基于角色的迁移工作流访问控制模型研究
|
摘要
依照国际工作流联盟(Workflow Management Collation, WfMC)的定义,工作流是业务过程的全部或部分自动化,在此过程中,文档、信息或者任务按照-系列过程规则在参与者(用户和计算机程序)之间流转,以期通过组织成员间的协调实现业务过程的整体目标。工作流技术已被广泛应用于那些需要流程化管理的业务领域,例如协同产品制造、协同产品商务、协同办公等。
迁移工作流是将移动agent计算模式应用于工作流管理的一项新技术。按照曾广周教授提出的迁移工作流模型,迁移实例、工作位置和迁移工作流管理引擎构成迁移工作流管理系统的三要素,其中,迁移实例是任务执行主体,它接受业务过程管理者的委托,在工作位置之间移动,并按照自身携带的工作流说明,就地利用服务和资源执行一项或多项任务,多个迁移实例可以协作地完成一个业务过程;工作位置是工作流联盟成员(组织、机构或个人)的服务代理,它为授权的迁移实例提供运行时服务和工作流服务;与传统的集中式工作流服务引擎不同,迁移工作流管理引擎仅用于定义业务过程,创建、派遣和监控迁移实例,以支持移动计算中的非中心化特征。
如同其他的工作流管理系统安全研究一样,因为迁移实例是工作位置的用户,所以,建立工作位置上的迁移实例访问控制模型,是构建迁移工作流管理系统所要解决的一个关键问题。在基于WfMC规范的工作流管理系统中,因为业务流程、计算资源及其参与者都是已知的,所以,工作流设计者可以事先制定全局性的访问控制策略和访问控制机制,然后交由工作流服务引擎管理和执行。而迁移工作流是一种非中心化、松耦合的业务过程管理系统,迁移实例和工作位置都是独立的自治实体,因此,工作位置必须依据本地服务规则和安全策略自行建立访问控制模型,包括迁移实例身份认证和迁移实例鉴权两个阶段。本课题的先期研究已把Passport/Visa (P/V)模式引入到迁移实例的访问控制中,基本思想是创建者为迁移实例签发身份证书(Passport),工作位置为迁移实例签发入境签证(Visa), Visa内容包括登陆许可、访问授权和有效期等。
本文在国家自然科学基金项目的资助下,以曾广周教授提出的迁移工作流模型为基础,针对P/V模式应用,重点研究了基于迁移实例信度、能力、任务和工作位置联盟的RBAC(基于角色的访问控制)模型扩展问题。RBAC模型是目前广泛采用的一种访问控制模型,其基本思想是根据访问主体扮演的角色,给予访问主体可控的授权。本文的主要工作包括:
1.基于迁移实例信度约束的RBAC模型研究。
现有的RBAC模型研究,大多集中在基于资源类型和访问时序的授权约束上,极少考虑主体行为对于角色指派的影响。本文把信度概念引入到迁移实例的访问控制中,研究了一类基于迁移实例信度约束的B-RBAC模型,其中,信度用于度量迁移实例访问行为的可信性,例如是否存在越权访问或其他恶意等。信度值低于阈值的迁移实例将进入黑名单,对于黑名单中的迁移实例,B-RBAC模型将引导工作位置拒签Visa。对于信度值偏低的迁移实例,B-RBAC模型将触发工作位置上的强监控机制。本文第2章讨论基于迁移实例信度约束的B-RBAC模型,定义迁移实例信度及基于信度约束的授权规则,并给出基于信度约束的迁移实例访问控制算法。
2.基于迁移实例能力约束的RBAC模型研究。
为了提高工作流效率,在大多数情况下,业务过程需要多个迁移实例协同执行。因为每个迁移实例都依照自己分担的任务和路径规划,处在不断的移动中,所以,多个迁移实例登陆同一个工作位置并引起资源访问冲突是难免的。本文研究了一类基于迁移实例能力约束的A-RBAC模型。当有多个迁移实例申请登陆同一工作位置并可能引发访问冲突时,A-RBAC模型将根据各迁移实例的能力,给予不同优先级别的角色指派,并根据优先级驱动迁移实例排队。本文第3章讨论A_RBAC模型,定义迁移实例的能力及基于能力约束的授权规则,并给出基于能力约束的迁移实例访问控制算法。
3.基于迁移实例任务约束的RBAC模型研究。
在迁移工作流模型中,业务过程定义者和工作流服务提供者都是独立的社会实体。因此,对于一个非中心化的迁移工作流管理系统来说,迁移实例请求的授权粒度(任务粒度)和工作位置上提供的授权粒度(服务粒度)很难保持一致。本文研究了一类基于迁移实例任务约束的T-RBAC模型。对于迁移实例的大粒度任务请求,T-RBAC模型可以驱动工作位置上的任务分解机制,并根据子任务需求进行细粒度的角色指派和组合授权。在细粒度角色指派过程中,如果发现迁移实例位于某个角色的黑名单中,工作位置将拒签Visa。当多个迁移实例可能引发访问冲突时,T-RBAC模型将先评估迁移实例的综合能力,再为其分配服务优先级。本文第4章讨论T-RBAC模型,定义角色能力及基于能力约束的授权规则,并给出任务分解和基于组合授权的迁移实例访问控制算法。
4.基于工作位置联盟的RBAC模型研究。
在开放的迁移工作流运行环境中,对于业务过程中的同一个任务,往往会存在多个可以提供服务的工作位置,例如银行支付、旅游预订、商店购物等。如果这些工作位置之间互信,则可以通过冗余服务机制提高迁移实例工作的可靠性。本文研究了一类基于工作位置联盟的C-RBAC模型,假定所有盟员互信,因而可以角色指派共享。当迁移实例因原定的目的位置不可达或本地服务故障而被迫转移到一个新盟员位置时,C-RBAC模型将根据迁移实例Visa中的角色指派状态判断它是否在本联盟中获得过相同服务。若是,则新盟员可以直接为其提供服务,否则再根据本地规则进行访问授权。本文第5章讨论C-RBAC模型,定义工作位置联盟及其授权规则,并给出基于角色指派共享的迁移实例访问控制算法。
本文的创新点主要体现在:
1、针对迁移实例的行为监控问题,建立了一种基于迁移实例信度约束的B-RBAC模型。
较之RBAC96模型及其相关的研究,B-RBAC模型扩展了迁移实例信度在角色指派中的约束功能,该约束有利于防止对不良迁移实例的角色指派,提高安全控制水平。
2、针对多迁移实例在同一工作位置上可能引发的访问冲突问题,建立了一种基于迁移实例能力约束的A-RBAC模型。
较之RBAC96模型及其相关的研究,A-RBAC模型扩展了迁移实例能力在角色指派中的约束功能,该约束通过访问优先级分配,可以消解多迁移实例之间的访问冲突。
3、针对迁移工作流运行环境中客观存在的服务冗余问题,建立了一种基于互信位置联盟的C-RBAC模型。
较之RBAC96模型及其相关的研究,C-RBAC模型扩展了冗余服务和授权共享在角色指派中的约束作用,授权共享可以简化联盟内部的角色指派过程,冗余服务利用有利于提高迁移实例的工作可靠性。
鉴于迁移工作流是一个发展中的研究领域,无论访问控制理论研究还是应用研究都还不够成熟,本文进一步的工作主要包括:
1、迁移实例群签名及其认证方法。访问控制包括身份认证和授权鉴别两个阶段,本文除假定创建者为迁移实例Passport签名外,没有详细讨论Passport认证问题。对于一个相对稳定的业务协作联盟来说,盟员群签名更有利于提高迁移实例身份认证的安全水平。因此,本课题将进一步研究迁移实例群签名及其认证方法。
2、小粒度任务约束研究。T-RBAC模型的前提是假设迁移实例请求的任务粒度大于工作位置上的最小许可权服务粒度,因而以任务分解和授权组合为基础。在实际应用中,也可能出现迁移实例请求的任务粒度比工作位置上的任何一个服务粒度都要小的情况。因此,扩展T-RBAC模型以适应小粒度任务约束,是本课题进一步的工作。
3、迁移实例群授权及其鉴权方法。本文建立的C-RBAC模型,假定提供冗余服务的工作位置之间互信,服务联盟中的任何一个工作位置授权,都会通过Visa标识被其他盟员位置继承,但没有考虑互信强度差别及其对授权继承的影响。因为位置互信强度会影响访问控制的安全水平,所以,本课题将进一步研究迁移实例群授权及其鉴权方法。
According to Workflow Management Collation guidance, workflow is the automation of business process in whole or in part, documents, information or task transform among the participants (user and computer program) according to a serial of rules, in order to achieve the overall objectives of business process through the co-ordination among members of the organization. Workflow technology has been widely applied into those business process management areas, such as collaborative manufacturing, collaborative product commerce, cooperative office etc.
