Organization and Role Semantic Based Access Control of Rusiness Process Management
-
摘要: 针对现有业务过程访问控制方法不能充分满足业务过程管理(BPM)实际需求的问题,首先分析了基于角色的访问控制(RBAC)和基于任务的访问控制(TBAC)等方法的不足;然后提出了一种基于组织结构和角色语义的访问控制(OR-SBAC)模型和方法,并采用形式化方法描述了OR-SBAC模型及其部件;最后给出了OR-SBAC的应用案例.OR-SBAC进一步划分了角色和受控主体,使用企业的组织结构进行用户与角色间的关联,在角色授权过程中通过角色适配器,基于一阶谓词逻辑进行角色语义推理,并考虑了时间和空间上下文等问题.OR-SBAC方法的描述能力强,权限分配效率高,能够满足业务过程管理中访问控制的复杂性、多样性和灵活性等方面的需求.
-
关键词:
- 业务过程管理(BPM) /
- 访问控制 /
- 组织结构 /
- 角色 /
- 语义
Abstract: Current access control methods of business process can not meet the practical requirements of business process management(BPM).In order to solve this problem,disadvantages of the access control methods including role-based access control(RBAC) and task-based access control(TBAC) are analyzed.Then,an organization and role semantic based access control(OR-SBAC) model and method are proposed,its model along with the formal description of its components is presented,and an application example is given.The OR-SBAC method provides further classification of the roles and the controlled subjects,utilizes organizational structure to describe the relationship between user and role,fulfills authorization through role adapter by illation based on role semantics,and considers contexts of time and space.The strong description ability and high authorization efficiency of the OR-SBAC method meets the requirements of complexity,variety and flexibility in BPM.-
Keywords:
- business process management(BPM) /
- access control /
- organizational structure /
- role /
- semantics
-
-
[1] 谭伟,范玉顺.业务过程管理框架与关键技术研究[J].计算机集成制造系统,2004,10(7):737~743. [2] 赵亮,茅兵,谢立.访问控制研究综述[J].计算机工程,2004,30(2):1~2,189. [3] 裘炅,谭建荣,张树有,等.应用角色访问控制的工作流动态授权模型[J].计算机辅助设计与图形学学报,2004,16(7):992~998. [4] 邢光林,洪帆.基于角色和任务的工作流授权模型及约束描述[J].计算机研究与发展,2005,42(11):1946~1953. [5] 杨书新,王坚.工作流系统流程监控权限控制研究[J].计算机集成制造系统,2007,13(11):2224~2228. [6] Bertino E.RBAC models-Concepts and trends[J].Computers & Security,2003,22(6):511~514. [7] Li Q,Zhang X W,Xu M W,et al.Towards group-based RBAC model for secure coilaborations[J/OL],http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V8G-4V75YM9-1&_user=-6028809&_ coverDate= 12%2F25%2F2008&_alid=846348517&_rdoc=1&_fmt=high&..orig=search&_cdi=5870&_sort=d& _docanchor=&view=c&_ct=4&_aect=C000069154&_version=1&_urlVersion=0& _userid=6028809&md5=7a26f1fe 0157eae96a6a0ff0ebae830d,2008-12-25/2008-12-27. [8] Oh S,Park S.Task-role-based access control model[J].Information Systems,2003,28(6):533~562. [9] 杨喜敏,谢长生.基于受控实体的访问控制技术[J].华中科技大学学报(自然科学版),2007,35(8):56~59. [10] 邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1):76~82. [11] Yuan E,Tong J.Attributed based access control (ABAC) for web services[A].Proceedings of the IEEE International Conference on Web Services[C].Los Alamitos,CA,USA:IEEE Computer Society,2005.561~569. [12] Obiedkov S,Kourie D G,Eloff J H P.Building access control models with attribute exploration[J].Computers & Security,2009,8(1-2):2~7. [13] Bhatti R,Gao D F,Li W S.Enabling policy-based access control in BI applications[J].Data & Knowledge Engineering,2008,66(2):199~222. [14] 徐震,冯登国.一种使用组织结构的访问控制方法[J].计算机工程,2006,32(13):20~22. [15] 张宏,贺也平,石志国.一个支持空间上下文的访问控制形式模型[J].中国科学E辑:信息科学,2007,37(2):254~271.
计量
- 文章访问数: 1741
- HTML全文浏览量: 0
- PDF下载量: 235
下载:
