基于策略的工作流安全管理技术的研究
|
摘要
在计算机和网络使用越来越广泛的今天,工作流管理系统也越来越多地受到研究机构以及产业界的关注。本文在基于任务的访问控制和基于角色的访问控制模型的基础上提出了基于多维角色和任务的MDR&TBAC模型。该模型通过基于角色的静态授权和基于任务的动态授权加强了工作流系统访问控制的安全性,解决了传统的访问控制模型的缺陷,新的角色模型开也方便管理一定数量的角色。
文中引入策略来提高工作流管理系统的安全访问控制能力,策略管理技术的核心观点就是以策略驱动管理过程。论文中的基于Ponder策略语言的策略部署模型与底层的策略实施机制无关,能够应用在混合策略环境中。策略部署模型支持策略的实例化,支持策略对象的分发、启用、禁用、卸载以及删除,能够根据域内成员关系的变化对策略实施做出相应的调整,对分布式策略服务以及策略的动态自管理提供了更完善的支持。在面向对象的策略部署模型中,由于被管理对象就是策略本身,因此策略的动态自管理机制具有了一些特殊性。论文从POP策略的分发和实施两个方面对策略动态自管理的特点和过程进行了分析,还提出了分布式策略服务中的策略自管理代理。
论文最后的分布式工作流安全管理模型是在基于角色的工作流访问控制模型基础之上的扩展,它能够适应分布式环境中的角色和授权管理,其授权和访问控制采用了授权管理基础设施的属性证书机制,通过系统中的角色服务器和应用网关实现权限分配以及权限验证的功能。
Today, as the increasingly wide use of computer and network, workflow management system is attracting more and more attention by research institute and industry field. In this thesis a new multi-roles access control model is proposed based on the traditional RBAC and TBAC model. It uses the method of static authorization based on roles and dynamic authorization based on tasks to ensure the access safety of the workflow system. The model overcomes the weaknesses of the traditional access control model and proposes a new role model which can manage roles more conveniently.
This thesis adopts policy management technology to improve the access control abilities of the workflow management system, the main point of policy-based management is the notion of policy as a means of driving management procedures. Generally speaking, the object-oriented Ponder policy language is declarative and simple to specify both security and management policies. An object-oriented policy deployment model that forms part of the runtime support for Ponder is proposed in this thesis by the author. The policy deployment model is independent of the underlying policy enforcement mechanisms, and can also be employed in mixed policy environments. The policy deployment model supports the instantiation,distribution and enabling of policies as well as the disabling, unloading and deletion of policies, caters for changes in the memberships of domains since such changes also affect policy enforcement, and also supports distributed policy service.
The Model of Distributed Secure Workflow Management System is an expansion of Role-Based Secure Workflow Model, it fits the management of role and authorization in distributed environment. The authorization and access control of the model use the atribute certificate policy of Privilege Management Infrastructure, the privilege allocate function and privilege verify function are implemented by role server and application gateway in the systems.
文中引入策略来提高工作流管理系统的安全访问控制能力,策略管理技术的核心观点就是以策略驱动管理过程。论文中的基于Ponder策略语言的策略部署模型与底层的策略实施机制无关,能够应用在混合策略环境中。策略部署模型支持策略的实例化,支持策略对象的分发、启用、禁用、卸载以及删除,能够根据域内成员关系的变化对策略实施做出相应的调整,对分布式策略服务以及策略的动态自管理提供了更完善的支持。在面向对象的策略部署模型中,由于被管理对象就是策略本身,因此策略的动态自管理机制具有了一些特殊性。论文从POP策略的分发和实施两个方面对策略动态自管理的特点和过程进行了分析,还提出了分布式策略服务中的策略自管理代理。
论文最后的分布式工作流安全管理模型是在基于角色的工作流访问控制模型基础之上的扩展,它能够适应分布式环境中的角色和授权管理,其授权和访问控制采用了授权管理基础设施的属性证书机制,通过系统中的角色服务器和应用网关实现权限分配以及权限验证的功能。
Today, as the increasingly wide use of computer and network, workflow management system is attracting more and more attention by research institute and industry field. In this thesis a new multi-roles access control model is proposed based on the traditional RBAC and TBAC model. It uses the method of static authorization based on roles and dynamic authorization based on tasks to ensure the access safety of the workflow system. The model overcomes the weaknesses of the traditional access control model and proposes a new role model which can manage roles more conveniently.