Migrating workflow is a new technique which applies the mobile agent calculation model into the workflow management. According to the migrating workflow model advanced by Professor Zeng Guangzhou, the migrating workflow management system includes three elements, they are migrating instance, workplace and migrating workflow management engine. Wherein, migrating instance is the subject to performance tasks, accepts the commission from the business process manager, migrates within various workplace and makes use of services and resources to execute one or more tasks, and several migrating instances can cooperate to complete a business process. Workplace is the service provider of migrating workflow members (organization, institution and individual), providing runtime services and workflow services for the authorized migrating instance. Migrating workflow management engine is only used to define the process, creation, sending and monitoring of migrating instance in order to support the non-central features in mobile computing.
Like other workflow management systems, migrating instance access control built on workplace is a key problem to construct the migrating workflow model, because migrating instances is users of workplace. In the workflow management system based on the WfMC's standard the business process, source and the participants are known, so the workflow designer establishes the overall access control strategy beforehand, then the workflow management engine manage and execute them. Migration workflow is a decentralized, loosely coupled business process management system. Migrating instance and workplace are independent and autonomous entities. Therefore workplace must establish their own access control models according to local service rules and local security policy, including migrating instance identity authentication and migration instance authentication. The preliminary research applied the passport/Visa (P/V) model to the access control of migrating instance, which principal concept was that the creator issued the identity passport for migrating instance; the workplace issued the visa for the migration instance, including landing permission, access authorization and period of validity.
Under the fund support of national nature science funding and the foundation of migrating workflow model framework, we focused on the migrating instance believability, ability, task and workplace service coalition RBAC (role-based access control) model expansion. RBAC is widely used in the access control model, which principal concept is to give the access subjects the controllable authorization according to the role of access subject. The paper mainly includes:
1. RBAC model research based on the migrating instance trust constraint
The previous RBAC model researches mainly focused on the authorization constraints on the basis of the resource type and access queue, rarely considered the influence of role authorization carried out by the behavior of entity. In this paper, we introduced the trust into the access control of the immigrating instance and proposed B-RBAC model on the basis of migrating instance trust, in which MIB was used to measure the believability of migrating instance source access, such as the presence of unauthorized access or other malicious etc. The migrating instance's MIB below the threshold would enter into the black list and the B-RBAC model would guide the workplace refuse to issue Visa. B-RBAC model would trigger the strong monitoring mechanism of the workplace for the migrating instance of low MIB value. The chapter2mainly discussed the B-RBAC model on the basis of migrating instance trust constraint, definition of migrating instance trust, authorization rule, and the migrating instance access control algorithm based on the trust constraint was given.
2. RBAC model research based on the migrating instance ability constraint
Mostly the business process needs migrating instance collaborative execution to improve the workflow efficiency. Each migrating instance moves continually according to its own task and guidance, so it is inevitable to cause resource access conflict when multiple migrating instances land on the same workplace. The paper focused on the A-RBAC model on the basis of the migrating instance ability constraint. When multiple instances landed on the same workplace to cause the resource access conflict, A-RBAC model gave different priority level authorization according to the character abilities of migrating instance, and then built the queuing mechanism. The chapter3mainly discussed the A-RBAC model, definition of migrating instance role ability (RA), and RA-based authorization rule and the migrating instance access control algorithm based on the ability constraint was given.
3. RBAC model research based on the migrating instance task constraint
Business process designer and workflow service provider are the independent social entities in the migrating workflow model. Thus, for an un-central migrating flow management system, it is difficult to maintain a consistent between the authorization granularity (task granularity) requested by migrating instance and the authorization granularity (task granularity) provided by workplace. The paper focused on T-RBAC model based on the migrating instance task constraint. For migrating instance coarse-grained tasks request, T-RBAC model built the task-disassembling mechanism in the workplace, then assigned and licensed the role of fine-grained according to the sub-task demand. In the fine-grained roles assignment process, the workplace would refuse Visa if the migrating instance was found in the black list of one role. When the access conflict existed among the migrating instance, T-RBAC model would firstly assess the each subtask comprehensive abilities of migrating instance, and then determine the overall priority. The chapter4discussed the T-RBAC model, and the definition of role ability, role ability-based authorization rule. The task-disassembling and migrating instance access control algorithm on the basis of panel authorization were given.
4. RBAC model research based on the workplace coalition
In the opening of migrating workflow environment, there is one more than workplaces provide the same service for the same task, such as bank payment, tour booking and store shopping. If these workplaces trust each other, the reliability of migrating instance will improve through the redundant service mechanism. The paper focused on the C-RBAC model based on the workplace coalition under the hypotheses that the coalition member built the mutual trust mechanism and then shared the common assigned role. When migrating instance was forced to move other coalition member workplace because of unreachable destination or service failure, RBAC model would judge whether the migrating instance obtain the same service before from coalition member according to the role assignment system of the Visa authorization. If yes, the new coalition member provided service directly, or the migrating instance would obtain the access authorization according to the local rules. The chapter5discussed the C-RBAC model, the definition of the workplace service coalition and its authorization rule, and the migrating instance access control algorithm based on the sharing of role assignment was given.
Innovation:
1. Built B-RBAC model based on migrating instance trust constraint in the light of behavior monitoring problem of migrating instance.
B-RBAC model extends the constraint function of role assignment in migrating instance trust compared with RBAC96model and its relative research, which can effectively prevent the role assignment of migrating instance and improve the safety control level of.
2. Built A-RBAC model based on migrating instance ability constraint in the light of the access conflict problem in the same workplace among many migrating instance.
A-RBAC model extends the constraint function of role assignment in migrating instance ability compared with RBAC96model and its relative research, which can dispel the access conflicts through access priority.
3. Built the C-RBAC model based on the mutual-trust workplace service coalition in the light of the redundant service problem existed in the workflow environment
Compared with RBAC96model and its relative research, C-RBAC model extends the constraint function of redundant service and authorization sharing in role assignment. Authorization for sharing can simplify the role assignment process and redundant service can improve migrating workflow reliability.
The migrating workflow is a developing research area; they are still not mature enough regardless of the access control theory and applied research. So this paper further work mainly includes:
1. Migrating instance group signature and authentication method. Access control includes identity authentication and authorization differentiate. This paper didn't discuss the passport certification issues in detail with the exception of the hypothesis that the founder signature the passport for migrating instance. But for a relatively stable business cooperation coalition, member of group signature is more conductive to improve the security level. Thus, this program will further learn the migrating instance group signature and authentication methods.
2. Fine-grained Task constraint research. The premise of the T-RBAC model is the assumption that the task granularity requested by migrating instance is greater than the minimum permission service granularity in the workplace, so T-RBAC model was built on the basis of task-disassembling and panel authorization. In the practical applications, there may also occur that the task granularity requested by migrating instance is smaller than any service granularity in the workplace. Therefore, extending the T-RBAC model to fit the fine-grain task granularity constraint is the further work of this paper.
3. Migrating instance group authorization and authentication method. This paper built C-RBAC model, provided that the workplace built the mutual trust in providing redundant services, even if one workplace in the service coalition authorized, will be inherited by other coalition member through the Visa logo, but don't consider the intensity difference and the influence of authorization inheritance. Therefore, this program will further learn the migrating instance group authorization and authentication method because the intensity of location trust will influence the security level of access control.
迁移工作流是将移动agent计算模式应用于工作流管理的一项新技术。按照曾广周教授提出的迁移工作流模型,迁移实例、工作位置和迁移工作流管理引擎构成迁移工作流管理系统的三要素,其中,迁移实例是任务执行主体,它接受业务过程管理者的委托,在工作位置之间移动,并按照自身携带的工作流说明,就地利用服务和资源执行一项或多项任务,多个迁移实例可以协作地完成一个业务过程;工作位置是工作流联盟成员(组织、机构或个人)的服务代理,它为授权的迁移实例提供运行时服务和工作流服务;与传统的集中式工作流服务引擎不同,迁移工作流管理引擎仅用于定义业务过程,创建、派遣和监控迁移实例,以支持移动计算中的非中心化特征。
如同其他的工作流管理系统安全研究一样,因为迁移实例是工作位置的用户,所以,建立工作位置上的迁移实例访问控制模型,是构建迁移工作流管理系统所要解决的一个关键问题。在基于WfMC规范的工作流管理系统中,因为业务流程、计算资源及其参与者都是已知的,所以,工作流设计者可以事先制定全局性的访问控制策略和访问控制机制,然后交由工作流服务引擎管理和执行。而迁移工作流是一种非中心化、松耦合的业务过程管理系统,迁移实例和工作位置都是独立的自治实体,因此,工作位置必须依据本地服务规则和安全策略自行建立访问控制模型,包括迁移实例身份认证和迁移实例鉴权两个阶段。本课题的先期研究已把Passport/Visa (P/V)模式引入到迁移实例的访问控制中,基本思想是创建者为迁移实例签发身份证书(Passport),工作位置为迁移实例签发入境签证(Visa), Visa内容包括登陆许可、访问授权和有效期等。
本文在国家自然科学基金项目的资助下,以曾广周教授提出的迁移工作流模型为基础,针对P/V模式应用,重点研究了基于迁移实例信度、能力、任务和工作位置联盟的RBAC(基于角色的访问控制)模型扩展问题。RBAC模型是目前广泛采用的一种访问控制模型,其基本思想是根据访问主体扮演的角色,给予访问主体可控的授权。本文的主要工作包括:
1.基于迁移实例信度约束的RBAC模型研究。
现有的RBAC模型研究,大多集中在基于资源类型和访问时序的授权约束上,极少考虑主体行为对于角色指派的影响。本文把信度概念引入到迁移实例的访问控制中,研究了一类基于迁移实例信度约束的B-RBAC模型,其中,信度用于度量迁移实例访问行为的可信性,例如是否存在越权访问或其他恶意等。信度值低于阈值的迁移实例将进入黑名单,对于黑名单中的迁移实例,B-RBAC模型将引导工作位置拒签Visa。对于信度值偏低的迁移实例,B-RBAC模型将触发工作位置上的强监控机制。本文第2章讨论基于迁移实例信度约束的B-RBAC模型,定义迁移实例信度及基于信度约束的授权规则,并给出基于信度约束的迁移实例访问控制算法。
2.基于迁移实例能力约束的RBAC模型研究。
为了提高工作流效率,在大多数情况下,业务过程需要多个迁移实例协同执行。因为每个迁移实例都依照自己分担的任务和路径规划,处在不断的移动中,所以,多个迁移实例登陆同一个工作位置并引起资源访问冲突是难免的。本文研究了一类基于迁移实例能力约束的A-RBAC模型。当有多个迁移实例申请登陆同一工作位置并可能引发访问冲突时,A-RBAC模型将根据各迁移实例的能力,给予不同优先级别的角色指派,并根据优先级驱动迁移实例排队。本文第3章讨论A_RBAC模型,定义迁移实例的能力及基于能力约束的授权规则,并给出基于能力约束的迁移实例访问控制算法。
3.基于迁移实例任务约束的RBAC模型研究。
在迁移工作流模型中,业务过程定义者和工作流服务提供者都是独立的社会实体。因此,对于一个非中心化的迁移工作流管理系统来说,迁移实例请求的授权粒度(任务粒度)和工作位置上提供的授权粒度(服务粒度)很难保持一致。本文研究了一类基于迁移实例任务约束的T-RBAC模型。对于迁移实例的大粒度任务请求,T-RBAC模型可以驱动工作位置上的任务分解机制,并根据子任务需求进行细粒度的角色指派和组合授权。在细粒度角色指派过程中,如果发现迁移实例位于某个角色的黑名单中,工作位置将拒签Visa。当多个迁移实例可能引发访问冲突时,T-RBAC模型将先评估迁移实例的综合能力,再为其分配服务优先级。本文第4章讨论T-RBAC模型,定义角色能力及基于能力约束的授权规则,并给出任务分解和基于组合授权的迁移实例访问控制算法。
4.基于工作位置联盟的RBAC模型研究。
在开放的迁移工作流运行环境中,对于业务过程中的同一个任务,往往会存在多个可以提供服务的工作位置,例如银行支付、旅游预订、商店购物等。如果这些工作位置之间互信,则可以通过冗余服务机制提高迁移实例工作的可靠性。本文研究了一类基于工作位置联盟的C-RBAC模型,假定所有盟员互信,因而可以角色指派共享。当迁移实例因原定的目的位置不可达或本地服务故障而被迫转移到一个新盟员位置时,C-RBAC模型将根据迁移实例Visa中的角色指派状态判断它是否在本联盟中获得过相同服务。若是,则新盟员可以直接为其提供服务,否则再根据本地规则进行访问授权。本文第5章讨论C-RBAC模型,定义工作位置联盟及其授权规则,并给出基于角色指派共享的迁移实例访问控制算法。
本文的创新点主要体现在:
1、针对迁移实例的行为监控问题,建立了一种基于迁移实例信度约束的B-RBAC模型。
较之RBAC96模型及其相关的研究,B-RBAC模型扩展了迁移实例信度在角色指派中的约束功能,该约束有利于防止对不良迁移实例的角色指派,提高安全控制水平。
2、针对多迁移实例在同一工作位置上可能引发的访问冲突问题,建立了一种基于迁移实例能力约束的A-RBAC模型。
较之RBAC96模型及其相关的研究,A-RBAC模型扩展了迁移实例能力在角色指派中的约束功能,该约束通过访问优先级分配,可以消解多迁移实例之间的访问冲突。
3、针对迁移工作流运行环境中客观存在的服务冗余问题,建立了一种基于互信位置联盟的C-RBAC模型。
较之RBAC96模型及其相关的研究,C-RBAC模型扩展了冗余服务和授权共享在角色指派中的约束作用,授权共享可以简化联盟内部的角色指派过程,冗余服务利用有利于提高迁移实例的工作可靠性。
鉴于迁移工作流是一个发展中的研究领域,无论访问控制理论研究还是应用研究都还不够成熟,本文进一步的工作主要包括:
1、迁移实例群签名及其认证方法。访问控制包括身份认证和授权鉴别两个阶段,本文除假定创建者为迁移实例Passport签名外,没有详细讨论Passport认证问题。对于一个相对稳定的业务协作联盟来说,盟员群签名更有利于提高迁移实例身份认证的安全水平。因此,本课题将进一步研究迁移实例群签名及其认证方法。
2、小粒度任务约束研究。T-RBAC模型的前提是假设迁移实例请求的任务粒度大于工作位置上的最小许可权服务粒度,因而以任务分解和授权组合为基础。在实际应用中,也可能出现迁移实例请求的任务粒度比工作位置上的任何一个服务粒度都要小的情况。因此,扩展T-RBAC模型以适应小粒度任务约束,是本课题进一步的工作。
3、迁移实例群授权及其鉴权方法。本文建立的C-RBAC模型,假定提供冗余服务的工作位置之间互信,服务联盟中的任何一个工作位置授权,都会通过Visa标识被其他盟员位置继承,但没有考虑互信强度差别及其对授权继承的影响。因为位置互信强度会影响访问控制的安全水平,所以,本课题将进一步研究迁移实例群授权及其鉴权方法。
According to Workflow Management Collation guidance, workflow is the automation of business process in whole or in part, documents, information or task transform among the participants (user and computer program) according to a serial of rules, in order to achieve the overall objectives of business process through the co-ordination among members of the organization. Workflow technology has been widely applied into those business process management areas, such as collaborative manufacturing, collaborative product commerce, cooperative office etc.
Migrating workflow is a new technique which applies the mobile agent calculation model into the workflow management. According to the migrating workflow model advanced by Professor Zeng Guangzhou, the migrating workflow management system includes three elements, they are migrating instance, workplace and migrating workflow management engine. Wherein, migrating instance is the subject to performance tasks, accepts the commission from the business process manager, migrates within various workplace and makes use of services and resources to execute one or more tasks, and several migrating instances can cooperate to complete a business process. Workplace is the service provider of migrating workflow members (organization, institution and individual), providing runtime services and workflow services for the authorized migrating instance. Migrating workflow management engine is only used to define the process, creation, sending and monitoring of migrating instance in order to support the non-central features in mobile computing.
Like other workflow management systems, migrating instance access control built on workplace is a key problem to construct the migrating workflow model, because migrating instances is users of workplace. In the workflow management system based on the WfMC's standard the business process, source and the participants are known, so the workflow designer establishes the overall access control strategy beforehand, then the workflow management engine manage and execute them. Migration workflow is a decentralized, loosely coupled business process management system. Migrating instance and workplace are independent and autonomous entities. Therefore workplace must establish their own access control models according to local service rules and local security policy, including migrating instance identity authentication and migration instance authentication. The preliminary research applied the passport/Visa (P/V) model to the access control of migrating instance, which principal concept was that the creator issued the identity passport for migrating instance; the workplace issued the visa for the migration instance, including landing permission, access authorization and period of validity.
