企业级协作环境中访问控制模型研究
摘要
访问控制是保证信息安全的基本手段之一。它可划分为主/被动两种范型:前者面向业务过程,后者以系统为中心。由于企业应用往往需要满足复杂多样的业务/协作需求,并可能涉及大规模的主/客体对象,其访问控制组件应当提供灵活透明的安全服务,并支持可伸缩易维护的安全管理。本文将从这两个角度来研究企业环境中的主被动访问控制问题,主要工作如下:
1.提出了一种基于组织-角色的访问控制模型。它以具有实体、管理和全局三种附加属性的组织-角色关联为授权依据,定义了组织-角色特化/管理两种关系作为其权限继承机制,不仅为分布式同构性组织中的授权提供了极强的伸缩性,还能描述层次性组织中某些灵活的授权策略。进而,该模型能够刻划细粒度的职责分离约束,并通过泛化的语义来简化类似约束的表达。通过在一个B2B实例上与相关工作比较验证了模型的优势。
2.提出了一种基于任务状态的访问控制模型,以克服基于任务的访问控制粒度较粗,过于僵化,可能反过来干扰业务过程建模的问题。给出了该模型的CPN仿真方法,既能刻划主体职责分离,又可以支持定义在工作流应用数据上的多种权限,克服了现有仿真方法描述能力不足的问题。通过一个定制开发工作流验证了模型的协作概念及其仿真方法的可行性。
3.现有的工作流委托模型中,时间限制过于僵化,不能适应执行状态的变化。为此基于任务状态的线性序列,提出一种对时间和状态混合上下文敏感的委托特性。首先通过事件和条件给出委托请求的语法描述,然后通过赋值和上下文刻划事件和条件的形式语义,给出委托请求的时态一致性标准。为了在系统内部处理委托请求,给出事件和条件的范式,证明了一组有关的性质和定理。进而得出事件和条件的正则化、比较和检测算法。最后,综合前面的结论与算法,建立了委托验证和执行的处理过程。通过一组例子验证了委托语法的表达能力和内部处理机制的可行性。与各种通用事件模型相比,本文的委托语法面向特定需求,简明易用,更容易向终端用户普及。另外,将事件与条件分开建模,严格保证事件的瞬时性,可以避免检测语义应用不当带来的逻辑缺陷。
4.为解决主动访问控制模型中普遍和长期存在的任务间重复授权问题,并保持对任务内多角色协作的支持,提出了基于任务-角色关联的访问控制方法。通过对传统的角色-任务指派关系进行深入挖掘,定义了职能关联概念及其特化与管理关系;根据职能关联的分量和属性给出其两种关系的推导规则,并按两种关系上的继承性区分业务性和管理性授权,从而建立了可自动配置的授权继承结构。进而定义了细粒度可泛化的职责分离约束。软件开发和论文评审工作流上的相关工作比较表明,该模型可以有效化简任务间的重复授权。
5.基于任务分类和角色层次的三步授权机制集成了主被动两种访问控制范型,但任务间重复授权,多种角色层次上的任务继承性冲突,任务约束重复表达等问题严重影响了有关模型的伸缩性。为此提出一种增强的主被动集成访问控制模型。首先,通过可扩展的角色层次划分细化了主/被动任务的分类,可以灵活地简化多种任务分配关系;其次,引入基于任务泛化的授权继承和约束覆盖机制,可以有效减少任务之间的重复授权和约束;第三,通过一组正确和完备的语义覆盖规则,为自动约束化简等提供了依据;最后给出多粒度权限激活机制和动态互斥的冗余检测算法,以消除不必要的访问检查开销,降低伸缩增强可能带来的效率损失。通过一个软件项目实例验证了模型的授权和约束伸缩性。
Access control is one of the essential means to secure information security. It could bedivided into the two of active/passive ones: the former is business-oriented and the latter issystem-centric. In enterprise applications, normally complex and various business/collaboration requirements should be met, and large-scaled subjects/objects might be involved.Therefore in their access control components, not only flexible and transparent securityservices should be provided, but also scalable and maintainable security administration shouldbe supported. In this paper the enterprise-oriented active/passive access control issue will beaddressed from these two perspectives. The main work of this paper includes:
1. An organizations-role association based access control model is proposed. Anorganization-role association with the additional attributes of actuality, management andglobality are used as the basis of authorization, and the specialization/management relationsamong organization-roles are defined as its permission inheritance mechanisms. Not onlyoutstanding authorization scalability is provided in distributed homogeneous organizations,but also some flexible authorization policies could be represented in hierarchicalorganizations. Furthermore fine-grained Separation of Duties (SoD) constraints could berepresented, and the expression of similar constraints could be simplified through generalizedsemantics. The superiority of this model is validated by comparison with related work using aB2B example.
2. A task-state based access control model is proposed to overcome the defect that taskbased access control is somewhat coarse-grained and inflexible such that the modeling ofbusiness processes might be interfered in turn. A Colored Petri Net (CPN) simulation methodis present for the model. The expression power of existing simulation methods is enhanced:the SoD among subjects could be represented; at the same time multiple permissions definedon workflow application data could be supported. The feasibility of the model’s collaborationconcept and its simulation method is validated on a workflow of customizing development.
3. In existing delegation models for workflow, time constraints are too fixed to adapt tothe executing states. To address this issue, a kind of delegation feature with time and statemixed context sensitivity is proposed on basis of the linear sequence of task executing states.First, the syntax of a delegating request is described in terms of event and condition. Next, theformal semantics of events and conditions is illustrated with the concepts of assignment andcontext, and then the temporal consistency of a delegating request is defined. To processdelegating requests internally, the regular forms of events and conditions are defined, and some related properties and theorems are proved. Then the regularizing, comparing anddetecting algorithms are given for events and conditions. Eventually, the processing flow forthe validation and enactment of delegations is built. Using a group of examples, theexpression power of the delegation syntax and the feasibility of the internal processingmechanism are validated. Comparing to those general event models, the delegation syntax isquite easier to use and popularize since it is oriented to specific requirements. Moreover, thelogic defects caused by the inappropriate application of the detection semantics are avoidedbecause events and conditions are modeled respectively and the instantaneity of events isensured.
4. A task-role association based access control approach is proposed to address thewidespread and long-stand issure of repetitive authorizations among tasks in active accesscontrol models and to support the collaboration of multiple roles within a task at the sametime. The definition of function association with specialization and management relations isgiven by deeply analyzing the traditional relation of role-task assignment. Inference rulesabout the two relations on function associations are obtained from the components andattributes of function associations, and then authorizations are divided into two types ofbusiness and management based on the inheritance on the two relations. Thusauto-configurable authorization structures are established. Furthermore, the fine-grained andgeneralizable SoD constraints are defined. Comparisons with related work on the workflowsof software development and paper review show that repetitive authorizations among taskscould be effectively reduced.