This thesis adopts policy management technology to improve the access control abilities of the workflow management system, the main point of policy-based management is the notion of policy as a means of driving management procedures. Generally speaking, the object-oriented Ponder policy language is declarative and simple to specify both security and management policies. An object-oriented policy deployment model that forms part of the runtime support for Ponder is proposed in this thesis by the author. The policy deployment model is independent of the underlying policy enforcement mechanisms, and can also be employed in mixed policy environments. The policy deployment model supports the instantiation,distribution and enabling of policies as well as the disabling, unloading and deletion of policies, caters for changes in the memberships of domains since such changes also affect policy enforcement, and also supports distributed policy service.
The Model of Distributed Secure Workflow Management System is an expansion of Role-Based Secure Workflow Model, it fits the management of role and authorization in distributed environment. The authorization and access control of the model use the atribute certificate policy of Privilege Management Infrastructure, the privilege allocate function and privilege verify function are implemented by role server and application gateway in the systems.
引文
[1] Workflow Management Coalition. The Workflow Reference Model. 1995. http://www.wfmc.org/standards/docs/tc003v11.pdf, 43~48
[2] Stef Joosten. Workflow Management Research Area Overview. Proceedings of the 2nd Americas Conference on Information Systems.Boston: Massachusetts, 1996, 914~916
[3] Jari Veijalainen, Aamo Lehtola, Olli Pihlajama. Research Issues in Workflow Systems 8th ERCIM Database Research Group Workshop on Database Issues and Infrastructure in Cooperative Information Systems. Norway: Trondheim, 1995:120~133
[4] Wilvander Aalst,Keesvan Hee.王建明译.工作流管理模型、方法与系统[M].北京:清华大学出版社,2004,128~131
[5] D. Georgakopoulos, M. Homick, A. Sheth. An Overview of Workflow Management: From Process Modeling to Infrastructure for Automation, Distributed and Parallel Database Systems, 1995, 3(2): 119~153
[6] 范玉顺.工作流管理技术基础[M].北京:清华大学出版社,2001:35~36
[7] C.Mohancal.Exotica. A Research Perspective on Workflow Management Systems. Bulletin of the Technical Committee on Data Engineering, 1995, 18(1): 18~24
[8] W.M.P.vander, Aalst. Modelingand Analyzing Inter-Organizational Workflows. International Conference on Application of Concurrency to System Design, Fukushima, Japan, 1998, 267~278
[9] Christoph Bussler. Enterprise Wide Workflow Management. IEEE Concurrency, 1999,7(3): 32~43
[10] 葛羽嘉,吴朝辉,袁潜龙.工作流互操作行为的研究与应用[J].计算机科学,1999,26(12):58~61
[11] Ellis C, Nutt GJ. Modeling and enactment of workflow system. Proceedings of the 14th International Conference on Application and Theory of Petri Nets. USA, Chicago, 1993:1~16
[12] Sanchez G. The WIDE workflow model and language, http://dis semaes/projects/WIDE/Documents/408022.pdf, 1997:32~33
[13] 邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1):76~82
[14] 乔颖,须德,戴国忠.一种基于角色访问控制的新模型及其实现机制[J].计算机研究与发展,2000,37(1):37~44.
[15] Barka E., Sandhu R. S., Framework for Role-Based Delegation Models. Computer Security Applications Conference 2000. USA: Miami Beach, 2000
[16] Barkley, J.,R.Kuhn, L.Rosenthal, M.Skall. Role-Based Access Control for the Web.In Proceedings of the CALS Expo International & 21st Century Commerce 1998: Global Business Solutions for the New Millennium. U SA: Long Beach, 1998:26~29
[17] BertinoE., Bonatti P., Ferrari E. A Temporal Role-Based Access ControlModel. ACM Transactions on Information and System Security, 4(3), 2001: 191~223
[18] Sandhu, R. S., Coyne, E. J., Feinstein, H. L. Role-Based Access Control Models. IEEE Computer, 29(2), 1996:38~47
[19] Appan Ponnappan, Lingjia Yang, Radhakrishna Pillai. R.A. Policy Based QoS Management System for the InterServ/DiffServ Based Internet. IEEE Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks. USA, 2002:159~168
[20] Sandhu, R. S., Munawer, Q. The RRA97 Model for Role-Based Administration of Role Hierarchies. Computer Security Applications Conference, USA, Chicago, 1998:6~16
[21] 钟华,冯玉琳,姜洪安.扩充角色层次关系模型及其应用[J].软件学报,2000,11(6):779~784
[22] E Lupu, M Sloman, N Dulay. Ponder:Realising Enterprise Viewpoint Concepts. Proceedings of the 4th International Enterprise Distributed Object Computing Conference (EDOC 2000). Makuhari, 2000:25~28
[23] Avery P, Cavanaugh R, Sanjay Ranka. Policy based Scheduling for Simple Quality of Service in Grid Computing. Proceedings of 18th International Parallel and Distributed Processing Symposium, Florida, 2004:23~42
[24] The Internet Engineering Task. Policy Core Information Model. http://www.ietf.org/rfc/rfc3060.txt, 2001:33~40
[25] The Internet Engineering Task.Policy Quality of Service Information Model. http://www.ietf.org/rfc/rfc3060.txt, 2003:48~58
[26] 卢世凤,刘学敏,刘淘英.基于策略的管理综述[J].计算机工程与应用,2004,40(9):85~89
[27] 张少俊,李建华,郑明璐.基于策略的网络管理[J].计算机工程,2003, 29(16): 127~129
[28] Bertino, E., Catania, B., Ferrari, E., and Perlasca, P., A Logical Framework for Reasoning about Access Control Models, ACM Transactions on Information and System Security, 2003, 6(1): 71~127
[29] Damianou, N., N.Dulay, E.Lupu and M.Sloman. Managing Security in Object-based Distributed Systems using Ponder. In Proceedings of the 6th Open European Summer School, Enchede,The Netherlands, 2000:13~15
[30] Damianou, N., T.Tonouchi, N.Dulay, E.Lupuand M.Sloman. Tools for Domain-based Policy Management of Distributed Systems. In Proceeding of the Network Operations and Management Symposium, Frorence,Italy, 2002:15~19
[31] Jeffrey O. Kephart, William E. Walsh. An Artificial Intelligence Perspective on Autonomic Computing Policies. IEEE 5th International Workshop on Policies for Distributed Systems and Networks, USA, 2004:3~12
[32] Barka, E. and Sandhu, R. S., A Role-Based Delegation Model and Some Extensions, In National Information Systems Security Conference, USA, 2000: 59~66