Under the fund support of national nature science funding and the foundation of migrating workflow model framework, we focused on the migrating instance believability, ability, task and workplace service coalition RBAC (role-based access control) model expansion. RBAC is widely used in the access control model, which principal concept is to give the access subjects the controllable authorization according to the role of access subject. The paper mainly includes:
1. RBAC model research based on the migrating instance trust constraint
The previous RBAC model researches mainly focused on the authorization constraints on the basis of the resource type and access queue, rarely considered the influence of role authorization carried out by the behavior of entity. In this paper, we introduced the trust into the access control of the immigrating instance and proposed B-RBAC model on the basis of migrating instance trust, in which MIB was used to measure the believability of migrating instance source access, such as the presence of unauthorized access or other malicious etc. The migrating instance's MIB below the threshold would enter into the black list and the B-RBAC model would guide the workplace refuse to issue Visa. B-RBAC model would trigger the strong monitoring mechanism of the workplace for the migrating instance of low MIB value. The chapter2mainly discussed the B-RBAC model on the basis of migrating instance trust constraint, definition of migrating instance trust, authorization rule, and the migrating instance access control algorithm based on the trust constraint was given.
2. RBAC model research based on the migrating instance ability constraint
Mostly the business process needs migrating instance collaborative execution to improve the workflow efficiency. Each migrating instance moves continually according to its own task and guidance, so it is inevitable to cause resource access conflict when multiple migrating instances land on the same workplace. The paper focused on the A-RBAC model on the basis of the migrating instance ability constraint. When multiple instances landed on the same workplace to cause the resource access conflict, A-RBAC model gave different priority level authorization according to the character abilities of migrating instance, and then built the queuing mechanism. The chapter3mainly discussed the A-RBAC model, definition of migrating instance role ability (RA), and RA-based authorization rule and the migrating instance access control algorithm based on the ability constraint was given.
3. RBAC model research based on the migrating instance task constraint
Business process designer and workflow service provider are the independent social entities in the migrating workflow model. Thus, for an un-central migrating flow management system, it is difficult to maintain a consistent between the authorization granularity (task granularity) requested by migrating instance and the authorization granularity (task granularity) provided by workplace. The paper focused on T-RBAC model based on the migrating instance task constraint. For migrating instance coarse-grained tasks request, T-RBAC model built the task-disassembling mechanism in the workplace, then assigned and licensed the role of fine-grained according to the sub-task demand. In the fine-grained roles assignment process, the workplace would refuse Visa if the migrating instance was found in the black list of one role. When the access conflict existed among the migrating instance, T-RBAC model would firstly assess the each subtask comprehensive abilities of migrating instance, and then determine the overall priority. The chapter4discussed the T-RBAC model, and the definition of role ability, role ability-based authorization rule. The task-disassembling and migrating instance access control algorithm on the basis of panel authorization were given.
4. RBAC model research based on the workplace coalition
In the opening of migrating workflow environment, there is one more than workplaces provide the same service for the same task, such as bank payment, tour booking and store shopping. If these workplaces trust each other, the reliability of migrating instance will improve through the redundant service mechanism. The paper focused on the C-RBAC model based on the workplace coalition under the hypotheses that the coalition member built the mutual trust mechanism and then shared the common assigned role. When migrating instance was forced to move other coalition member workplace because of unreachable destination or service failure, RBAC model would judge whether the migrating instance obtain the same service before from coalition member according to the role assignment system of the Visa authorization. If yes, the new coalition member provided service directly, or the migrating instance would obtain the access authorization according to the local rules. The chapter5discussed the C-RBAC model, the definition of the workplace service coalition and its authorization rule, and the migrating instance access control algorithm based on the sharing of role assignment was given.
Innovation:
1. Built B-RBAC model based on migrating instance trust constraint in the light of behavior monitoring problem of migrating instance.
B-RBAC model extends the constraint function of role assignment in migrating instance trust compared with RBAC96model and its relative research, which can effectively prevent the role assignment of migrating instance and improve the safety control level of.
2. Built A-RBAC model based on migrating instance ability constraint in the light of the access conflict problem in the same workplace among many migrating instance.
A-RBAC model extends the constraint function of role assignment in migrating instance ability compared with RBAC96model and its relative research, which can dispel the access conflicts through access priority.
3. Built the C-RBAC model based on the mutual-trust workplace service coalition in the light of the redundant service problem existed in the workflow environment
Compared with RBAC96model and its relative research, C-RBAC model extends the constraint function of redundant service and authorization sharing in role assignment. Authorization for sharing can simplify the role assignment process and redundant service can improve migrating workflow reliability.
The migrating workflow is a developing research area; they are still not mature enough regardless of the access control theory and applied research. So this paper further work mainly includes:
1. Migrating instance group signature and authentication method. Access control includes identity authentication and authorization differentiate. This paper didn't discuss the passport certification issues in detail with the exception of the hypothesis that the founder signature the passport for migrating instance. But for a relatively stable business cooperation coalition, member of group signature is more conductive to improve the security level. Thus, this program will further learn the migrating instance group signature and authentication methods.
2. Fine-grained Task constraint research. The premise of the T-RBAC model is the assumption that the task granularity requested by migrating instance is greater than the minimum permission service granularity in the workplace, so T-RBAC model was built on the basis of task-disassembling and panel authorization. In the practical applications, there may also occur that the task granularity requested by migrating instance is smaller than any service granularity in the workplace. Therefore, extending the T-RBAC model to fit the fine-grain task granularity constraint is the further work of this paper.
3. Migrating instance group authorization and authentication method. This paper built C-RBAC model, provided that the workplace built the mutual trust in providing redundant services, even if one workplace in the service coalition authorized, will be inherited by other coalition member through the Visa logo, but don't consider the intensity difference and the influence of authorization inheritance. Therefore, this program will further learn the migrating instance group authorization and authentication method because the intensity of location trust will influence the security level of access control.
引文
[1]Workflow Management Coalition. Workflow Management Coalition Terminology and Glossary WFMC-TC-1011 Issue 3.0.1999
[2]史美林,杨光信,向勇,伍尚广WfMS:工作流管理系统.计算机学报[J].1999,22(3):325-334
[3]罗海滨,范玉顺,吴澄.工作流技术综述.软件学报.2000,11(7):899-907
[4]范玉顺.工作流管理技术基础.北京:清华大学出版社;海德堡:施普林格出版社,2001.
[5]范玉顺,吴澄.工作流管理技术研究与产品现状及发展趋势.计算机集成制造系统,2000,6(1):1-7
[6]Reinhardt A Botha, Jan H P Eloff. Separation of duties for access control enforcement in workflow environments [J]. IBM Systems Journal.2001,40(3), pp: 666-682
[7]Hollingworth D. Workflow Security Considerations-White Paper. The Workflow Management Coalition Specification,1998
[8]B.W. Lampson. Protection. In 5th Princeton symposium on Information Science and Systems,1971, pp:437-443
[9]G. S. Graham, P. J. Denning. Protection:Principles and Practice. In AFIPS Spring Joint Computer Conference,1972, pp:417-429
[10]D. E. Bell, L. J. LaPadula. Secure Computer Systems:Mathematical Foundations. MITRE Technical Report 2547,1973
[11]D. E. Denning. A Lattice Model of Secure Information Flow. Communication of the ACM,1976, pp:236-243
[12]郭玮,茅兵,谢立.强制访问控制MAC的设计与实现.计算机应用与软件,2004,21(3):1-2,13
[13]李斓,何永忠,冯登国.面向XML文档的细粒度强制访问控制模型.计算机学报,2000,15(10):1528-1537
[14]Thomas RK, Sandhu RS. Task-Based authentication controls (TABC):a family of models for active and enterprise-oriented authentication management. Proceedings of the 11th IFIP WG11.3 Workshop on Database Security.1997,pp:165-172
[15]邓集波,洪帆.基于任务的访问控制模型.软件学报.2003,14(1):76-82
[16]Sandhu RS, et al. Role-based Access Control Models. IEEE Computer [J],1996,29 (2), pp:38-47.
[17]Mei-Yu Wu, Chih-Kun Ke, Jung-Shin Liu. Active Role-based Access Control Model with Event-Condition-Action Rule and Case-Based Reasoning. JCIT,2011, Vol.6, No.4,pp:328-339.
[18]Wenan TAN, Yicheng XU, Ting ZHANG, Xiang WEN, Linshan Cui, Chuanqun JIANG Dynamic Role-based Access Control for Web Services using Context and Trust. JDCTA,2011, Vol.5, No.7, pp:121-127.
[19]J.M. Kabasele Tenday, J. J. Quisquater, M. Lobelle. Deriving a Role-Based Access Control model from the OBBAC model. Enabling Technologies:Infrastructure for Collaborative Enterprises,1999. (WET ICE'99) Proceedings. pp:147-151.
[20]沈海波,洪帆.访问控制模型综述.计算机应用研究,2005,22(6):9-11
[21]J Wainer, P Barthelmess, A Kumar. W-RBAC-a workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems,2003, Vol.12, No.4, pp:455-485
[22]裘炅,谭建荣,张树有,马晨华.应用角色访问控制的工作流动态授权模型[J].计算机辅助设计与图形学学报,2004,7(16):992-998.
[23]马亮,顾明.基于角色的工作流系统访问控制模型.小型微型计算机系统.2006,27(1):136-139
[24]David F. Ferraiolo, D. Richard Kuhn. Role-Based Access Controls.15th National Computer Security Conference. Baltimore, Oct 13-16,1992. pp:554-563
[25]Bertino E, Ferrari E, Atluri V. The specification and enforcement of authorization constraints in workflow management systems [J]. ACM Transactions on Information and System Security.1999,2 (1), pp:65-104.
[26]Reinhardt A Botha, Jan H P Eloff. Separation of duties for access control enforcement in workflow environments [J]. IBM Systems Journal.2001,40(3), pp: 666-682
[27]Ferber, Jacques. Multi-Agent Systems An Introduction to Distributed Artificial Intelligence. Addison Wesley Iberoamericana, S. A.1995
[28]张云勇,刘锦德.移动Agent技术.清华大学出版社.2003
[29]朱淼良,邱瑜.移动代理系统综述.计算机研究与发展.2001,38(1):16-25
[30]A. Cichocki and M. Rusinkiewicz. Migrating workflows. Advances in Workflow Management Systems and Interoperability,1997, pp:311-326.
[31]Andrzej Cichocki, Marek Rusinkiewicz. Providing Transactional Properties for Migrating Workflows. Mobile Networks and Applications,2004,9(5), pp:473-480
[32]曾广周党妍.基于移动计算范型的迁移工作流研究.计算机学报.2003,26(10):1343-1349
[33]吴修国.面向目标的迁移工作流建模方法研究.博士论文.山东大学.2010.
[34]Wu Xiuguo, Zeng Guangzhou, Goals description and application in migrating workflow system[J], Expert systems with applications,2010, vol(12), pp: 8027-8035.
[35]吴修国,曾广周,许崇敬.基于描述逻辑的目标推理研究[J].计算机科学.2008,35(7):142~144.
[35]吴修国,曾广周,韩芳溪,etal.迁移工作流中的目标规划研究[J].计算机科学.2008,35(1):147-150.
[36]Wu Xiuguo, Jiang Tongtong. Matchmaking of goals in intelligent agents based on description logics(DLs), in Proceeding-International Conference on Intelligelnt Computation Technology and Automation, ICICTA2008, pp:806-810.
[37]Wu Xiuguo, Zeng Guangzhou, GongPing Yang. A Novel Approach for Describing Goals with DLs in Inielligent Agents.4th International Conference on Natural Computation ICNC2008, pp:226-230.
[38]杜晓辉,曾广周,郭磊等.面向迁移实例旅行图动态适应性的目录服务研究[J].计算机应用研究,2008,25(3):2303-2305.
[39]王红,曾广周.无线迁移工作流按需移动中停靠站缓存管理机制[J].计算机工程与应用.2007,43(29):30-35.
[40]王红,曾广周,刘弘.无线迁移工作流环境中程序按需移动[J].计算机应用.2007,27(11):2728-2732
[41]Liu F, Zeng G. Stuty of genetic algorithm with reilnforcement leaning to solve the TSP [J]. Expert Systems with Applications.2009,36(3), pp:6995-7001.
[42]王睿.面向目标的迁移工作流主动服务方法研究[D].山东大学博士论文. 2009
[43]WangRui, ZengGuangzheu, A Novel Group-Based Active Service Protocol for Migrating Workflows [J]. Journal of Central South Uinversity of Technology,2010 17(2):357-362
[44]刘菲,曾广周.迁移工作流系统中本体替换的柔性机制[J].小型微型计算机系统.2007,28(9):1641-1646.
[45]王红,曾广周.可移动agent系统位置透明通信的一种实现.计算机学报.2001,24(4):442-446
[46]秦宇锋,曾广周.迁移工作流系统中位置服务体系结构的研究与设计[J].计算机应用.2007,27(10):2595-2597.
[47]Tardo J, Valente, L. Mobile agent security and Telescript. Compcon '96. Technologies for the Information Superhighway.1996. pp:58-63
[48]William M. Farmer, Joshua D. Guttman, Vipin Swarup. Security for mobile agents: Authentication and state appraisal. Computer Science,1996, Vol.1146, pp: 118-130
[49]李新,吕建等.移动Agent系统的安全性研究.软件学报,2002,13(10):1991-2000
[50]丁建国,柳惠琳等.移动Agent的一种安全认证机制.计算机工程,2001,27(2):74-75
[51]Guan Sheng-Uei, Wang Tianhan, Ong Sim Heng. Migration Control for Mobile Agents Based on Passport and Visa [J]. Future Generation Computer System.2003, 19(2):173-186.
[52]李辉,王晓琳,曾广周.基于Pass和Visa的迁移实例认证研究.计算机工程.2009,35(2):136-138
[53]D. Ferraiolo, R. S. Sandhu, S.Gavrila, etc. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security.2001, 4(3), pp:224-274
[54]张健.工作流安全和访问控制若干问题研究.吉林大学博士论文.2008
[55]A. Cichocki. Migrating Workflows and their Transactional Properties. PhD thesis, University of Houston,1999.
[56]卢朝霞,曾广周.面向迁移工作流可靠执行的协同监控模型.计算机研究与发 展,2009,46(3):398-406
[57]Genesereth M R, Ketehpel S P. Software agent. Communication of the ACM,1994, 37(7), pp:48-53
[58]Wooldridge M, Jennings N R. Intelligent agents:theory and practice. The Knowledge Engineering Review.1995,10(2), pp:115-152
[59]张焕国,罗捷,金刚,朱智强,余发江,严飞.可信计算研究进展.武汉大学学报:理学版.2006,5(6):513-518
[60]陈建勋,侯方勇,李磊.可信计算研究.计算机技术与发展.2010,20(9):1-4
[61]侯方勇,周进,王志英,刘真,刘芸.可信计算研究.计算机应用研究.2004(12):1-4
[62]周明辉,梅宏.可信计算研究的初步探疑.计算机科学.2004,31(7):5-8
[63]陈军冰,王志坚,艾萍,许发见.关于RBAC模型中约束的研究综述.计算机工程.2006,32(9):1-3
[64]李鲁艳,曾广周.基于任务片的旅行图生成算法研究.计算机工程与应用.2008,4(32):41-44
[65]宋淼,曾广周,范志强.基于本体的迁移工作流服务模型研究.计算机应用.2006,26(7):1517-1519
[66]Wang Rui, Zeng Guangzhou. A Service Recommender System Based on the Co-Evolutionary Contract Net for Migrating Workflows. Proeeeding of ISDPE2007, pp:42-47
[67]王五一,唐刚.谈信息加密及对称密钥加密技术.计算机应用研究.1999,16(12):26-27
[68]盛利元,张卿,孙克辉,王文广.一种基于混沌映射的DES密钥空间拓展方法.通信学报.2005,26(4):122-124
[69]李龙景,杨琪.基于RSA的多元非对称密码系统在数字签名中的应用.吉林大学学报:理学版.2002,40(2):165-167
[70]赵新宇,林作铨.合同网协议中的Agent可信度模型.计算机科学.2006,33(16):150-153,167
[71]苏玮,曾广周.考虑用户可信度的动态RBAC模型.计算机工程.2008,15(31):84-86
[72]Su Wei, Zeng Guang-zhou, "A RBAC Model Considering the User Reliability in Workflow System", In Proceeding of ICIS2010,2010, pp:426-430.
[73]王小明,赵宗涛,郝克刚.工作流系统带权角色与周期时间访问控制模型.软件学报.2003,14(11):1841-1848
[74]M. Blaze, J. Feigenbaum, J. Lacy.,1996 Proceedings IEEE Symposium on Security and Privacy.1996, pp:164-173
[75]叶东海.合同网协议中的信用模型.计算机应用与软件.2010,27(3):231-233
[76]S. Castano, F. Casati, and M. Fugini. Managing workflow authorization constraints through active database technology [J]. Information Systems Frontiers,2001,3(3), pp:319-338
[77]Su Wei, Zeng Guangzhou. A migrating workflow system access control model based on RBAC. Journal of Convergence Information Technology,2012,7(8), pp: 408-414
[78]曾广周,杨公平,王晓琳.基于Agent能力自信度的任务分配问题研究.计算机学报.2007,30(11):1922-1929
[79]马巧云.基于多Agent系统的动态任务分配研究.华中科技大学博士论文.2006
[80]赵龙文,侯义斌.合作agent的能力描述.小型微型计算机系统.2003,24(2):220-224
[81]Elisa Bertino, Piero Andrea Bonatti, Elena Ferrari. TRBAC:A temporal role-based access control model. ACM Transactions on Information and System Security (TISSEC) TISSEC.2001,4(3):191-233
[82]张健,孙吉贵,李妮娅,胡成全,杨滨.工作流系统中一个基于多权角色和规则的条件化RBAC安全访问控制模型.通信学报.2008,29(2):8-16
[83]Padgham L, Lambrix P. Agent capabilities:Extending BDI theory. Proceedings of Seventeenth National Conference on Artificial Intelligence(AAAI 2000).2000, pp: 68-73
[84]宋一兵,杨永田,李忠池.命令机制下智能体能力的描述.系统仿真学报.2007,19(6):1288-1295
[85]杨公平,曾广周,卢朝霞.迁移工作流系统中的服务主体优选机制研究.计算机工程与应用.2004,40(30):18-19
[86]刘波,罗军舟,李伟.大规模网络管理中的任务分解与调度.通信学报.2006, 27(3):64-72
[87]庞辉,方宗德.网络化协作任务分解策略与粒度设计.计算机集成制造系统.2008,14(3):25-430
[88]Robert A. Jacobs, Michael I. Jordan. Task decomposition through competition in a modular connectionist architecture:The what and where vision tasks. Cognitive Science.1991,15(2), pp:219-250
[89]Shimon Whiteson, Nate Kohl, Risto Miikkulainen, Peter Stone. Evolving Soccer Keepaway Players Through Task Decomposition. Machine Learning.2005,59(1-2), pp:5-30
[90]李建华,陈松乔,马华.面向服务架构参考模型及应用研究.计算机工程.2006,32(20):100-102
[91]Huang W K, Atluri V. Secure Flow:A Secure Web-enabled Workflow Management System [A]. Proceedings of the 4th ACM Workshop on Role-based Access Control, Fairfax, Virginia,1999. pp:83-94
[92]李红臣,史美林Agent在工作流管理系统中的应用研究.通信学报,20(9):16-22
[93]E. Bertino, E. Ferrari, and V. Atluri. A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems [C]. In Proc. of the second ACM workshop on Role-based access control.1997, pp: 1-12.
[94]Yuqing Sun, Peng Pan. PRES:a practical flexible RBAC workflow system. ICEC '05:Proceedings of the 7th international conference on Electronic commerce.2005, pp:653-658
[95]Jacques Wainera, Akhil Kumarb, Paulo Barthelmessc. DW-RBAC:A formal security model of delegation and revocation in workflow systems. Information Systems.2007,32(3), pp:365-384
[96]Sandhu, R, (2000) Engineering Authority and Trust in Cyberspace:The OM-AM and RBAC Way. Fifth ACM Workshop on RBAC, pp:111-119
[97]Sejong Oh, Seog Park. Task-role-based Access Control Model. Information Systems.2003,28(6), pp:533-562
[98]Sejong Oh and Soeg Park. An Integration Model of Role-Based Access Control and Activity-Based Access Control Using Task. Data and Application Security, IFIP International Federation for Information Processing,2002,73, pp:355-360
[99]Duen-Ren Liu, Mei-Yu Wu, Shu-Teng Lee. Role-based authorizations for workflow systems in support of task-based separation of duty. Journal of Systems and Software.2004,73(3), pp:375-387
[100]朱君,汤庸.基于角色和任务的CSCW系统访问控制技术研究.计算机科学.2010,37(7):130-133
[101]卢朝霞,曾广周.优化迁移实例容错执行性能的阶段构建模型.吉林大学学报(工学版).2008,38(6):1390-1395
[102]卢朝霞.一种层次型迁移工作流容错执行框架.计算机工程与应用.2011,47(24):4-8
[103]卢朝霞,曾广周.迁移实例状态监控及失败恢复机制.计算机工程与应用.2010,46(26):17-21
[104]卢朝霞,曾广周.面向迁移工作流可靠执行的协同监控模型.计算机研究与发展.2009,45(3):398-406
[105]Sandholm T, Larson K, Andersson M, et al. Coalition structure generation with worst case guarantees. Artificial Intelligence,1999,111(1-2), pp:209-238.
[106]陈刚,陆汝钤.关系网模型——基于社会合作机制的多agent协作组织方法[J].计算机研究与发展,2003,40(1):108-109.
[107]叶东海,蓝少华,王玉善,吴慧中.基于熟人的Agent联盟策略.小型微型计算机系统.2000,21(10):1053-1055
[108]魏巍,刘弘.基于关系网模型的Agent联盟形成策.计算机应用研究.2006,10:41-43
[109]Klusch M, Blankenburg B. On safe kernel stable coalition formation among Agents. In:Proc. of the AAMAS 2004, vol.2, pp:580-587.
[110]Klush M, Gerber A. Dynamic coalition formation among rational Agents. IEEE Intelligent Systems,2002,17(3), pp:42-47.
[111]龚勇.多Agent联盟形成技术在组合贸易电子商务中的应用研究.国防科技大学博士论文.2005
[112]张新良,石纯一.多Agent联盟结构动态生成算法.软件学报.2007,18(3):574-581
[113]陈炜,汪辉,何艳,高鹏毅.基于聘用关系网的多Agent系统协作研究.武汉理工大学学报.2009,31(18):138-141
[114]朱桂明,金士尧,郭得科IPSBSAR一种基于熟人关系的增量式P2P搜索算法.计算机研究与发展.2009,46(8):1260-1269
[115]田芳,李立新.一种基于熟人关系的Agent联合算法.2006,31(1):108-111
[116]M Inverno, M Luck. A Formal View of Social Dependence Networks [C]. Proc. of the 1st Australian Workshop on DAI,1996, pp:115-129.
[117]罗杰文,史忠植,王茂光等.基于动态描述逻辑的多主体协作模型[J].计算机研究与发展.2006,43(8):1317-1322.
[118]Borselius, N. Mobile Agent Security. Electronics & Communication Engineering Journal.2002, Volume:14, Issue:5, pp:211-218
[119]Su Wei, Zeng GuangzhouAccess control model in migrating workflow system with site service alliance Advances in Intelligent and Soft Computing,2012, 160(2),pp:139-145
[120]Kate S. Larson, Tuomas W. Sandholm. Anytime coalition structure generation:an average case study. Journal of Experimental & Theoretical Artificial Intelligence. 2000,12(1), pp:23-42
[121]Smith R G. The Contact Net Protocol:High-level Communication and Control in a Distributed Problem Solver [J]. IEEE Trans. on Computer.1980,29 (12), pp: 1104-1113
[2]史美林,杨光信,向勇,伍尚广WfMS:工作流管理系统.计算机学报[J].1999,22(3):325-334
[3]罗海滨,范玉顺,吴澄.工作流技术综述.软件学报.2000,11(7):899-907
[4]范玉顺.工作流管理技术基础.北京:清华大学出版社;海德堡:施普林格出版社,2001.