5. The task classification and role hierarchy based3-steps authorization integrates the twoaccess control paradigms of active and passive ones. But the scalability of the related modelsis degraded remarkably by repetitive authorizations between tasks, confliction between taskinheritances along multiple role hierarchies, repetitive expressions of task constraints.Therefore an enhanced active/passive integrated access control model is proposed in thispaper. First, the classification of active/passive tasks is fine-grained through extendablesubdivision of role hierarchy, thus many kinds of task assignments can be simplifiedoptionally. Secondly, task generalization based authorization inheritance and constraintcoverage mechanisms are introduced, thus repetitive authorizations and constraints can beeffectively reduced. Thirdly, a group of semantic coverage rules of completeness andsoundness are presented, which provide grounds for automatic constraints simplification, etc.Finally, multiple-granularity permission activation mechanism and dynamic exclusionsredundancy detecting algorithm is presented to remove unnecessary cost in access checking and to compensate efficiency loss which might be brought by scalability enhancing. Theauthorization and constraint scalability of this model is validated using an example ofsoftware project.
1.提出了一种基于组织-角色的访问控制模型。它以具有实体、管理和全局三种附加属性的组织-角色关联为授权依据,定义了组织-角色特化/管理两种关系作为其权限继承机制,不仅为分布式同构性组织中的授权提供了极强的伸缩性,还能描述层次性组织中某些灵活的授权策略。进而,该模型能够刻划细粒度的职责分离约束,并通过泛化的语义来简化类似约束的表达。通过在一个B2B实例上与相关工作比较验证了模型的优势。
2.提出了一种基于任务状态的访问控制模型,以克服基于任务的访问控制粒度较粗,过于僵化,可能反过来干扰业务过程建模的问题。给出了该模型的CPN仿真方法,既能刻划主体职责分离,又可以支持定义在工作流应用数据上的多种权限,克服了现有仿真方法描述能力不足的问题。通过一个定制开发工作流验证了模型的协作概念及其仿真方法的可行性。
3.现有的工作流委托模型中,时间限制过于僵化,不能适应执行状态的变化。为此基于任务状态的线性序列,提出一种对时间和状态混合上下文敏感的委托特性。首先通过事件和条件给出委托请求的语法描述,然后通过赋值和上下文刻划事件和条件的形式语义,给出委托请求的时态一致性标准。为了在系统内部处理委托请求,给出事件和条件的范式,证明了一组有关的性质和定理。进而得出事件和条件的正则化、比较和检测算法。最后,综合前面的结论与算法,建立了委托验证和执行的处理过程。通过一组例子验证了委托语法的表达能力和内部处理机制的可行性。与各种通用事件模型相比,本文的委托语法面向特定需求,简明易用,更容易向终端用户普及。另外,将事件与条件分开建模,严格保证事件的瞬时性,可以避免检测语义应用不当带来的逻辑缺陷。
4.为解决主动访问控制模型中普遍和长期存在的任务间重复授权问题,并保持对任务内多角色协作的支持,提出了基于任务-角色关联的访问控制方法。通过对传统的角色-任务指派关系进行深入挖掘,定义了职能关联概念及其特化与管理关系;根据职能关联的分量和属性给出其两种关系的推导规则,并按两种关系上的继承性区分业务性和管理性授权,从而建立了可自动配置的授权继承结构。进而定义了细粒度可泛化的职责分离约束。软件开发和论文评审工作流上的相关工作比较表明,该模型可以有效化简任务间的重复授权。
5.基于任务分类和角色层次的三步授权机制集成了主被动两种访问控制范型,但任务间重复授权,多种角色层次上的任务继承性冲突,任务约束重复表达等问题严重影响了有关模型的伸缩性。为此提出一种增强的主被动集成访问控制模型。首先,通过可扩展的角色层次划分细化了主/被动任务的分类,可以灵活地简化多种任务分配关系;其次,引入基于任务泛化的授权继承和约束覆盖机制,可以有效减少任务之间的重复授权和约束;第三,通过一组正确和完备的语义覆盖规则,为自动约束化简等提供了依据;最后给出多粒度权限激活机制和动态互斥的冗余检测算法,以消除不必要的访问检查开销,降低伸缩增强可能带来的效率损失。通过一个软件项目实例验证了模型的授权和约束伸缩性。
Access control is one of the essential means to secure information security. It could bedivided into the two of active/passive ones: the former is business-oriented and the latter issystem-centric. In enterprise applications, normally complex and various business/collaboration requirements should be met, and large-scaled subjects/objects might be involved.Therefore in their access control components, not only flexible and transparent securityservices should be provided, but also scalable and maintainable security administration shouldbe supported. In this paper the enterprise-oriented active/passive access control issue will beaddressed from these two perspectives. The main work of this paper includes:
1. An organizations-role association based access control model is proposed. Anorganization-role association with the additional attributes of actuality, management andglobality are used as the basis of authorization, and the specialization/management relationsamong organization-roles are defined as its permission inheritance mechanisms. Not onlyoutstanding authorization scalability is provided in distributed homogeneous organizations,but also some flexible authorization policies could be represented in hierarchicalorganizations. Furthermore fine-grained Separation of Duties (SoD) constraints could berepresented, and the expression of similar constraints could be simplified through generalizedsemantics. The superiority of this model is validated by comparison with related work using aB2B example.
2. A task-state based access control model is proposed to overcome the defect that taskbased access control is somewhat coarse-grained and inflexible such that the modeling ofbusiness processes might be interfered in turn. A Colored Petri Net (CPN) simulation methodis present for the model. The expression power of existing simulation methods is enhanced:the SoD among subjects could be represented; at the same time multiple permissions definedon workflow application data could be supported. The feasibility of the model’s collaborationconcept and its simulation method is validated on a workflow of customizing development.
3. In existing delegation models for workflow, time constraints are too fixed to adapt tothe executing states. To address this issue, a kind of delegation feature with time and statemixed context sensitivity is proposed on basis of the linear sequence of task executing states.First, the syntax of a delegating request is described in terms of event and condition. Next, theformal semantics of events and conditions is illustrated with the concepts of assignment andcontext, and then the temporal consistency of a delegating request is defined. To processdelegating requests internally, the regular forms of events and conditions are defined, and some related properties and theorems are proved. Then the regularizing, comparing anddetecting algorithms are given for events and conditions. Eventually, the processing flow forthe validation and enactment of delegations is built. Using a group of examples, theexpression power of the delegation syntax and the feasibility of the internal processingmechanism are validated. Comparing to those general event models, the delegation syntax isquite easier to use and popularize since it is oriented to specific requirements. Moreover, thelogic defects caused by the inappropriate application of the detection semantics are avoidedbecause events and conditions are modeled respectively and the instantaneity of events isensured.