[33] Lupu,E.C.and M.S.Sloman.Conflictsin Policy-Based Distributed Systems Ma nagement. In IEEE Transactions on Software Engineering Special Issue on consistency Management, 25(6), 1999:852~869
[34] IETF 策略框架工作组,http://www.ietf.org/html.charters/policy-charter.html
[35] Moore,B.,E.Ellesson,J.Strassner and A.Westerinen.Policy Core Information Model Versionl Specification, RFC 3060,2001
[36] 张晓光,曹健,张申生.策略约束面向角色和团队关系的工作流任务分配管理[J].计算机研究与发展,2002,39(12):56~63
[37] 杨海松,洪佩琳,李津生.基于IP网络的QoS策略控制系统相关技术及其实现[J].电路与系统学报,2001,6(11):64~69
[38] 杨海松,洪佩琳,李津生.IP网络QoS策略信息存储模型的研究[J].计算机工程,2002,28(11):63~65
[39] 杨海松,洪佩琳,李津生.基于IP园区网QoS的策略控制系统[J].计算机工程与应用,2002,38(2):86~91
[40] Lupu,E.C and M.S. Sloman. Conflicts in Policy-Based Distributed Systems Management. In IEEE Transactions on Software Engineering Special Issue on Inconsistency Management, 25 (6), 1999: 852~869,
[41] Jajodia,S, P.Samarati and V.S.Subrahmanian.A Logical Language for Expressing Authorisations. In Proceedings of the IEEE Symposiumon Security and Privacy, 1997:31-42
[42] Durham,D.,J.Boyle,R.Cohen,S.Herzog,R.Rajan and A.Sastry. The COPS( Common Open Policy Service) Protocol, RFC2748, 2000(1)
[2] Stef Joosten. Workflow Management Research Area Overview. Proceedings of the 2nd Americas Conference on Information Systems.Boston: Massachusetts, 1996, 914~916
[3] Jari Veijalainen, Aamo Lehtola, Olli Pihlajama. Research Issues in Workflow Systems 8th ERCIM Database Research Group Workshop on Database Issues and Infrastructure in Cooperative Information Systems. Norway: Trondheim, 1995:120~133
[4] Wilvander Aalst,Keesvan Hee.王建明译.工作流管理模型、方法与系统[M].北京:清华大学出版社,2004,128~131
[5] D. Georgakopoulos, M. Homick, A. Sheth. An Overview of Workflow Management: From Process Modeling to Infrastructure for Automation, Distributed and Parallel Database Systems, 1995, 3(2): 119~153
[6] 范玉顺.工作流管理技术基础[M].北京:清华大学出版社,2001:35~36
[7] C.Mohancal.Exotica. A Research Perspective on Workflow Management Systems. Bulletin of the Technical Committee on Data Engineering, 1995, 18(1): 18~24
[8] W.M.P.vander, Aalst. Modelingand Analyzing Inter-Organizational Workflows. International Conference on Application of Concurrency to System Design, Fukushima, Japan, 1998, 267~278
[9] Christoph Bussler. Enterprise Wide Workflow Management. IEEE Concurrency, 1999,7(3): 32~43
[10] 葛羽嘉,吴朝辉,袁潜龙.工作流互操作行为的研究与应用[J].计算机科学,1999,26(12):58~61
[11] Ellis C, Nutt GJ. Modeling and enactment of workflow system. Proceedings of the 14th International Conference on Application and Theory of Petri Nets. USA, Chicago, 1993:1~16
[12] Sanchez G. The WIDE workflow model and language, http://dis semaes/projects/WIDE/Documents/408022.pdf, 1997:32~33
[13] 邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1):76~82
[14] 乔颖,须德,戴国忠.一种基于角色访问控制的新模型及其实现机制[J].计算机研究与发展,2000,37(1):37~44.
