B/S模式下基于工作流的访问控制模型研究
摘要
随着信息技术的发展,工作流系统变得越来越复杂,在满足应用需求的同时对其安全性有了更高的要求,因而需要更好的安全模型应用于工作流系统,其安全模型中运用最典型的安全技术是访问控制技术。近年来工作流系统中访问控制技术得到广泛的研究,其中两种广泛应用的访问控制模型RBAC(Role-Based Access Control)和RTAC(Task-Based Access Control)在一定的程度上解决了角色授权和任务分配的控制问题。但是,随着系统复杂性增加,这两种模型并没有真正解决最小特权和职责分割问题,也不能满足用户工作流流程频繁变动的需求。针对这些不足,本文构建了一种可变流的动态角色_任务_视图访问控制(DRTVBAC)的细粒度访问控制模型,通过一种可变流的动态任务授权方法和在实际系统中的算法实现,有效解决了实际应用中复杂系统的最小特权和动态职责分割的安全问题。
DRTVBAC模型根据角色策略进行动态角色分配管理,非敏感角色可以进行交叉分配,敏感角色不能交叉分配。角色在特定的任务流条件下,根据职责被分配一定的任务,该任务是工作流中一个原子性节点任务。角色满足预定的相容和相斥属性,通过获得访问某种功能模块权限的动态视图,实现具有层次关系的可执行任务的角色集R(Role)的动态管理,提高了界面操作的简洁和界面信息的安全。为满足实际应用需求,在活动视图的基础上通过可变流算法改变任务流的执行顺序,不影响各个角色执行相应的任务,但会改变各个角色执行任务的时间顺序,并通过视图展示出各角色的相关任务;无论任务流的顺序怎么改变,DRTVBAC模型始终保持了角色、任务和视图三者的安全关联关系。
DRTVBAC模型可变流算法实现基本思想是:K_i表示一个工作流中任务单元N_i的状态,K_(i+1)表示一个工作流中任务单元N_(i+1)的状态,i表示一个任务在工作流中的位置,通过判断Ni的状态Ki和N_(i+1)的状态K_(i+1)而确定是否执行N_(i+1)直到工作流执行完毕。
DRTVBAC模型在机动车驾驶员培训管理系统已经成功应用,特点是:与任务相关联的动态角色管理,灵活的权限控制、授予与收回;符合权限激活角色执行某一特定任务的最小特权原则;实现了工作流中的权限授予和任务完成分离的职责分割原则;防止敏感信息泄露的简洁动态视图操作界面;满足用户实际需求的可变任务流。
With information technology development, workflow system becomes more and more complex, not only meet application need but also have a higher request to its security, so need better security model applies in the work flow system, the typical safety technology is the access control technology in its security model. In recent years, the access control technology has been researched widely in workflow system, two typical technologies of this are RBAC (Role-Based Access Control) and RTAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent, however, during the process of complicating a system’s structure, these two technologies can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow’s process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view(DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of applying this model, a algorithm, which is used to authorize dynamic task for a variable flow, is implemented in the actual system, that is to say, it solves effectively complex system fine-grained principle of privileges minimum and security problem of principle of dynamic separation of duties in practical application system.
In the DRTVBAC model, dynamic role’s assigning and managing will be processed based on the role policy, that is to say, the insensitive role could be intersect assigned, the sensitive role could not be intersect assigned. In a specific task flow situation, roles will be assigned a certain task based on their duties, this task is a atomicity node task in the workflow. The roles have the designated attribute– acceptance and exclusion, after getting a dynamic view which could be used to obtain an authority in order to access a certain function model, the roles management is becoming a dynamic management used for those roles R (Role) which have hierarchy and could process a certain task. It is satisfied for easy operation, and improves the security for interface information. In order to meet the practical application need, it change the execution sequence of task flow by variable flow arithmetic based on active view, it does not change that each role carry out corresponding task, it will affect to each role carry out the task time sequence, show role’s related task by views; how regardless of task flow's order does change, DRTVBAC model always maintain security association among the role, the task and the view.