4. A task-role association based access control approach is proposed to address thewidespread and long-stand issure of repetitive authorizations among tasks in active accesscontrol models and to support the collaboration of multiple roles within a task at the sametime. The definition of function association with specialization and management relations isgiven by deeply analyzing the traditional relation of role-task assignment. Inference rulesabout the two relations on function associations are obtained from the components andattributes of function associations, and then authorizations are divided into two types ofbusiness and management based on the inheritance on the two relations. Thusauto-configurable authorization structures are established. Furthermore, the fine-grained andgeneralizable SoD constraints are defined. Comparisons with related work on the workflowsof software development and paper review show that repetitive authorizations among taskscould be effectively reduced.
5. The task classification and role hierarchy based3-steps authorization integrates the twoaccess control paradigms of active and passive ones. But the scalability of the related modelsis degraded remarkably by repetitive authorizations between tasks, confliction between taskinheritances along multiple role hierarchies, repetitive expressions of task constraints.Therefore an enhanced active/passive integrated access control model is proposed in thispaper. First, the classification of active/passive tasks is fine-grained through extendablesubdivision of role hierarchy, thus many kinds of task assignments can be simplifiedoptionally. Secondly, task generalization based authorization inheritance and constraintcoverage mechanisms are introduced, thus repetitive authorizations and constraints can beeffectively reduced. Thirdly, a group of semantic coverage rules of completeness andsoundness are presented, which provide grounds for automatic constraints simplification, etc.Finally, multiple-granularity permission activation mechanism and dynamic exclusionsredundancy detecting algorithm is presented to remove unnecessary cost in access checking and to compensate efficiency loss which might be brought by scalability enhancing. Theauthorization and constraint scalability of this model is validated using an example ofsoftware project.
引文
[1] Aalst W.M.P., Hee K..工作流管理:模型,方法和系统[M].王建民,闻立杰译.北京:清华大学出版社,2004
[2] ISO/IEC27002, Information Technology--Security Techniques--Code of Practice forInformation Security Management[S]. Switzerland: ISO/IEC JTC1SC27,2005
[3] Clark D.D., Wilson D.R.. A Comparison of Commercial and Military ComputerSecurity Policies[A]. Proceedings of the8th IEEE Symposium on Security andPrivacy[C]. Los Alamitos, USA:IEEE CS,1987:184-194
[4] ISO/IEC27001, Information technology--Security techniques--Information securitymanagement systems—Requirements[S]. Switzerland: ISO/IEC,2005
[5] Samarati P., Vimercati S.C.. Access Control: Policies, Models, and Mechanisms[A].Lecture Notes in Computer Science2171[C]. Berlin Heidelberg:Springer Verlag,2001:137-196
[6] Lampson B.W.. Protection[A]. the5th Princeton Symposium on Information Scienceand Systems (Reprinted in ACM Operating Systems Review)[C]. New York,USA:ACM Press,1974,8(1):1824
[7] Harrison M.H., Ruzzo W.L., Ullman J.D.. Protection in Operating Systems[J].Communications of the ACM,1976,19(8):461-471
[8] Sandhu R..The Typed Access Matrix Model[A].Proceeding of the IEEE Symposiumon Research in Security and Privacy[C] New York, USA:IEEE CS,1992:122-136
[9] TCSEC. Trusted Computer System Evaluation Criteria[S]. USA:National ComputerSecurity Center, Department of Defense,1985
[10] Bell D.E., Lapadula L.J.. Secure Computer Systems: Mathematical Foundations[R].Bedford, USA:The Mitre Corporation,1973
[11] Biba K.. Integrity Cosiderations for Secure Computer Systems[R]. Bedford, USA:TheMitre Corporation,1977
[12] Bishop M., Bailey D.. Checking for Race Conditions in File Accesses[J]. ComputingSystems,1996,131-152
[13] Sandhu R.. Lattice-Based Access Control Models[J].IEEE Computer,1993,26(11):9-19
[14] Sandhu R., Coyne E.J., Feinstein H.L., et al. Role-based access control models[J].IEEE Computer,1996,29(2):38-47
[15] Ferraiolo D.F., Sandhu R., Gavrila, et al. Proposed NIST Standard for Role-basedAccess Control[J]. ACM Transactions on Information and System Security,2001,4(3):224-274
[16] ANSI INCITS359-2004. Standard for Role Based Access Control [S]. USA:American National Standards Institute,2004
[17] RTI International. The Economic Impact of Role-Based Access Control.[EB/OL].http://www.nist.gov/director/prog-ofc/report02-1.pdf,2002
[18] Perwaiz N., Sommerville I.. Structured Management of Role-Permission Relations[A].Proceedings of the6th ACM Symposium on Access Control Models andTechnologies[C]. Chantilly, VA, USA:ACM CS,2001:163-169
[19] Schaad A., Moffett J., Jacob J.,2001. The Role-Based Access Control System of aEuropean Bank: A Case Study and Discussion[A]. Proceedings of the6th ACMSymposium on Access Control Models and Technologies[C]. Chantilly,VA,USA:ACM,2001:3-9
[20] Vela G.F.L., Montes I.J.L., Rodriguez P.P., et al. An Architecture for Access ControlManagement in Collaborative Enterprise Systems Based on Organization Models[J].Science of Computer Programming,2007,66(1):44-59.
[21] Chen T.Y., Chen Y.M., Wang C.B., et al. Flexible Authorisation in DynamicE-Business Environments using an Organisation Structure-Based Access ControlModel[J]. International Journal of Computer Integrated Manufacturing,2009,22(3):225-244.
[22] Zhang Z.X., Zhang X.W., Sandhu R.. ROBAC: Scalable Role and Organization BasedAccess Control Models[A]. Proceedings of the2nd International Conference onCollaborative Computing: Networking, Applications and Worksharing[C]. New York,USA: IEEE CS,2006:1-9
[23] Zhang Z.X.. Scalable Role and Organization Based Access Control and itsAdministration[D]. Fairfax, VA, USA:George Mason University,2008
[24] Thomas R.K., Sandhu R.S.. Towards a Task-Based Paradigm for Flexible andAdaptable Access Control in Distributed Applications[A]. Proceedings of the1992-1993ACM SIGSAC New Security Paradigms Workshops[C]. New York,USA:ACM Press,1993:138-142.