[5]范玉顺,吴澄.工作流管理技术研究与产品现状及发展趋势.计算机集成制造系统,2000,6(1):1-7
[6]Reinhardt A Botha, Jan H P Eloff. Separation of duties for access control enforcement in workflow environments [J]. IBM Systems Journal.2001,40(3), pp: 666-682
[7]Hollingworth D. Workflow Security Considerations-White Paper. The Workflow Management Coalition Specification,1998
[8]B.W. Lampson. Protection. In 5th Princeton symposium on Information Science and Systems,1971, pp:437-443
[9]G. S. Graham, P. J. Denning. Protection:Principles and Practice. In AFIPS Spring Joint Computer Conference,1972, pp:417-429
[10]D. E. Bell, L. J. LaPadula. Secure Computer Systems:Mathematical Foundations. MITRE Technical Report 2547,1973
[11]D. E. Denning. A Lattice Model of Secure Information Flow. Communication of the ACM,1976, pp:236-243
[12]郭玮,茅兵,谢立.强制访问控制MAC的设计与实现.计算机应用与软件,2004,21(3):1-2,13
[13]李斓,何永忠,冯登国.面向XML文档的细粒度强制访问控制模型.计算机学报,2000,15(10):1528-1537
[14]Thomas RK, Sandhu RS. Task-Based authentication controls (TABC):a family of models for active and enterprise-oriented authentication management. Proceedings of the 11th IFIP WG11.3 Workshop on Database Security.1997,pp:165-172
[15]邓集波,洪帆.基于任务的访问控制模型.软件学报.2003,14(1):76-82
[16]Sandhu RS, et al. Role-based Access Control Models. IEEE Computer [J],1996,29 (2), pp:38-47.
[17]Mei-Yu Wu, Chih-Kun Ke, Jung-Shin Liu. Active Role-based Access Control Model with Event-Condition-Action Rule and Case-Based Reasoning. JCIT,2011, Vol.6, No.4,pp:328-339.
[18]Wenan TAN, Yicheng XU, Ting ZHANG, Xiang WEN, Linshan Cui, Chuanqun JIANG Dynamic Role-based Access Control for Web Services using Context and Trust. JDCTA,2011, Vol.5, No.7, pp:121-127.
[19]J.M. Kabasele Tenday, J. J. Quisquater, M. Lobelle. Deriving a Role-Based Access Control model from the OBBAC model. Enabling Technologies:Infrastructure for Collaborative Enterprises,1999. (WET ICE'99) Proceedings. pp:147-151.
[20]沈海波,洪帆.访问控制模型综述.计算机应用研究,2005,22(6):9-11
[21]J Wainer, P Barthelmess, A Kumar. W-RBAC-a workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems,2003, Vol.12, No.4, pp:455-485
[22]裘炅,谭建荣,张树有,马晨华.应用角色访问控制的工作流动态授权模型[J].计算机辅助设计与图形学学报,2004,7(16):992-998.
[23]马亮,顾明.基于角色的工作流系统访问控制模型.小型微型计算机系统.2006,27(1):136-139
[24]David F. Ferraiolo, D. Richard Kuhn. Role-Based Access Controls.15th National Computer Security Conference. Baltimore, Oct 13-16,1992. pp:554-563
[25]Bertino E, Ferrari E, Atluri V. The specification and enforcement of authorization constraints in workflow management systems [J]. ACM Transactions on Information and System Security.1999,2 (1), pp:65-104.
[26]Reinhardt A Botha, Jan H P Eloff. Separation of duties for access control enforcement in workflow environments [J]. IBM Systems Journal.2001,40(3), pp: 666-682
[27]Ferber, Jacques. Multi-Agent Systems An Introduction to Distributed Artificial Intelligence. Addison Wesley Iberoamericana, S. A.1995
[28]张云勇,刘锦德.移动Agent技术.清华大学出版社.2003
[29]朱淼良,邱瑜.移动代理系统综述.计算机研究与发展.2001,38(1):16-25
[30]A. Cichocki and M. Rusinkiewicz. Migrating workflows. Advances in Workflow Management Systems and Interoperability,1997, pp:311-326.
[31]Andrzej Cichocki, Marek Rusinkiewicz. Providing Transactional Properties for Migrating Workflows. Mobile Networks and Applications,2004,9(5), pp:473-480
[32]曾广周党妍.基于移动计算范型的迁移工作流研究.计算机学报.2003,26(10):1343-1349
[33]吴修国.面向目标的迁移工作流建模方法研究.博士论文.山东大学.2010.
[34]Wu Xiuguo, Zeng Guangzhou, Goals description and application in migrating workflow system[J], Expert systems with applications,2010, vol(12), pp: 8027-8035.
[35]吴修国,曾广周,许崇敬.基于描述逻辑的目标推理研究[J].计算机科学.2008,35(7):142~144.
[35]吴修国,曾广周,韩芳溪,etal.迁移工作流中的目标规划研究[J].计算机科学.2008,35(1):147-150.
[36]Wu Xiuguo, Jiang Tongtong. Matchmaking of goals in intelligent agents based on description logics(DLs), in Proceeding-International Conference on Intelligelnt Computation Technology and Automation, ICICTA2008, pp:806-810.
[37]Wu Xiuguo, Zeng Guangzhou, GongPing Yang. A Novel Approach for Describing Goals with DLs in Inielligent Agents.4th International Conference on Natural Computation ICNC2008, pp:226-230.
[38]杜晓辉,曾广周,郭磊等.面向迁移实例旅行图动态适应性的目录服务研究[J].计算机应用研究,2008,25(3):2303-2305.
[39]王红,曾广周.无线迁移工作流按需移动中停靠站缓存管理机制[J].计算机工程与应用.2007,43(29):30-35.
[40]王红,曾广周,刘弘.无线迁移工作流环境中程序按需移动[J].计算机应用.2007,27(11):2728-2732
[41]Liu F, Zeng G. Stuty of genetic algorithm with reilnforcement leaning to solve the TSP [J]. Expert Systems with Applications.2009,36(3), pp:6995-7001.
[42]王睿.面向目标的迁移工作流主动服务方法研究[D].山东大学博士论文. 2009
[43]WangRui, ZengGuangzheu, A Novel Group-Based Active Service Protocol for Migrating Workflows [J]. Journal of Central South Uinversity of Technology,2010 17(2):357-362
[44]刘菲,曾广周.迁移工作流系统中本体替换的柔性机制[J].小型微型计算机系统.2007,28(9):1641-1646.
[45]王红,曾广周.可移动agent系统位置透明通信的一种实现.计算机学报.2001,24(4):442-446
[46]秦宇锋,曾广周.迁移工作流系统中位置服务体系结构的研究与设计[J].计算机应用.2007,27(10):2595-2597.
[47]Tardo J, Valente, L. Mobile agent security and Telescript. Compcon '96. Technologies for the Information Superhighway.1996. pp:58-63
[48]William M. Farmer, Joshua D. Guttman, Vipin Swarup. Security for mobile agents: Authentication and state appraisal. Computer Science,1996, Vol.1146, pp: 118-130
[49]李新,吕建等.移动Agent系统的安全性研究.软件学报,2002,13(10):1991-2000
[50]丁建国,柳惠琳等.移动Agent的一种安全认证机制.计算机工程,2001,27(2):74-75
[51]Guan Sheng-Uei, Wang Tianhan, Ong Sim Heng. Migration Control for Mobile Agents Based on Passport and Visa [J]. Future Generation Computer System.2003, 19(2):173-186.
[52]李辉,王晓琳,曾广周.基于Pass和Visa的迁移实例认证研究.计算机工程.2009,35(2):136-138
[53]D. Ferraiolo, R. S. Sandhu, S.Gavrila, etc. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security.2001, 4(3), pp:224-274
[54]张健.工作流安全和访问控制若干问题研究.吉林大学博士论文.2008
[55]A. Cichocki. Migrating Workflows and their Transactional Properties. PhD thesis, University of Houston,1999.
[56]卢朝霞,曾广周.面向迁移工作流可靠执行的协同监控模型.计算机研究与发 展,2009,46(3):398-406
[57]Genesereth M R, Ketehpel S P. Software agent. Communication of the ACM,1994, 37(7), pp:48-53
[58]Wooldridge M, Jennings N R. Intelligent agents:theory and practice. The Knowledge Engineering Review.1995,10(2), pp:115-152
[59]张焕国,罗捷,金刚,朱智强,余发江,严飞.可信计算研究进展.武汉大学学报:理学版.2006,5(6):513-518
[60]陈建勋,侯方勇,李磊.可信计算研究.计算机技术与发展.2010,20(9):1-4
[61]侯方勇,周进,王志英,刘真,刘芸.可信计算研究.计算机应用研究.2004(12):1-4
[62]周明辉,梅宏.可信计算研究的初步探疑.计算机科学.2004,31(7):5-8
[63]陈军冰,王志坚,艾萍,许发见.关于RBAC模型中约束的研究综述.计算机工程.2006,32(9):1-3
[64]李鲁艳,曾广周.基于任务片的旅行图生成算法研究.计算机工程与应用.2008,4(32):41-44
[65]宋淼,曾广周,范志强.基于本体的迁移工作流服务模型研究.计算机应用.2006,26(7):1517-1519
[66]Wang Rui, Zeng Guangzhou. A Service Recommender System Based on the Co-Evolutionary Contract Net for Migrating Workflows. Proeeeding of ISDPE2007, pp:42-47
[67]王五一,唐刚.谈信息加密及对称密钥加密技术.计算机应用研究.1999,16(12):26-27
[68]盛利元,张卿,孙克辉,王文广.一种基于混沌映射的DES密钥空间拓展方法.通信学报.2005,26(4):122-124
[69]李龙景,杨琪.基于RSA的多元非对称密码系统在数字签名中的应用.吉林大学学报:理学版.2002,40(2):165-167
[70]赵新宇,林作铨.合同网协议中的Agent可信度模型.计算机科学.2006,33(16):150-153,167
[71]苏玮,曾广周.考虑用户可信度的动态RBAC模型.计算机工程.2008,15(31):84-86
[72]Su Wei, Zeng Guang-zhou, "A RBAC Model Considering the User Reliability in Workflow System", In Proceeding of ICIS2010,2010, pp:426-430.