The essential point of implementing DRTVBAC model variable flow arithmetic is: suppose Ki is the task unit N_i’s status in a workflow, suppose K_(i+1) is the task unit N_(i+1)’s status in a workflow , i is the position of a task in the task flow, estimate Ni’s status Ki and N_(i+1)’s status K_(i+1) in order to confirm if N_(i+1) should be processed or not till finish processing the workflow.
DRTVBAC model is successfully applied in the motor vehicle drivers training management system. It has these special features: the dynamic role managing is connected with the task, it could flexibly control, authorize and revoke access right; it is qualified for the minimum privilege principle, that is to say, a role could process a certain task when the access right is activated; the access right is authorized in the workflow, and the tasks are assigned based on the role duty; the dynamic view operation interface is easy to operate, and is helpful for preventing reveal confidential information; the task flow is alterable and satisfied for user’s practical request.
DRTVBAC模型根据角色策略进行动态角色分配管理,非敏感角色可以进行交叉分配,敏感角色不能交叉分配。角色在特定的任务流条件下,根据职责被分配一定的任务,该任务是工作流中一个原子性节点任务。角色满足预定的相容和相斥属性,通过获得访问某种功能模块权限的动态视图,实现具有层次关系的可执行任务的角色集R(Role)的动态管理,提高了界面操作的简洁和界面信息的安全。为满足实际应用需求,在活动视图的基础上通过可变流算法改变任务流的执行顺序,不影响各个角色执行相应的任务,但会改变各个角色执行任务的时间顺序,并通过视图展示出各角色的相关任务;无论任务流的顺序怎么改变,DRTVBAC模型始终保持了角色、任务和视图三者的安全关联关系。
DRTVBAC模型可变流算法实现基本思想是:K_i表示一个工作流中任务单元N_i的状态,K_(i+1)表示一个工作流中任务单元N_(i+1)的状态,i表示一个任务在工作流中的位置,通过判断Ni的状态Ki和N_(i+1)的状态K_(i+1)而确定是否执行N_(i+1)直到工作流执行完毕。
DRTVBAC模型在机动车驾驶员培训管理系统已经成功应用,特点是:与任务相关联的动态角色管理,灵活的权限控制、授予与收回;符合权限激活角色执行某一特定任务的最小特权原则;实现了工作流中的权限授予和任务完成分离的职责分割原则;防止敏感信息泄露的简洁动态视图操作界面;满足用户实际需求的可变任务流。
With information technology development, workflow system becomes more and more complex, not only meet application need but also have a higher request to its security, so need better security model applies in the work flow system, the typical safety technology is the access control technology in its security model. In recent years, the access control technology has been researched widely in workflow system, two typical technologies of this are RBAC (Role-Based Access Control) and RTAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent, however, during the process of complicating a system’s structure, these two technologies can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow’s process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view(DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of applying this model, a algorithm, which is used to authorize dynamic task for a variable flow, is implemented in the actual system, that is to say, it solves effectively complex system fine-grained principle of privileges minimum and security problem of principle of dynamic separation of duties in practical application system.
In the DRTVBAC model, dynamic role’s assigning and managing will be processed based on the role policy, that is to say, the insensitive role could be intersect assigned, the sensitive role could not be intersect assigned. In a specific task flow situation, roles will be assigned a certain task based on their duties, this task is a atomicity node task in the workflow. The roles have the designated attribute– acceptance and exclusion, after getting a dynamic view which could be used to obtain an authority in order to access a certain function model, the roles management is becoming a dynamic management used for those roles R (Role) which have hierarchy and could process a certain task. It is satisfied for easy operation, and improves the security for interface information. In order to meet the practical application need, it change the execution sequence of task flow by variable flow arithmetic based on active view, it does not change that each role carry out corresponding task, it will affect to each role carry out the task time sequence, show role’s related task by views; how regardless of task flow's order does change, DRTVBAC model always maintain security association among the role, the task and the view.
The essential point of implementing DRTVBAC model variable flow arithmetic is: suppose Ki is the task unit N_i’s status in a workflow, suppose K_(i+1) is the task unit N_(i+1)’s status in a workflow , i is the position of a task in the task flow, estimate Ni’s status Ki and N_(i+1)’s status K_(i+1) in order to confirm if N_(i+1) should be processed or not till finish processing the workflow.
DRTVBAC model is successfully applied in the motor vehicle drivers training management system. It has these special features: the dynamic role managing is connected with the task, it could flexibly control, authorize and revoke access right; it is qualified for the minimum privilege principle, that is to say, a role could process a certain task when the access right is activated; the access right is authorized in the workflow, and the tasks are assigned based on the role duty; the dynamic view operation interface is easy to operate, and is helpful for preventing reveal confidential information; the task flow is alterable and satisfied for user’s practical request.
引文
[1] 范玉顺.工作流管理技术基础.北京: 清华大学出版社,2001.20-105
[2] WfMC. TC00-1019:Workflow Management Coalition Workflow Security Considerations White Paper. WfMC,1998 Feb,44-50
[3] 2007 BPM & Workflow Handbook..Launching.May 22, 2007,20-23
[4] 邓集波,洪帆.基于任务的访问控制模型.软件学报,2003,14(1):76-82
[5] Savith Kandala and Ravi Sandhu. Secure Role-Based Workflow Models. In Proceedings of the 15th IFIP WG 11.3 Working Conference on Database Security,2002,45-58
[6] J.H.Saltzer, M.D.Schroeder..The protection of information in computer systems. Proceedings of the IEEE .1975.9,63(9):1278-1308
[7] D.D.Clark, D.R . Wilson. . A Comparison of commercial and military computer security policies..Proceeding of IEEE Symposium on Security and Privacy,1987.4,56-150
[8] 李慧芳,范玉顺.工作流系统时间管理.软件学报,2002,13(8):1552-1558
[9] 吴中博,袁磊.工作流管理系统中的授权与访问控制.福建电脑,2006(2):59-64
[10] 陈传波,熊飞.基于工作流状态的动态访问控制.计算机工程与科学,2005(7):7-9
[11] 戴莹莹,希凡.基于角色的访问控制在 B/S 模式中的研究与实现.交通与计算机,2006,24(2):124-127
[12] 赵亮,茅兵,谢立.访问控制研究综述.计算机工程,2004.1,30(2):2-3
[13] 沈海波,洪帆.访问控制模型研究综述.计算机应用研究,2005(6):9-11
[14] 鲍连承,赵景波.访问控制技术综述.电气传动自动化,2006,28(4):1-5
[15] Chang-Joo Moon, Dae-Ha Park, Soung – Jin Park. Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration[J].Computers & Security,2004(23):126-136
[16] Sejong Oh,Seog Park. Task-Role-Based Access Control Model[J], Information Systems,,2003,28(6):533-536
[17] Savith Kandala and Ravi Sandhu. Secure Role-Based Workflow Models.In Proceedings of the 15th IFIP WG 11.3 Working Conference on Database Security.2002:45-58.
[18] ShengLi Wu,AmitSheth.Authorization and Access Control of Application Data in Workflow Systems..Journal of Intelligent Information Systems ,2002:71-94
[19] 胡迎松,陈刚,朱阿柯,等.一种基于角色和部门的访问控制模型.计算机工程与科学,2006(7):10-13
[20] 齐润泉,贾瑞生.基于角色的访问控制在校园网中的应用研究.山东科技大学学报(自然科学版),2004(1):36-38
[21] 李攀攀.IP 地址动态管理与访问控制.中国科技信息,2005(20):56-59
[22] 秦超,段云所,陈钟.访问控制原理与实现.网络安全技术与应用,2001(5):56-60
[23] 田钧,张兴忠,王震宇.访问控制系统与 Web 应用.太原理工大学学报,2004(2):103-105
[24] 洪帆,李静.多级安全工作流授权模型.华中科技大学学报(自然科学版),2002,30(1):20-22
[25]刘丁,王小明,付争方.安全工作流管理系统体系结构研究.微电子学与计算机,2006,23(10):75-77
[26] 胡程瑜,李大兴.带时间约束和角色控制的工作流系统授权模型.山东大学学报(工学版),2006.6,36(3):40-41
[27] 付松龄,谭庆平.基本任务和角色的分布式工作流安全模型.国防科技大学学报,2004.3,26(3):57-62
[28] 陈烽,郭红.工作流访问控制策略.福建电脑,2005(11):19-20
[29] 陈传波,黄俊华.基于工作任务状态的访问权限分配模型.计算机工程与科学,2006,28(7):88-90
[30] 雷建云,洪帆,蒋天发.基于角色的安全工作流动态访问控制模型.武汉大学学报(工学版),2005.8,38(4):94-96
[31] 雷鹤林,陈志刚.基于任务的访问控制在审批系统中的应用研究.电脑与信息技术,2005.12,13(6):59-61
[32] 刘宏.角色与任务相结合的访问控制技术研究与应用[硕士学位论文].四川:西南交通大学,2005.29-36
[33] 宋善德,刘伟.基于任务-角色的访问控制模型.计算机工程与科学,2005,26(6):4-6
[34] 任侠,谭庆平.基本任务和角色的分布式工作流授权控制模型.计算机工程,2006.3,32(5):80-82
[35] 凌宝红,胡东辉.一种工作流访问控制安全模型的研究与设计.安庆师范学院学报(自然科学版),2005.5,11(2):12-16
[36] 王江,李中学.一种含工作流 Web 信息系统的访问控制模型设计实现.后勤工程学院学报,2006(3),49-52
[37] 彭光耀.基于工作流的协同办公信息系统的设计与实现:[硕士学位论文].武汉:华中科技大学,2004.24-35
[38] 赵秀凤,郭渊.一种基于角色和任务的访问控制模型.微计算机信息,2007(33):22-25
[39] 王新胜.RBAC 模型的研究及其应用框架的实现:[硕士学位论文]. 江苏:江苏大学,2003.20-30
[40] 雷钧.角色继承和层次关系分析.湖北汽车工业学院学报,2006(1):27-30
[41] 景栋盛,施奕勇.基于规则的分布式访问控制模型研究.计算机与现代化,2006(3):57-59
[42] 陈天河,等.Java 数据库高级编程.北京:电子工业出版社,2005.40-100
[43] 陈雄华,涂传摈.精通 JBuilder 2005.北京:电子工业出版社,2005.30-60
[44] Chris Schalk.JavaServer Faces 完全参考手册.北京:人民邮电出版社,2007.4.10-100
[45] 罗会波. JSF 第一步——JSF+Spring+Hibernate +AJAX 编程实践.北京:清华大学出版社,2007.10.10-50
[46] 孙鑫.Java Web 开发详解.北京:电子工业出版社,2006.4.10-200
[47] 石永鑫,宋隆. JDBC 与 JAVA 数据库编程(第二版).北京:中国电力出版社,2002 .3.100-200
[48] [美]霍尔,[美]布朗 著,赵学良 译.Servlet 与 JSP 核心编程(第 2 版).北京:清华大学出版社,2004.7.60-150
[49] 汪孝宜,刘中兵,徐佳晶.JSP 数据库开发实例精粹.北京:电子工业出版社,2005.1.60-200
[50] 明日科技.JSP 数据库系统开发案例精选.北京:人民邮电出版社,2006.5.100-250
[51] 刘晓华,张健,周慧贞.JSP 应用开发详解(第三版).北京:电子工业出版社出版,2007.1.120-300
[52] (美)库尔尼亚万(Kurniawan,B.) 著,刘克科,王国军 译.Java Server Faces 编程.北京:清华大学出版社出版,2005.1.1-200
[53] (美)安德森(Anderson,G.),(美)安德森(Ander-son,P.) 著,王海鹏,蔡黄辉 译.JavaStudio Creator 用户指南(原书第 2 版).北京:机械工业出版社,2007.9.10-250
[54] (美)杜德尼 等著.孙勇,蔡云志 译.Mastering JavaServer Faces(中文版).北京:电子工业出版社出版时间,2005.6.50-120
[55] 铁手,程晓冬,何勇.JSF 实战.北京:人民邮电出版社,2007.3.100-300
[56](美)吉瑞 等著,王军 等译.JavaServer Faces 核心编程.北京:电子工业出版社,2005.4.10-150
[2] WfMC. TC00-1019:Workflow Management Coalition Workflow Security Considerations White Paper. WfMC,1998 Feb,44-50
[3] 2007 BPM & Workflow Handbook..Launching.May 22, 2007,20-23
[4] 邓集波,洪帆.基于任务的访问控制模型.软件学报,2003,14(1):76-82
[5] Savith Kandala and Ravi Sandhu. Secure Role-Based Workflow Models. In Proceedings of the 15th IFIP WG 11.3 Working Conference on Database Security,2002,45-58
[6] J.H.Saltzer, M.D.Schroeder..The protection of information in computer systems. Proceedings of the IEEE .1975.9,63(9):1278-1308
[7] D.D.Clark, D.R . Wilson. . A Comparison of commercial and military computer security policies..Proceeding of IEEE Symposium on Security and Privacy,1987.4,56-150
[8] 李慧芳,范玉顺.工作流系统时间管理.软件学报,2002,13(8):1552-1558
[9] 吴中博,袁磊.工作流管理系统中的授权与访问控制.福建电脑,2006(2):59-64
[10] 陈传波,熊飞.基于工作流状态的动态访问控制.计算机工程与科学,2005(7):7-9
[11] 戴莹莹,希凡.基于角色的访问控制在 B/S 模式中的研究与实现.交通与计算机,2006,24(2):124-127
[12] 赵亮,茅兵,谢立.访问控制研究综述.计算机工程,2004.1,30(2):2-3
[13] 沈海波,洪帆.访问控制模型研究综述.计算机应用研究,2005(6):9-11
[14] 鲍连承,赵景波.访问控制技术综述.电气传动自动化,2006,28(4):1-5
[15] Chang-Joo Moon, Dae-Ha Park, Soung – Jin Park. Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration[J].Computers & Security,2004(23):126-136
[16] Sejong Oh,Seog Park. Task-Role-Based Access Control Model[J], Information Systems,,2003,28(6):533-536
[17] Savith Kandala and Ravi Sandhu. Secure Role-Based Workflow Models.In Proceedings of the 15th IFIP WG 11.3 Working Conference on Database Security.2002:45-58.
[18] ShengLi Wu,AmitSheth.Authorization and Access Control of Application Data in Workflow Systems..Journal of Intelligent Information Systems ,2002:71-94
[19] 胡迎松,陈刚,朱阿柯,等.一种基于角色和部门的访问控制模型.计算机工程与科学,2006(7):10-13
[20] 齐润泉,贾瑞生.基于角色的访问控制在校园网中的应用研究.山东科技大学学报(自然科学版),2004(1):36-38
[21] 李攀攀.IP 地址动态管理与访问控制.中国科技信息,2005(20):56-59