[25] Thomas R.K., Sandhu R.S.. Conceptual Foundations for a Model of Task-basedAuthorizations[A]. Proceedings of the7th Computer Security FoundationsWorkshop[C]. Franconia, NH: IEEE CS,1994:66-79
[26] Sandhu R., Thomas R.K.. Task-based Authorization Controls (TBAC): A Family ofModels for Active and Enterprise-oriented Authorization Management[A].Proceedings of the IFIP11th International Conference on Database Security[C].London, UK: Chapman&Hall,1997:166-181
[27] Atluri V., Huang W.K.. An Authorization Model for Workflows[A]. Proceedinngs ofthe5th European Symposium on Research in Computer Security. Lecture Notes inComputer Science1146[C]. Berlin Heidelberg:Springer-Verlag,1996:44-64.
[28] Atluri V., Huang W.K.. Petri Net Based Safety Analysis of Workflow AuthorizationModels[J]. Journal of Computer Security,2000,8(2/3):209-240
[29] Knorr K.. Dynamic Access Control Through Petri Net Workflows[A]. Proceedings ofthe16th Annual Computer Security Applications Conference[C]. New Orleans, USA,2000:159–167
[30] Saltzer J.H., Schroeder M.D.. The Protection of Information in Computer Systems[J].Proceedings of the IEEE,1975,63(9):1278-1308.
[31] Schneider F.B.. Enforceable security policies[J]. ACM Transactions on Informationand System Security,2000,3(1):30-50
[32] Ahmed T., Tripathi A.R.. Security Policies in Distributed CSCW and WorkflowSystems[J]. IEEE Transactions on Systems, Man and Cybernetics Part A: Systemsand Humans,2010,40(6):1220-1231
[33]齐文杰,吴松,易川江,等.基于复合状态的工作流授权[J].华中科技大学学报(自然科学版),2006,34(增刊):86-89
[34] Dong X., Chen G., Yin J.W., et al. Petri-Net-Based Context-Related Access Controlin Workflow Environment[A]. Proceedings of the International Conference onComputer Supported Cooperative Work[C]. DesignRio de Janeiro, Brazil:IEEE,2002:381-384.
[35] Oh S., Park S.. Task-Role Based Access Control Model[J]. Journal of InformationSystems,2003,28(6):533-562
[36] Wainer J., Barthelmess P., Kumar A.. W-RBAC:A Workflow Security ModelIncorporating Controlled Overriding of Constraints[J]. International Journal ofCooperative Information Systems,2003,12(4):455-485
[37] Wu S.L., Sheth A., Miller J., et al. Authorization and Access Control of ApplicationData in Workflow Systems[J]. Journal of Intelligent Information Systems,2002,18(1):71-94.
[38] Wang X.F., Li Y.J.. Formal Definition and Implementation of Business-Oriented SoDAccess Control Policy[J]. Information Management and Computer Security.2004,12(5):379-388.
[39]陈伟鹤,殷新春,茅兵,等.基于任务和角色的双重Web访问控制模型[J].计算机研究与发展,2004(9):1466-1473.
[40]魏永合,王成恩,舒启林,马明旭.面向任务的工作流访问控制模型[J].东北大学学报(自然科学版),2008,29(3):387-390
[41] Bertino E., Ferrari E., Atluri V.. A Flexible Model Supporting the Specification andEnforcement of Role-based Authorizations in Workflow Management Systems[J].ACM Transactions on Information and System Security,1999,2(1):65-104
[42]邢光林,洪帆.基于角色和任务的工作流授权模型及约束描述[J].计算机研究与发展,2005(11):1946-1953.
[43] LIU D., W M.Y., LEE S.T.. Role-Based Authorizations for Workflow Systems inSupport of Task-Based Separation of Duty[J]. Journal of Systems and Software,2004,73(3):375-387
[44]魏永合,舒启林.基于权限和任务的工作流授权合理性验证[J].计算机集成制造系统,2008,14(7):1349-1355
[45]尹建伟,徐争前,冯志林,等.增强权限约束支持的基于任务访问控制模型[J].计算机辅助设计与图形学学报,2006,18(1):143-149
[46] YAO L., KONG X.W., XU, Z.C.. A Task-Role Based Access Control Model withMulti-Constraints[A]. Proceedings of the4th International Conference on NetworkedComputing and Advanced Information Management[C]. Piscataway, NJ:IEEE CS,2008:137-143
[47]裘炅,谭建荣,张树有,等.应用角色访问控制的工作流动态授权模型[J].计算机辅助设计与图形学学报,2004(7):992-998
[48]马晨华,陆国栋,裘炅.面向工作流系统的柔性策略访问控制模型[J].浙江大学学报(工学版).2008(12):2112-2120
[49] Qiu J., Ma C.H.. A Flexible Access Control Model for Workflows[A]. Proceedings ofthe12th International Conference on Computer Supported Cooperative Work inDesign[C]. New York, USA:IEEE CS,2008:606-612
[50]马晨华,王进,裘炅等.基于情景约束的工作流柔性访问控制模型[J].浙江大学学报(工学版),2010(12):2297-2308
[51] Thomas R.K. Team-based access control (TMAC): A Primitive for ApplyingRole-Based Access Controls in Collaborative Environments[C].2nd ACM Workshopon Role-Based Access Control, VA,USA: ACM,1997:13-19
[52] Georgiadis C.K. Mavridis I. Pangalos G. et al. Flexible Team-Based Access ControlUsing Contexts[A]. Proceedings of the6th ACM Symposium on Access ControlModels and Technologies[C]. VA,USA: ACM,2001:21-27
[53] Georgiadis C.K., Mavridis I.K., Pangalos G.I.. Healthcare Teams Over the Internet:Programming a Certificate-Based Approach[J]. International Journal of MedicalInformatics,2003,70(2-3):161-171
[54] Alotaiby F.T., Chen J. X.. A Model for Team-Based Access Control(TMAC2004)[A].Proceedings of the International Conference on Information Technology: CodingComputing,2004[C]. New York, USA:IEEE CS,2004:450-454
[55] Zhang Yi, Zhang Yong, Wang Weinong. Modeling and Analyzing of WorkflowAuthorization Management[J]. Journal of Network System Management,2004,12(4):507-535
[56] Lu Y.H., Zhang L., Sun J.G.. Using Colored Petri Nets to Model and AnalyzeWorkflow with Separation Of Duty Constraints[J]. International Journal Of AdvancedManufacturing Technology,2009,40(1-2):179-192
[57] Pham Q., Reid J., Mccullagh A., et al. On a Taxonomy of Delegation[J]. Computersand Security,2010,29(5):565-579
[58] Li N.H., Grosof B.N., Feigenbaum J.. Delegation Logic: a Logic-Based Approach toDistributed Authorization[J]. ACM Transactions on Information and System Security,2003,6(1):128-171
[59] Barka E., Sandhu R.. A Role-Based Delegation Model and Some Extensions[A].Proceedings of the23rd National Information Systems Security Conference[C].Baltimore, Maryland, USA: NSA,2000:101-114
