面向服务的工作流访问控制模型研究

©1994-2009ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(8):13691375,2005:2003-11-10;:2005-03-21:(60173023,60203029);(2001AA113010,2001AA414020,2001AA414330);(2002CB312005)1,2111(100080)2(100039)(xuwei@otcaix1iscas1ac1cn)AService2OrientedWorkflowAccessControlModelXuWei1,2,WeiJun1,andLiJing11(TechnologyCenterofSoftwareEngineering,InstituteofSoftware,ChineseAcademyofSciences,Beijing100080)2(GraduateSchooloftheChineseAcademyofSciences,Beijing100039)AbstractWiththeprogressofenterpriseglobalizationandthedevelopmentofcombinationanddifferentiationinenterprisebusiness,organizationsbecomemoredynamic,andbusinessprocessesarefrequentlychanging1Asaresult,workflowaccesscontrolturnsmorecomplicated1Tosolvethisproblem,inviewofdecouplingtheworkflowaccesscontrolmodelfromtheprocessmodel,aservice2orientedworkflowaccesscontrol(SOWAC)modelispresented1IntheSOWACmodel,serviceistheabstractionofataskandtheunitforapplyingaccesscontrol1Therefore,accesscontroloftasksisreplacedwithaccesscontrolonservices1TheelementsoftheSOWACmodelaredescribedandtheenforcementofSOWACisillustratedbyanexampleworkflow1ThenthedynamicseparationofdutyfortheSOWACmodelisproposedbasedontheauthorizationhistoryofservices1ByapplyingtheSOWACmodelinarealworkflowsystem,itshowsthattheSOWACmodelispracticalandeffectual1Keywordsworkflow;workflowsecurity;accesscontrol;separationofduty,,,1,,SOWAC1,1SOWAC,,SOWAC1;;;TP311151[1],1,,1©1994-2009ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(service2orientedworkflowaccesscontrol),,,12SOWAC,SOWAC;3SOWAC,;4SOWAC;,12SOWAC211SOWACSOWAC,,11,,;,,(),1Fig11SOWACmodelanditsrelationswithelementsofworkflow11SOWAC:(1):Wf,;T;WfIns,;TIns,1(2)WfT,T,T=OP,Din,Dout,Din,DoutT,OPT1(3)WfWfIns,WfInsTIns1SOWAC1(1)SOWAC:U,;R,;S,;P,;SSessions1(2),1,1(3),RH,RHARR,;,r1;r2r2r107312005,42(8)©1994-2009ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(4)UR,URAUR1(5)P1SOWAC,,TOPDin,Dout,,,1,SOWAC1(6)SR,SRASR1,(Pri,rj:R)(Ps:S)ri;rjsSR[ri]]sSR[rj]1(7)SP,SPASP11(8)TS,TSATS1,,1,T1,T2,DT1in=DT2inDT1out=DT2outOPT1OPT2,T1T21(9)Ss,s,s=PAin,PAout,SP,SR,;s1PAinPAout,,,1SPs1SR,;sSR1s,3:r1r2SRr1;sr2,r1r2,r1,1r1r2SR,SR,RHr1;r2,r1r21r1r2SR,SR,RHr1r2,r1r21(10)SIns1SIns,SIns=din,dout,ExeP,r1dindout,ExeP,r,ExeP1(11)SSessions,SSessionSIns1,,1,SSession,1SSession,1SSession,:user:SSessionUser,1service:SSessionSIns,1,,[2]1(12)Constraints,,1,SOWAC,1212SOWACSOWAC12,,5:T1,;T2,;T3,,VALUE1,,,VALUE1,;T4,;T5,1,:R1;R2;R3131P={CREATEORDER(),ACCOUNTORDER(),APPROVEORDER(),REJECTORDER(),SENDORDER()}11731:©1994-2009ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(1)S1=NULL,ORDER,{CREATEORDER},{R2,R1},{R2;R1},S1T11(2)S2=ORDER,{ACCOUNTORDER},{R3,R1},{R3;R1},S2T2T31(3)S3=ORDER,APPROVED,{APPROVEORDER},{R1},{},S3T41(4)S4=ORDER,NULL,{SENDORDER},{R2,R1},{R2;R1},S4T514SOWAC,1,41A3SIns31Fig14EnforcementofSOWACintheexampleworkflow14SOWAC3(separationofduty)[3],1(staticseparationofduty)(dynamicseparationofduty)1,[46]1,1SOWAC,27312005,42(8)©1994-2009ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(p)={pi|(p,pi)CP}12111CR,CRARR1r,CRWith(r)={ri|(r,ri)CR}13111CU,CUAUU1u,CUWith(u)={ui|(u,ui)CU}14111CS,CSASS1s,CSWith(s)={si|(s,si)CS}11SAH,SAHsid,UsedP,r,u,sid,UsedP,r,u1,111,1(ri,rj)CR(sidi,UsedPi,ri,ui)SAH(sidj,UsedPj,rj,uj)SAH]uiuj(ui,uj)|CU121,1(pi,pj)CP(sidi,UsedPi,ri,ui)SAHpiUsedPi(sidj,UsedPj,rj,uj)SAHpjUsedPj]uiuj(ui,uj)|CU131,1(si,sj)CS(sidi,UsedPi,ri,ui)SAH(sidj,UsedPj,rj,uj)SAH]uiuj(ui,uj)|CU1DeniedU,11111:CPCRCUCSSAHnrExeP;:DeniedU1:(1)1DeniedU11DeniedU1=PriCPWith(r){u|(sidx,Usedpy,ri,uz)SAH(uzCUWith(u)uz=u)}1(2)2DeniedU21DeniedU2=PpiCPWith(p)pExeP{u|(sidx,UsedPi,ry,uz)SAHpiUsedPi(uzCUWith(u)uz=u)}1(3)3DeniedU31DeniedU3=PsiCPWith(sn){u|(sidi,UsedPx,ry,uz)SAH(uzCUWith(u)uz=u)}1(4)DeniedU=DeniedU1DeniedU2DeniedU31(5)14SOWACSOWAC,ONCEPI1ONCEPI,4:1SOWAC,3:(1)SOWAC1,SOWAC3731:©1994-2009ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(SOWACserviceauthorizationrepository)1(2)SOWAC11,1,1(3)SOWAC1,1,,(ServiceID)1,:(1)(ServiceID),,,1(2)1(3),DeniedU1(4)DeniedU(RoleID)1(5)DeniedURoleID,(UserID)1(6),1(7)(),(Worklist)1(8),1(9),15,SOWAC1,1SOWAC,,1ONCEPISOWAC,1,,SOWAC,,1,,SOWAC11WorkflowManagementCoalition1Workflowsecurityconsiderations1WorkflowManagementCoalition,Tech1Rep1:WFMC2TC21019,19982PCKHung,K1Karlapalem,J1Gray1LeastprivilegesecurityinCapBasED2AMS1InternationalJournalofCooperativeInformationSystems,1999,8(223):1391683D1D1Clark,D1R1Wilson1Acomparisonofcommercialandmilitarycomputersecuritypolicies1In:Proc1the1987IEEESymposiumonSecurityandPrivacy1NewYork:IEEEComputerSocietyPress,198711841944R1S1Sandhu1Transactioncontrolexpressionsforseparationofduties1In:Proc1the4thAerospaceComputerSecurityConf1NewYork:IEEEComputerSociety