)
[8] Zhu H, Zhang W, Wang Y, et al. A role-permission assignment method of RBAC involved conflicting constraints under E-CARGO[J]. International Journal of Cognitive Informatics & Natural Intelligence, 2015, 9(4):49-64.
[9] 王于丁, 杨家海, 徐聪, 等. 云计算访问控制技术研究综述[J]. 软件学报, 2015, 26(5):1129-1150. Wang Y D, Yang J H, Xu C, et al. Survey on access control technologies for cloud computing[J]. Journal of Software, 2015, 26(5):1129-1150. (in Chinese)
[10] Albrecht-Buehler C. Task-based access control in a virtualization environment:US8595824[P]. 2011-08-09
[11] Liu M, Wang X. Safeness discussions on TRBAC and GTRBAC model and an improved temporal role-based access control model[J]. International Journal of Security & Its Applications, 2015, 9(8):23-34.
[12] Hu V, Ferraiolo D, Kuhn R, et al. Guide to attribute based access control (ABAC) definition and considerations[J]. ITLB, 2013, 12(1):162-174.
[13] 黄毅, 李肯立. 一种面向云计算的任务-角色访问控制模型[J]. 计算机应用研究, 2013, 30(12):3735-3737. Huang Y, Li K L. Model of cloud computing oriented T-RBAC[J]. Application Research of Computers, 2013, 30(12):3735-3737. (in Chinese)
[14] Qi H, Luo X, Di X, et al. Access control model based on role and attribute and its implementation[C]//International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. IEEE, 2016:66-71.
[15] 蔡婷, 聂清彬, 欧阳凯, 等. 基于角色扩展的RBAC模型[J]. 计算机应用研究, 2016, 33(3):882-885. Cai T, Nie Q B, Ouyang K, et al. Role-extended-based RBAC model[J]. Application Research of Computers, 2016, 33(3):882-885. (in Chinese)
[16] 熊厚仁, 陈性元, 张斌, 等. 基于双层角色和组织的可扩展访问控制模型[J]. 电子与信息学报, 2015, 37(7):1612-1619. Xiong H R, Chen X Y, Zhang B, et al. Scalable access control model based on double-tier role and organization[J]. Journal of Electronics & Information Technology, 2015, 37(7):1612-1619. (in Chinese)
[17] 周炜. 具有时空约束的TRBAC模型在OA中的应用[J]. 网络安全技术与应用, 2014, 32(8):116-117. Zhou W. Application of TRBAC model with temporal and spatial constraints in OA[J]. Net Security Technologies and Application, 2014, 32(8):116-117. (in Chinese)
[18] 李金艳, 余忠华. 面向协作的柔性工作流访问控制机制[J]. 计算机集成制造系统, 2017, 23(6):1234-1242. Li J Y, Yu Z H. Access control mechanism of cooperation-oriented flexible workflow[J]. Computer Integrated Manufacturing Systems, 2017, 23(6):1234-1242. (in Chinese)
[19] 闫春钢, 蒋昌俊, 丁志军, 等. 工作流网系统合理性的语言特性[J]. 应用科学学报, 2011, 29(1):61-65. Yan C G, Jiang C J, Ding Z J, et al. Language properties for rationality of workflow net system[J]. Journal of Applied Sciences, 2011, 29(1):61-65. (in Chinese)
[20] Bhuyan F A, Lu S, R. Reynolds, et al. A security framework for scientific workflow provenance access control policies[J]. IEEE Transactions on Services Computing, 2019, 16(6):11-26.
[21] Ghazal R, Qadeer N, Malik A K, et al. Intelligent agent-based RBAC model to support cyber security alliance among multiple organizations in global IT systems[C]//17th International Conference on Information Technology New Generations. Springer, Cham, 2020:87-93.
[22] Siegel J. OMG overview:CORBA and the OMA in enterprise computing[J]. Communications of the ACM, 1998, 41(10):37-43.
[23] Aalst W V D, Adams M, Russell N. Modern business process automation:YAWL and its support environment[M]. Berlin:Springer, 2010.

Research on PRBAC Access Control Model in Workflow System

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 3

Recommended Articles

Metrics

Comments

[1]	MA Xue, PAN Heng, YAO Zhongyuan, SI Xueming. Dual Authorization Sharing Scheme of Searchable Electronic Medical Data Based on Consortium Blockchain [J]. Journal of Applied Sciences, 2023, 41(5): 881-895.
[2]	JIAO He-jun1,3,4, ZHANG Jing1, LI Jun-huai1, SHI Jin-fa2, LI Jian3. Cloud Workflow Model for Collaborative Design Based on Hybrid Petri Net [J]. Journal of Applied Sciences, 2014, 32(6): 645-651.
[3]	HA Jin-bing, HU Wen-bin, YAN Yang-guang. A Research on Dynamic Access Control Technology in the Distributed Manufacturing System [J]. Journal of Applied Sciences, 2004, 22(3): 365-369.