[15] Barka E., Sandhu R. S., Framework for Role-Based Delegation Models. Computer Security Applications Conference 2000. USA: Miami Beach, 2000
[16] Barkley, J.,R.Kuhn, L.Rosenthal, M.Skall. Role-Based Access Control for the Web.In Proceedings of the CALS Expo International & 21st Century Commerce 1998: Global Business Solutions for the New Millennium. U SA: Long Beach, 1998:26~29
[17] BertinoE., Bonatti P., Ferrari E. A Temporal Role-Based Access ControlModel. ACM Transactions on Information and System Security, 4(3), 2001: 191~223
[18] Sandhu, R. S., Coyne, E. J., Feinstein, H. L. Role-Based Access Control Models. IEEE Computer, 29(2), 1996:38~47
[19] Appan Ponnappan, Lingjia Yang, Radhakrishna Pillai. R.A. Policy Based QoS Management System for the InterServ/DiffServ Based Internet. IEEE Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks. USA, 2002:159~168
[20] Sandhu, R. S., Munawer, Q. The RRA97 Model for Role-Based Administration of Role Hierarchies. Computer Security Applications Conference, USA, Chicago, 1998:6~16
[21] 钟华,冯玉琳,姜洪安.扩充角色层次关系模型及其应用[J].软件学报,2000,11(6):779~784
[22] E Lupu, M Sloman, N Dulay. Ponder:Realising Enterprise Viewpoint Concepts. Proceedings of the 4th International Enterprise Distributed Object Computing Conference (EDOC 2000). Makuhari, 2000:25~28
[23] Avery P, Cavanaugh R, Sanjay Ranka. Policy based Scheduling for Simple Quality of Service in Grid Computing. Proceedings of 18th International Parallel and Distributed Processing Symposium, Florida, 2004:23~42
[24] The Internet Engineering Task. Policy Core Information Model. http://www.ietf.org/rfc/rfc3060.txt, 2001:33~40
[25] The Internet Engineering Task.Policy Quality of Service Information Model. http://www.ietf.org/rfc/rfc3060.txt, 2003:48~58
[26] 卢世凤,刘学敏,刘淘英.基于策略的管理综述[J].计算机工程与应用,2004,40(9):85~89
[27] 张少俊,李建华,郑明璐.基于策略的网络管理[J].计算机工程,2003, 29(16): 127~129
[28] Bertino, E., Catania, B., Ferrari, E., and Perlasca, P., A Logical Framework for Reasoning about Access Control Models, ACM Transactions on Information and System Security, 2003, 6(1): 71~127
[29] Damianou, N., N.Dulay, E.Lupu and M.Sloman. Managing Security in Object-based Distributed Systems using Ponder. In Proceedings of the 6th Open European Summer School, Enchede,The Netherlands, 2000:13~15
[30] Damianou, N., T.Tonouchi, N.Dulay, E.Lupuand M.Sloman. Tools for Domain-based Policy Management of Distributed Systems. In Proceeding of the Network Operations and Management Symposium, Frorence,Italy, 2002:15~19
[31] Jeffrey O. Kephart, William E. Walsh. An Artificial Intelligence Perspective on Autonomic Computing Policies. IEEE 5th International Workshop on Policies for Distributed Systems and Networks, USA, 2004:3~12
[32] Barka, E. and Sandhu, R. S., A Role-Based Delegation Model and Some Extensions, In National Information Systems Security Conference, USA, 2000: 59~66
[33] Lupu,E.C.and M.S.Sloman.Conflictsin Policy-Based Distributed Systems Ma nagement. In IEEE Transactions on Software Engineering Special Issue on consistency Management, 25(6), 1999:852~869
[34] IETF 策略框架工作组,http://www.ietf.org/html.charters/policy-charter.html
[35] Moore,B.,E.Ellesson,J.Strassner and A.Westerinen.Policy Core Information Model Versionl Specification, RFC 3060,2001
[36] 张晓光,曹健,张申生.策略约束面向角色和团队关系的工作流任务分配管理[J].计算机研究与发展,2002,39(12):56~63
[37] 杨海松,洪佩琳,李津生.基于IP网络的QoS策略控制系统相关技术及其实现[J].电路与系统学报,2001,6(11):64~69
[38] 杨海松,洪佩琳,李津生.IP网络QoS策略信息存储模型的研究[J].计算机工程,2002,28(11):63~65
[39] 杨海松,洪佩琳,李津生.基于IP园区网QoS的策略控制系统[J].计算机工程与应用,2002,38(2):86~91
[40] Lupu,E.C and M.S. Sloman. Conflicts in Policy-Based Distributed Systems Management. In IEEE Transactions on Software Engineering Special Issue on Inconsistency Management, 25 (6), 1999: 852~869,
[41] Jajodia,S, P.Samarati and V.S.Subrahmanian.A Logical Language for Expressing Authorisations. In Proceedings of the IEEE Symposiumon Security and Privacy, 1997:31-42
[42] Durham,D.,J.Boyle,R.Cohen,S.Herzog,R.Rajan and A.Sastry. The COPS( Common Open Policy Service) Protocol, RFC2748, 2000(1)