[60] Crampton J., Khambhammettu H.. Delegation in Role-Based Access Control[J].International Journal of Information Security,2008,7(2):123-136
[61] Zhang X.W., Oh S., Sandhu R.S.. PBDM: A Flexible Delegation Model in RBAC[A].Proceedings of the8th ACM Symposiums on Access Control Models andTechnologies[C]. New York: ACM Press,2003:149157
[62]徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978
[63]翟征德.基于量化角色的可控委托模型[J].计算机学报,2006,29(8):1401-1407
[64] Barka E., Sandhu R.. A Role-Based Delegation Model and Some Extensions[A].Proceedings of the23rd National Information Systems Security Conference[C].Baltimore, USA:NIST,2000:101-114
[65] Barka E., Sandhu R.. Framework for role-based delegation models[A]. Proceedings ofthe16th Annual Computer Security Application Conference[C]. New York, USA:ACM,2000:168-176
[66] Barka E., Sandhu R.. Role-Based Delegation Model/Hierarchical Roles (RBDM1)[A].Proceedings of the20th Annual Computer Security Applications Conference[C]. NewYork, USA: ACM,2004:396-404
[67] Bertino E., Bonatti P. A., Ferrari E.. TRBAC: A Temporal Role-Based Access ControlModel[J]. ACM Transactions on Information and System Security,2001,4(3):191-223
[68] Joshi, J. B. D., Bertino E., Latif U., et al. A generalized temporal role-based accesscontrol model[J]. IEEE Transactions on Knowledge and Data Engineering,2005,17(1):4-23
[69]孙波,赵庆松,孙玉芳. TRDM—具有时限的基于角色的转授权模型[J].计算机研究与发展,2004,41(7):1104-1109
[70]蔡伟鸿,韦岗,肖水.基于映射机制的细粒度RBAC委托授权模型[J].电子学报,2010,38(8):1753-1758
[71]廖俊国,洪帆,朱更明,等.基于信任度的授权委托模型[J].计算机学报,2006,29(8):12651270
[72]翟征德,冯登国,徐震.细粒度的基于信任度的可控委托授权模型[J].软件学报.2007,18(8):2002-2015
[73] Hsu H.J., Wang F.J.. A Delegation Framework for Task-Role Based Access Control inWFMS[J].2011,27(3):1011-1028
[74] Atluri V., Warner J.. Supporting Conditional Delegation in Secure WorkflowManagement Systems[A]. Proceedings of the10th ACM Symposium on AccessControl Models and Technologies[C]. New York, USA: ACM,2005:49-58
[75] Gaaloul K., Charoy F.. Task Delegation Based Access Control Models for WorkflowSystems[A].Proceedings of the9th IFIP Conference on E-Business, E-Services andE-Society[C]. Berlin Heidelberg:Springer-Verlag,2009:305,400-414
[76] Atluri V., Bertino E., Ferrari E., et al. Supporting Delegation in Secure WorkflowManagement Systems[A]. Proceedings of the17th Annual IFIP WG11.3Conferenceon Data and Application of Security[C]. New York: ACM,2003:190-202
[77] Wainer J., Kumar A., Barthelmess P.. DW-RBAC: A Formal Security Model ofDelegation and Revocation in Workflow Systems[J]. Information Systems,2007,32(3):365-384
[78] Zhao L., Li Q., Wu G.Q.. Injecting Formulized Delegation Constraints into SecureWorkflow Systems[A]. Proceedings of the International Conference on InformationReuse and Integration[C]. Piscataway, NJ, USA:IEEE CS,2008:370-373
[79] Crampton J., Khambhammettu H.. Delegation and Satisfiability in Workflow Systems
[A]. Proceedings of the13th ACM Symposium on Access Control Models andTechnologies[C]. New York, USA: ACM,2008:31-40
[80] Gaaloul K., Zahoor E., Charoy F., et al. Dynamic Authorisation Policies for Event-Based Task Delegation[A]. Proceedings of the22nd International Conference onAdvanced Information Systems Engineering. Lecture Notes in Computer Science6051[C]. Berlin Heidelberg:Springer-Verlag,2010:135-149
[81] Kowalski R., Sergot M.. A Logic-Based Calculus of Events[J]. New GenerationComputing,1986,4(1):67-95
[82] Oh S., Park S.. Task-Role Based Access Control Model[J]. Journal of InformationSystems,2003,28(6):533-562
[83]魏永合,王成恩,马明旭.工作流系统中的委托授权机制研究[J].计算机集成制造系统,2009,15(1):160-165
[84]孙宇清.协同环境中访问控制模型与技术研究[D].济南:山东大学,2006
[85] Chen T.Y., Chen Y.M., Wang C.B.. A Formal Virtual Enterprise Access ControlModel[J]. IEEE Transactions on Systems, Man and Cybernetics Part A: Systems andHumans,2008,38(4):832-851
[86]刘清华,熊体凡,万立,等.产品生命周期管理的访问控制模型研究[J].计算机辅助设计与图形学学报,2005,17(9):2116-2122.
[87]卢亚辉,张力,刘英博,等.基于域的综合访问控制模型[J].计算机集成制造系统,2006,12(12):1978-1985
[88] Lu Y.H., Zhang L., Sun J.G.. Task-Activity Based Access Control for ProcessCollaboration Environments[J]. Computers in Industry,2009,60(6):403-415
[89]卢亚辉.工作流系统的访问控制模型及其安全性分析的研究[D].北京:清华大学,2008
[90]朱海平,李培根,张国军,王忠浩.支持团队工作的工作流技术研究[J].计算机集成制造系统,2003,9(8):635-640
[91] WFMC-TC00-1003. Workflow Reference Model[S]. Cohasset, MA, USA:WorkflowManagement Coalition,1995
[92] Adam N.R., Atluri V., Huang W.K.. Modeling and Analysis of Workflows using PetriNets[J]. Journal Of Intelligent Information Systems,1998,10(2):131-158
[93] Aalst WMP, Kumar A.. A Reference Model for Team-Enabled Workflow ManagementSystems[J]. Data and Knowledge Engineering,2001,38(3):335-363
[94] Jensen K., Kristensen L.M..2009. Coloured Petri Nets: Modeling and Validation ofConcurrent Systems[M]. Berlin Heidelberg: Springer-Verlag,2009
[95]刘家红,吴泉源.一个基于事件驱动的面向服务计算平台[J].计算机学报.2008,31(4):588-599
[96] Galton A., Augusto J.C.. Two Approaches to Event Definition[A]. Proceedings of the13th International Conference on Database and Expert Systems Applications[C]. Aixen Provence, France:2002:547-556
[97] Chakravarthy S., Krishnaprasad V., Anwar E., et al. Composite Events for ActiveDatabases: Semantics, Contexts and Detection[A]. Proceedings of the20thInternational Conference on Very Large Data Bases[C]. Santiago, Chile: MorganKaufmann,1994:606-617
[98] Adi A., Etzion O.. Amit: the Situation Manager[J]. The International Journal on VeryLarge Data Bases,2004,13(2):177-203.