[73]王小明,赵宗涛,郝克刚.工作流系统带权角色与周期时间访问控制模型.软件学报.2003,14(11):1841-1848
[74]M. Blaze, J. Feigenbaum, J. Lacy.,1996 Proceedings IEEE Symposium on Security and Privacy.1996, pp:164-173
[75]叶东海.合同网协议中的信用模型.计算机应用与软件.2010,27(3):231-233
[76]S. Castano, F. Casati, and M. Fugini. Managing workflow authorization constraints through active database technology [J]. Information Systems Frontiers,2001,3(3), pp:319-338
[77]Su Wei, Zeng Guangzhou. A migrating workflow system access control model based on RBAC. Journal of Convergence Information Technology,2012,7(8), pp: 408-414
[78]曾广周,杨公平,王晓琳.基于Agent能力自信度的任务分配问题研究.计算机学报.2007,30(11):1922-1929
[79]马巧云.基于多Agent系统的动态任务分配研究.华中科技大学博士论文.2006
[80]赵龙文,侯义斌.合作agent的能力描述.小型微型计算机系统.2003,24(2):220-224
[81]Elisa Bertino, Piero Andrea Bonatti, Elena Ferrari. TRBAC:A temporal role-based access control model. ACM Transactions on Information and System Security (TISSEC) TISSEC.2001,4(3):191-233
[82]张健,孙吉贵,李妮娅,胡成全,杨滨.工作流系统中一个基于多权角色和规则的条件化RBAC安全访问控制模型.通信学报.2008,29(2):8-16
[83]Padgham L, Lambrix P. Agent capabilities:Extending BDI theory. Proceedings of Seventeenth National Conference on Artificial Intelligence(AAAI 2000).2000, pp: 68-73
[84]宋一兵,杨永田,李忠池.命令机制下智能体能力的描述.系统仿真学报.2007,19(6):1288-1295
[85]杨公平,曾广周,卢朝霞.迁移工作流系统中的服务主体优选机制研究.计算机工程与应用.2004,40(30):18-19
[86]刘波,罗军舟,李伟.大规模网络管理中的任务分解与调度.通信学报.2006, 27(3):64-72
[87]庞辉,方宗德.网络化协作任务分解策略与粒度设计.计算机集成制造系统.2008,14(3):25-430
[88]Robert A. Jacobs, Michael I. Jordan. Task decomposition through competition in a modular connectionist architecture:The what and where vision tasks. Cognitive Science.1991,15(2), pp:219-250
[89]Shimon Whiteson, Nate Kohl, Risto Miikkulainen, Peter Stone. Evolving Soccer Keepaway Players Through Task Decomposition. Machine Learning.2005,59(1-2), pp:5-30
[90]李建华,陈松乔,马华.面向服务架构参考模型及应用研究.计算机工程.2006,32(20):100-102
[91]Huang W K, Atluri V. Secure Flow:A Secure Web-enabled Workflow Management System [A]. Proceedings of the 4th ACM Workshop on Role-based Access Control, Fairfax, Virginia,1999. pp:83-94
[92]李红臣,史美林Agent在工作流管理系统中的应用研究.通信学报,20(9):16-22
[93]E. Bertino, E. Ferrari, and V. Atluri. A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems [C]. In Proc. of the second ACM workshop on Role-based access control.1997, pp: 1-12.
[94]Yuqing Sun, Peng Pan. PRES:a practical flexible RBAC workflow system. ICEC '05:Proceedings of the 7th international conference on Electronic commerce.2005, pp:653-658
[95]Jacques Wainera, Akhil Kumarb, Paulo Barthelmessc. DW-RBAC:A formal security model of delegation and revocation in workflow systems. Information Systems.2007,32(3), pp:365-384
[96]Sandhu, R, (2000) Engineering Authority and Trust in Cyberspace:The OM-AM and RBAC Way. Fifth ACM Workshop on RBAC, pp:111-119
[97]Sejong Oh, Seog Park. Task-role-based Access Control Model. Information Systems.2003,28(6), pp:533-562
[98]Sejong Oh and Soeg Park. An Integration Model of Role-Based Access Control and Activity-Based Access Control Using Task. Data and Application Security, IFIP International Federation for Information Processing,2002,73, pp:355-360
[99]Duen-Ren Liu, Mei-Yu Wu, Shu-Teng Lee. Role-based authorizations for workflow systems in support of task-based separation of duty. Journal of Systems and Software.2004,73(3), pp:375-387
[100]朱君,汤庸.基于角色和任务的CSCW系统访问控制技术研究.计算机科学.2010,37(7):130-133
[101]卢朝霞,曾广周.优化迁移实例容错执行性能的阶段构建模型.吉林大学学报(工学版).2008,38(6):1390-1395
[102]卢朝霞.一种层次型迁移工作流容错执行框架.计算机工程与应用.2011,47(24):4-8
[103]卢朝霞,曾广周.迁移实例状态监控及失败恢复机制.计算机工程与应用.2010,46(26):17-21
[104]卢朝霞,曾广周.面向迁移工作流可靠执行的协同监控模型.计算机研究与发展.2009,45(3):398-406
[105]Sandholm T, Larson K, Andersson M, et al. Coalition structure generation with worst case guarantees. Artificial Intelligence,1999,111(1-2), pp:209-238.
[106]陈刚,陆汝钤.关系网模型——基于社会合作机制的多agent协作组织方法[J].计算机研究与发展,2003,40(1):108-109.
[107]叶东海,蓝少华,王玉善,吴慧中.基于熟人的Agent联盟策略.小型微型计算机系统.2000,21(10):1053-1055
[108]魏巍,刘弘.基于关系网模型的Agent联盟形成策.计算机应用研究.2006,10:41-43
[109]Klusch M, Blankenburg B. On safe kernel stable coalition formation among Agents. In:Proc. of the AAMAS 2004, vol.2, pp:580-587.
[110]Klush M, Gerber A. Dynamic coalition formation among rational Agents. IEEE Intelligent Systems,2002,17(3), pp:42-47.
[111]龚勇.多Agent联盟形成技术在组合贸易电子商务中的应用研究.国防科技大学博士论文.2005
[112]张新良,石纯一.多Agent联盟结构动态生成算法.软件学报.2007,18(3):574-581
[113]陈炜,汪辉,何艳,高鹏毅.基于聘用关系网的多Agent系统协作研究.武汉理工大学学报.2009,31(18):138-141
[114]朱桂明,金士尧,郭得科IPSBSAR一种基于熟人关系的增量式P2P搜索算法.计算机研究与发展.2009,46(8):1260-1269
[115]田芳,李立新.一种基于熟人关系的Agent联合算法.2006,31(1):108-111
[116]M Inverno, M Luck. A Formal View of Social Dependence Networks [C]. Proc. of the 1st Australian Workshop on DAI,1996, pp:115-129.
[117]罗杰文,史忠植,王茂光等.基于动态描述逻辑的多主体协作模型[J].计算机研究与发展.2006,43(8):1317-1322.
[118]Borselius, N. Mobile Agent Security. Electronics & Communication Engineering Journal.2002, Volume:14, Issue:5, pp:211-218
[119]Su Wei, Zeng GuangzhouAccess control model in migrating workflow system with site service alliance Advances in Intelligent and Soft Computing,2012, 160(2),pp:139-145
[120]Kate S. Larson, Tuomas W. Sandholm. Anytime coalition structure generation:an average case study. Journal of Experimental & Theoretical Artificial Intelligence. 2000,12(1), pp:23-42
[121]Smith R G. The Contact Net Protocol:High-level Communication and Control in a Distributed Problem Solver [J]. IEEE Trans. on Computer.1980,29 (12), pp: 1104-1113