[22] 秦超,段云所,陈钟.访问控制原理与实现.网络安全技术与应用,2001(5):56-60
[23] 田钧,张兴忠,王震宇.访问控制系统与 Web 应用.太原理工大学学报,2004(2):103-105
[24] 洪帆,李静.多级安全工作流授权模型.华中科技大学学报(自然科学版),2002,30(1):20-22
[25]刘丁,王小明,付争方.安全工作流管理系统体系结构研究.微电子学与计算机,2006,23(10):75-77
[26] 胡程瑜,李大兴.带时间约束和角色控制的工作流系统授权模型.山东大学学报(工学版),2006.6,36(3):40-41
[27] 付松龄,谭庆平.基本任务和角色的分布式工作流安全模型.国防科技大学学报,2004.3,26(3):57-62
[28] 陈烽,郭红.工作流访问控制策略.福建电脑,2005(11):19-20
[29] 陈传波,黄俊华.基于工作任务状态的访问权限分配模型.计算机工程与科学,2006,28(7):88-90
[30] 雷建云,洪帆,蒋天发.基于角色的安全工作流动态访问控制模型.武汉大学学报(工学版),2005.8,38(4):94-96
[31] 雷鹤林,陈志刚.基于任务的访问控制在审批系统中的应用研究.电脑与信息技术,2005.12,13(6):59-61
[32] 刘宏.角色与任务相结合的访问控制技术研究与应用[硕士学位论文].四川:西南交通大学,2005.29-36
[33] 宋善德,刘伟.基于任务-角色的访问控制模型.计算机工程与科学,2005,26(6):4-6
[34] 任侠,谭庆平.基本任务和角色的分布式工作流授权控制模型.计算机工程,2006.3,32(5):80-82
[35] 凌宝红,胡东辉.一种工作流访问控制安全模型的研究与设计.安庆师范学院学报(自然科学版),2005.5,11(2):12-16
[36] 王江,李中学.一种含工作流 Web 信息系统的访问控制模型设计实现.后勤工程学院学报,2006(3),49-52
[37] 彭光耀.基于工作流的协同办公信息系统的设计与实现:[硕士学位论文].武汉:华中科技大学,2004.24-35
[38] 赵秀凤,郭渊.一种基于角色和任务的访问控制模型.微计算机信息,2007(33):22-25
[39] 王新胜.RBAC 模型的研究及其应用框架的实现:[硕士学位论文]. 江苏:江苏大学,2003.20-30
[40] 雷钧.角色继承和层次关系分析.湖北汽车工业学院学报,2006(1):27-30
[41] 景栋盛,施奕勇.基于规则的分布式访问控制模型研究.计算机与现代化,2006(3):57-59
[42] 陈天河,等.Java 数据库高级编程.北京:电子工业出版社,2005.40-100
[43] 陈雄华,涂传摈.精通 JBuilder 2005.北京:电子工业出版社,2005.30-60
[44] Chris Schalk.JavaServer Faces 完全参考手册.北京:人民邮电出版社,2007.4.10-100
[45] 罗会波. JSF 第一步——JSF+Spring+Hibernate +AJAX 编程实践.北京:清华大学出版社,2007.10.10-50
[46] 孙鑫.Java Web 开发详解.北京:电子工业出版社,2006.4.10-200
[47] 石永鑫,宋隆. JDBC 与 JAVA 数据库编程(第二版).北京:中国电力出版社,2002 .3.100-200
[48] [美]霍尔,[美]布朗 著,赵学良 译.Servlet 与 JSP 核心编程(第 2 版).北京:清华大学出版社,2004.7.60-150
[49] 汪孝宜,刘中兵,徐佳晶.JSP 数据库开发实例精粹.北京:电子工业出版社,2005.1.60-200
[50] 明日科技.JSP 数据库系统开发案例精选.北京:人民邮电出版社,2006.5.100-250
[51] 刘晓华,张健,周慧贞.JSP 应用开发详解(第三版).北京:电子工业出版社出版,2007.1.120-300
[52] (美)库尔尼亚万(Kurniawan,B.) 著,刘克科,王国军 译.Java Server Faces 编程.北京:清华大学出版社出版,2005.1.1-200
[53] (美)安德森(Anderson,G.),(美)安德森(Ander-son,P.) 著,王海鹏,蔡黄辉 译.JavaStudio Creator 用户指南(原书第 2 版).北京:机械工业出版社,2007.9.10-250
[54] (美)杜德尼 等著.孙勇,蔡云志 译.Mastering JavaServer Faces(中文版).北京:电子工业出版社出版时间,2005.6.50-120
[55] 铁手,程晓冬,何勇.JSF 实战.北京:人民邮电出版社,2007.3.100-300
[56](美)吉瑞 等著,王军 等译.JavaServer Faces 核心编程.北京:电子工业出版社,2005.4.10-150