[99] Allen J.F., Ferguson G.. Actions and Events in Interval Temporal Logic[J]. Journal ofLogic and Computation,1994,4(5):531
[100] Zimmer D., Unland R.. On the Semantics of Complex Events in Active DatabaseManagement Systems[A]. Proceedings of the15th International Conference on DataEngineering[C]. Los Alamitos, CA, USA: IEEE CS,1999:392-399
[101] Adaikkalavan R., Chakravarthy S.. SnoopIB: Interval-Based Event Specification andDetection for Active Databases[J]. Data and Knowledge Engineering,2006,59(1):139-165
[2] ISO/IEC27002, Information Technology--Security Techniques--Code of Practice forInformation Security Management[S]. Switzerland: ISO/IEC JTC1SC27,2005
[3] Clark D.D., Wilson D.R.. A Comparison of Commercial and Military ComputerSecurity Policies[A]. Proceedings of the8th IEEE Symposium on Security andPrivacy[C]. Los Alamitos, USA:IEEE CS,1987:184-194
[4] ISO/IEC27001, Information technology--Security techniques--Information securitymanagement systems—Requirements[S]. Switzerland: ISO/IEC,2005
[5] Samarati P., Vimercati S.C.. Access Control: Policies, Models, and Mechanisms[A].Lecture Notes in Computer Science2171[C]. Berlin Heidelberg:Springer Verlag,2001:137-196
[6] Lampson B.W.. Protection[A]. the5th Princeton Symposium on Information Scienceand Systems (Reprinted in ACM Operating Systems Review)[C]. New York,USA:ACM Press,1974,8(1):1824
[7] Harrison M.H., Ruzzo W.L., Ullman J.D.. Protection in Operating Systems[J].Communications of the ACM,1976,19(8):461-471
[8] Sandhu R..The Typed Access Matrix Model[A].Proceeding of the IEEE Symposiumon Research in Security and Privacy[C] New York, USA:IEEE CS,1992:122-136
[9] TCSEC. Trusted Computer System Evaluation Criteria[S]. USA:National ComputerSecurity Center, Department of Defense,1985
[10] Bell D.E., Lapadula L.J.. Secure Computer Systems: Mathematical Foundations[R].Bedford, USA:The Mitre Corporation,1973
[11] Biba K.. Integrity Cosiderations for Secure Computer Systems[R]. Bedford, USA:TheMitre Corporation,1977
[12] Bishop M., Bailey D.. Checking for Race Conditions in File Accesses[J]. ComputingSystems,1996,131-152
[13] Sandhu R.. Lattice-Based Access Control Models[J].IEEE Computer,1993,26(11):9-19
[14] Sandhu R., Coyne E.J., Feinstein H.L., et al. Role-based access control models[J].IEEE Computer,1996,29(2):38-47
[15] Ferraiolo D.F., Sandhu R., Gavrila, et al. Proposed NIST Standard for Role-basedAccess Control[J]. ACM Transactions on Information and System Security,2001,4(3):224-274
[16] ANSI INCITS359-2004. Standard for Role Based Access Control [S]. USA:American National Standards Institute,2004
[17] RTI International. The Economic Impact of Role-Based Access Control.[EB/OL].http://www.nist.gov/director/prog-ofc/report02-1.pdf,2002
[18] Perwaiz N., Sommerville I.. Structured Management of Role-Permission Relations[A].Proceedings of the6th ACM Symposium on Access Control Models andTechnologies[C]. Chantilly, VA, USA:ACM CS,2001:163-169
[19] Schaad A., Moffett J., Jacob J.,2001. The Role-Based Access Control System of aEuropean Bank: A Case Study and Discussion[A]. Proceedings of the6th ACMSymposium on Access Control Models and Technologies[C]. Chantilly,VA,USA:ACM,2001:3-9
[20] Vela G.F.L., Montes I.J.L., Rodriguez P.P., et al. An Architecture for Access ControlManagement in Collaborative Enterprise Systems Based on Organization Models[J].Science of Computer Programming,2007,66(1):44-59.
[21] Chen T.Y., Chen Y.M., Wang C.B., et al. Flexible Authorisation in DynamicE-Business Environments using an Organisation Structure-Based Access ControlModel[J]. International Journal of Computer Integrated Manufacturing,2009,22(3):225-244.
[22] Zhang Z.X., Zhang X.W., Sandhu R.. ROBAC: Scalable Role and Organization BasedAccess Control Models[A]. Proceedings of the2nd International Conference onCollaborative Computing: Networking, Applications and Worksharing[C]. New York,USA: IEEE CS,2006:1-9
[23] Zhang Z.X.. Scalable Role and Organization Based Access Control and itsAdministration[D]. Fairfax, VA, USA:George Mason University,2008
[24] Thomas R.K., Sandhu R.S.. Towards a Task-Based Paradigm for Flexible andAdaptable Access Control in Distributed Applications[A]. Proceedings of the1992-1993ACM SIGSAC New Security Paradigms Workshops[C]. New York,USA:ACM Press,1993:138-142.
[25] Thomas R.K., Sandhu R.S.. Conceptual Foundations for a Model of Task-basedAuthorizations[A]. Proceedings of the7th Computer Security FoundationsWorkshop[C]. Franconia, NH: IEEE CS,1994:66-79
[26] Sandhu R., Thomas R.K.. Task-based Authorization Controls (TBAC): A Family ofModels for Active and Enterprise-oriented Authorization Management[A].Proceedings of the IFIP11th International Conference on Database Security[C].London, UK: Chapman&Hall,1997:166-181
[27] Atluri V., Huang W.K.. An Authorization Model for Workflows[A]. Proceedinngs ofthe5th European Symposium on Research in Computer Security. Lecture Notes inComputer Science1146[C]. Berlin Heidelberg:Springer-Verlag,1996:44-64.
[28] Atluri V., Huang W.K.. Petri Net Based Safety Analysis of Workflow AuthorizationModels[J]. Journal of Computer Security,2000,8(2/3):209-240
[29] Knorr K.. Dynamic Access Control Through Petri Net Workflows[A]. Proceedings ofthe16th Annual Computer Security Applications Conference[C]. New Orleans, USA,2000:159–167
[30] Saltzer J.H., Schroeder M.D.. The Protection of Information in Computer Systems[J].Proceedings of the IEEE,1975,63(9):1278-1308.
[31] Schneider F.B.. Enforceable security policies[J]. ACM Transactions on Informationand System Security,2000,3(1):30-50
[32] Ahmed T., Tripathi A.R.. Security Policies in Distributed CSCW and WorkflowSystems[J]. IEEE Transactions on Systems, Man and Cybernetics Part A: Systemsand Humans,2010,40(6):1220-1231
[33]齐文杰,吴松,易川江,等.基于复合状态的工作流授权[J].华中科技大学学报(自然科学版),2006,34(增刊):86-89
[34] Dong X., Chen G., Yin J.W., et al. Petri-Net-Based Context-Related Access Controlin Workflow Environment[A]. Proceedings of the International Conference onComputer Supported Cooperative Work[C]. DesignRio de Janeiro, Brazil:IEEE,2002:381-384.
[35] Oh S., Park S.. Task-Role Based Access Control Model[J]. Journal of InformationSystems,2003,28(6):533-562
[36] Wainer J., Barthelmess P., Kumar A.. W-RBAC:A Workflow Security ModelIncorporating Controlled Overriding of Constraints[J]. International Journal ofCooperative Information Systems,2003,12(4):455-485
[37] Wu S.L., Sheth A., Miller J., et al. Authorization and Access Control of ApplicationData in Workflow Systems[J]. Journal of Intelligent Information Systems,2002,18(1):71-94.
[38] Wang X.F., Li Y.J.. Formal Definition and Implementation of Business-Oriented SoDAccess Control Policy[J]. Information Management and Computer Security.2004,12(5):379-388.
[39]陈伟鹤,殷新春,茅兵,等.基于任务和角色的双重Web访问控制模型[J].计算机研究与发展,2004(9):1466-1473.
[40]魏永合,王成恩,舒启林,马明旭.面向任务的工作流访问控制模型[J].东北大学学报(自然科学版),2008,29(3):387-390
[41] Bertino E., Ferrari E., Atluri V.. A Flexible Model Supporting the Specification andEnforcement of Role-based Authorizations in Workflow Management Systems[J].ACM Transactions on Information and System Security,1999,2(1):65-104
[42]邢光林,洪帆.基于角色和任务的工作流授权模型及约束描述[J].计算机研究与发展,2005(11):1946-1953.
[43] LIU D., W M.Y., LEE S.T.. Role-Based Authorizations for Workflow Systems inSupport of Task-Based Separation of Duty[J]. Journal of Systems and Software,2004,73(3):375-387
[44]魏永合,舒启林.基于权限和任务的工作流授权合理性验证[J].计算机集成制造系统,2008,14(7):1349-1355
[45]尹建伟,徐争前,冯志林,等.增强权限约束支持的基于任务访问控制模型[J].计算机辅助设计与图形学学报,2006,18(1):143-149
[46] YAO L., KONG X.W., XU, Z.C.. A Task-Role Based Access Control Model withMulti-Constraints[A]. Proceedings of the4th International Conference on NetworkedComputing and Advanced Information Management[C]. Piscataway, NJ:IEEE CS,2008:137-143
[47]裘炅,谭建荣,张树有,等.应用角色访问控制的工作流动态授权模型[J].计算机辅助设计与图形学学报,2004(7):992-998
[48]马晨华,陆国栋,裘炅.面向工作流系统的柔性策略访问控制模型[J].浙江大学学报(工学版).2008(12):2112-2120
[49] Qiu J., Ma C.H.. A Flexible Access Control Model for Workflows[A]. Proceedings ofthe12th International Conference on Computer Supported Cooperative Work inDesign[C]. New York, USA:IEEE CS,2008:606-612
[50]马晨华,王进,裘炅等.基于情景约束的工作流柔性访问控制模型[J].浙江大学学报(工学版),2010(12):2297-2308
[51] Thomas R.K. Team-based access control (TMAC): A Primitive for ApplyingRole-Based Access Controls in Collaborative Environments[C].2nd ACM Workshopon Role-Based Access Control, VA,USA: ACM,1997:13-19
[52] Georgiadis C.K. Mavridis I. Pangalos G. et al. Flexible Team-Based Access ControlUsing Contexts[A]. Proceedings of the6th ACM Symposium on Access ControlModels and Technologies[C]. VA,USA: ACM,2001:21-27
[53] Georgiadis C.K., Mavridis I.K., Pangalos G.I.. Healthcare Teams Over the Internet:Programming a Certificate-Based Approach[J]. International Journal of MedicalInformatics,2003,70(2-3):161-171
[54] Alotaiby F.T., Chen J. X.. A Model for Team-Based Access Control(TMAC2004)[A].Proceedings of the International Conference on Information Technology: CodingComputing,2004[C]. New York, USA:IEEE CS,2004:450-454
[55] Zhang Yi, Zhang Yong, Wang Weinong. Modeling and Analyzing of WorkflowAuthorization Management[J]. Journal of Network System Management,2004,12(4):507-535
[56] Lu Y.H., Zhang L., Sun J.G.. Using Colored Petri Nets to Model and AnalyzeWorkflow with Separation Of Duty Constraints[J]. International Journal Of AdvancedManufacturing Technology,2009,40(1-2):179-192
[57] Pham Q., Reid J., Mccullagh A., et al. On a Taxonomy of Delegation[J]. Computersand Security,2010,29(5):565-579
[58] Li N.H., Grosof B.N., Feigenbaum J.. Delegation Logic: a Logic-Based Approach toDistributed Authorization[J]. ACM Transactions on Information and System Security,2003,6(1):128-171
[59] Barka E., Sandhu R.. A Role-Based Delegation Model and Some Extensions[A].Proceedings of the23rd National Information Systems Security Conference[C].Baltimore, Maryland, USA: NSA,2000:101-114
[60] Crampton J., Khambhammettu H.. Delegation in Role-Based Access Control[J].International Journal of Information Security,2008,7(2):123-136
[61] Zhang X.W., Oh S., Sandhu R.S.. PBDM: A Flexible Delegation Model in RBAC[A].Proceedings of the8th ACM Symposiums on Access Control Models andTechnologies[C]. New York: ACM Press,2003:149157
[62]徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978
[63]翟征德.基于量化角色的可控委托模型[J].计算机学报,2006,29(8):1401-1407
[64] Barka E., Sandhu R.. A Role-Based Delegation Model and Some Extensions[A].Proceedings of the23rd National Information Systems Security Conference[C].Baltimore, USA:NIST,2000:101-114
[65] Barka E., Sandhu R.. Framework for role-based delegation models[A]. Proceedings ofthe16th Annual Computer Security Application Conference[C]. New York, USA:ACM,2000:168-176
[66] Barka E., Sandhu R.. Role-Based Delegation Model/Hierarchical Roles (RBDM1)[A].Proceedings of the20th Annual Computer Security Applications Conference[C]. NewYork, USA: ACM,2004:396-404
[67] Bertino E., Bonatti P. A., Ferrari E.. TRBAC: A Temporal Role-Based Access ControlModel[J]. ACM Transactions on Information and System Security,2001,4(3):191-223
[68] Joshi, J. B. D., Bertino E., Latif U., et al. A generalized temporal role-based accesscontrol model[J]. IEEE Transactions on Knowledge and Data Engineering,2005,17(1):4-23
[69]孙波,赵庆松,孙玉芳. TRDM—具有时限的基于角色的转授权模型[J].计算机研究与发展,2004,41(7):1104-1109
[70]蔡伟鸿,韦岗,肖水.基于映射机制的细粒度RBAC委托授权模型[J].电子学报,2010,38(8):1753-1758
[71]廖俊国,洪帆,朱更明,等.基于信任度的授权委托模型[J].计算机学报,2006,29(8):12651270
[72]翟征德,冯登国,徐震.细粒度的基于信任度的可控委托授权模型[J].软件学报.2007,18(8):2002-2015
[73] Hsu H.J., Wang F.J.. A Delegation Framework for Task-Role Based Access Control inWFMS[J].2011,27(3):1011-1028
[74] Atluri V., Warner J.. Supporting Conditional Delegation in Secure WorkflowManagement Systems[A]. Proceedings of the10th ACM Symposium on AccessControl Models and Technologies[C]. New York, USA: ACM,2005:49-58
[75] Gaaloul K., Charoy F.. Task Delegation Based Access Control Models for WorkflowSystems[A].Proceedings of the9th IFIP Conference on E-Business, E-Services andE-Society[C]. Berlin Heidelberg:Springer-Verlag,2009:305,400-414
[76] Atluri V., Bertino E., Ferrari E., et al. Supporting Delegation in Secure WorkflowManagement Systems[A]. Proceedings of the17th Annual IFIP WG11.3Conferenceon Data and Application of Security[C]. New York: ACM,2003:190-202
[77] Wainer J., Kumar A., Barthelmess P.. DW-RBAC: A Formal Security Model ofDelegation and Revocation in Workflow Systems[J]. Information Systems,2007,32(3):365-384
[78] Zhao L., Li Q., Wu G.Q.. Injecting Formulized Delegation Constraints into SecureWorkflow Systems[A]. Proceedings of the International Conference on InformationReuse and Integration[C]. Piscataway, NJ, USA:IEEE CS,2008:370-373
[79] Crampton J., Khambhammettu H.. Delegation and Satisfiability in Workflow Systems
[A]. Proceedings of the13th ACM Symposium on Access Control Models andTechnologies[C]. New York, USA: ACM,2008:31-40
[80] Gaaloul K., Zahoor E., Charoy F., et al. Dynamic Authorisation Policies for Event-Based Task Delegation[A]. Proceedings of the22nd International Conference onAdvanced Information Systems Engineering. Lecture Notes in Computer Science6051[C]. Berlin Heidelberg:Springer-Verlag,2010:135-149
[81] Kowalski R., Sergot M.. A Logic-Based Calculus of Events[J]. New GenerationComputing,1986,4(1):67-95
[82] Oh S., Park S.. Task-Role Based Access Control Model[J]. Journal of InformationSystems,2003,28(6):533-562
[83]魏永合,王成恩,马明旭.工作流系统中的委托授权机制研究[J].计算机集成制造系统,2009,15(1):160-165
[84]孙宇清.协同环境中访问控制模型与技术研究[D].济南:山东大学,2006
[85] Chen T.Y., Chen Y.M., Wang C.B.. A Formal Virtual Enterprise Access ControlModel[J]. IEEE Transactions on Systems, Man and Cybernetics Part A: Systems andHumans,2008,38(4):832-851
[86]刘清华,熊体凡,万立,等.产品生命周期管理的访问控制模型研究[J].计算机辅助设计与图形学学报,2005,17(9):2116-2122.
[87]卢亚辉,张力,刘英博,等.基于域的综合访问控制模型[J].计算机集成制造系统,2006,12(12):1978-1985
[88] Lu Y.H., Zhang L., Sun J.G.. Task-Activity Based Access Control for ProcessCollaboration Environments[J]. Computers in Industry,2009,60(6):403-415
[89]卢亚辉.工作流系统的访问控制模型及其安全性分析的研究[D].北京:清华大学,2008
[90]朱海平,李培根,张国军,王忠浩.支持团队工作的工作流技术研究[J].计算机集成制造系统,2003,9(8):635-640
[91] WFMC-TC00-1003. Workflow Reference Model[S]. Cohasset, MA, USA:WorkflowManagement Coalition,1995
[92] Adam N.R., Atluri V., Huang W.K.. Modeling and Analysis of Workflows using PetriNets[J]. Journal Of Intelligent Information Systems,1998,10(2):131-158
[93] Aalst WMP, Kumar A.. A Reference Model for Team-Enabled Workflow ManagementSystems[J]. Data and Knowledge Engineering,2001,38(3):335-363
[94] Jensen K., Kristensen L.M..2009. Coloured Petri Nets: Modeling and Validation ofConcurrent Systems[M]. Berlin Heidelberg: Springer-Verlag,2009
[95]刘家红,吴泉源.一个基于事件驱动的面向服务计算平台[J].计算机学报.2008,31(4):588-599
[96] Galton A., Augusto J.C.. Two Approaches to Event Definition[A]. Proceedings of the13th International Conference on Database and Expert Systems Applications[C]. Aixen Provence, France:2002:547-556
[97] Chakravarthy S., Krishnaprasad V., Anwar E., et al. Composite Events for ActiveDatabases: Semantics, Contexts and Detection[A]. Proceedings of the20thInternational Conference on Very Large Data Bases[C]. Santiago, Chile: MorganKaufmann,1994:606-617
[98] Adi A., Etzion O.. Amit: the Situation Manager[J]. The International Journal on VeryLarge Data Bases,2004,13(2):177-203.
[99] Allen J.F., Ferguson G.. Actions and Events in Interval Temporal Logic[J]. Journal ofLogic and Computation,1994,4(5):531
[100] Zimmer D., Unland R.. On the Semantics of Complex Events in Active DatabaseManagement Systems[A]. Proceedings of the15th International Conference on DataEngineering[C]. Los Alamitos, CA, USA: IEEE CS,1999:392-399
[101] Adaikkalavan R., Chakravarthy S.. SnoopIB: Interval-Based Event Specification andDetection for Active Databases[J]. Data and Knowledge Engineering,2006,59(1):139-165