工作流系统的访问控制模型及其安全性分析的研究
摘要
工作流技术是支持企业内部和企业之间业务过程协同的重要使能技术,它将企业的人员、数据、应用程序等资源通过业务过程自动化的形式联系了起来。在工作流系统中,为了保护企业的私有业务数据不受用户的非法访问,需要建立一个灵活而全面的访问控制机制,以便对管理员和普通用户的权限进行控制。同时,为了保证工作流系统的正确性和安全性,必须对业务过程与访问控制策略之间的一致性进行形式化分析和验证,以避免工作流系统在运行期间因为资源访问的限制而出现死锁、例外、失败等问题。
本文研究了工作流系统的访问控制模型及其安全性分析的方法。论文的主要工作如下:
1.提出了一种基于域管理的访问控制模型DATRBAC。该模型综合了访问检查、授权和管理等几个方面,并引入了管理域和管理角色的概念来对管理权限进行分配。对于由多个管理角色所定义的不同访问控制策略之间的冲突,给出了冲突解决方法。
2.提出了一种基于着色Petri网的工作流系统建模和安全性分析的方法。该方法首先用着色Petri网对工作流系统中的控制流、授权规则以及权职分离约束进行建模。然后通过可达树的方法来分析该工作流系统在权职分离约束下的安全性。
3.提出了一种基于Pi演算的工作流系统建模和安全性分析的方法。首先提出了WFPI演算,该演算扩展了Pi演算的语法和语义,可以更好地对面向服务的工作流系统进行建模。然后提出了一种类型系统,该类型系统可以保证通过类型检测的WFPI系统会一直遵守访问控制策略。
4.给出了DATRBAC模型在国产全生命周期软件TiPLM上的实现方法,包括需求分析、功能设计、数据库设计等步骤。然后使用企业中的实际数据,对所实现的访问控制模块的性能进行了实验评测。
The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. The workflow system connect people, data and applications by the automation of business processes. Access control is an important security mechanism for organizations to protect their resources. It is rather a great challenge to balance the competing goals of collaboration and security in workflow systems. A flexible and complete access control model is required for workflow systems to restrict the permissions of the system administrators and the common users. Meanwhile, to guarantee the correctness and security of the workflow systems, the formal methods should be used to analyze and verify the consistence between the workflow processes and the access control policies, to avoid deadlocks, exceptions and failures in workflow systems during the run time.
The thesis is focused on the access control model for workflow systems and the security analysis of workflow systems by formal methods. The main contributions of the thesis are as follows:
1. A domain administration of task-role based access control model (DATRBAC) is proposed. This model integrates access check, authorization and administration aspects of access control. The authorization and administration permissions are distributed to multiple administrative domains and administrative roles. It also propose the solutions to detect and resolve the conflicts between access control policies defined by different administrative roles.
2. It proposes a method to formalize and analyze workflow with SoD constraints based on Colored Petri Nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected.
3. It proposes a method to formalize and analyze security properties of workflow systems by process calculus and types. It first present WFPI, workflow Pi calculus, to formalize the elements of workflow systems. Based on WFPI, a type system is then proposed to ensure that the specified TBAC policy is respected. By subject reduction, the well-typed system can respect the TBAC policy at run time, by avoiding runtime access violations. A java-based type tool is developed to implement the type judgment and type inference on the WFPI systems.
4. It describes the method to implement the DATRBAC model in the Product Lifecycle Management System TiPLM. It describes main steps of the implementation, including requirement analysis, function design and database design. The access control performance of the system is also tested by practical enterprise data.
本文研究了工作流系统的访问控制模型及其安全性分析的方法。论文的主要工作如下:
1.提出了一种基于域管理的访问控制模型DATRBAC。该模型综合了访问检查、授权和管理等几个方面,并引入了管理域和管理角色的概念来对管理权限进行分配。对于由多个管理角色所定义的不同访问控制策略之间的冲突,给出了冲突解决方法。
2.提出了一种基于着色Petri网的工作流系统建模和安全性分析的方法。该方法首先用着色Petri网对工作流系统中的控制流、授权规则以及权职分离约束进行建模。然后通过可达树的方法来分析该工作流系统在权职分离约束下的安全性。
3.提出了一种基于Pi演算的工作流系统建模和安全性分析的方法。首先提出了WFPI演算,该演算扩展了Pi演算的语法和语义,可以更好地对面向服务的工作流系统进行建模。然后提出了一种类型系统,该类型系统可以保证通过类型检测的WFPI系统会一直遵守访问控制策略。
4.给出了DATRBAC模型在国产全生命周期软件TiPLM上的实现方法,包括需求分析、功能设计、数据库设计等步骤。然后使用企业中的实际数据,对所实现的访问控制模块的性能进行了实验评测。
The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. The workflow system connect people, data and applications by the automation of business processes. Access control is an important security mechanism for organizations to protect their resources. It is rather a great challenge to balance the competing goals of collaboration and security in workflow systems. A flexible and complete access control model is required for workflow systems to restrict the permissions of the system administrators and the common users. Meanwhile, to guarantee the correctness and security of the workflow systems, the formal methods should be used to analyze and verify the consistence between the workflow processes and the access control policies, to avoid deadlocks, exceptions and failures in workflow systems during the run time.
The thesis is focused on the access control model for workflow systems and the security analysis of workflow systems by formal methods. The main contributions of the thesis are as follows:
1. A domain administration of task-role based access control model (DATRBAC) is proposed. This model integrates access check, authorization and administration aspects of access control. The authorization and administration permissions are distributed to multiple administrative domains and administrative roles. It also propose the solutions to detect and resolve the conflicts between access control policies defined by different administrative roles.
2. It proposes a method to formalize and analyze workflow with SoD constraints based on Colored Petri Nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected.
3. It proposes a method to formalize and analyze security properties of workflow systems by process calculus and types. It first present WFPI, workflow Pi calculus, to formalize the elements of workflow systems. Based on WFPI, a type system is then proposed to ensure that the specified TBAC policy is respected. By subject reduction, the well-typed system can respect the TBAC policy at run time, by avoiding runtime access violations. A java-based type tool is developed to implement the type judgment and type inference on the WFPI systems.
4. It describes the method to implement the DATRBAC model in the Product Lifecycle Management System TiPLM. It describes main steps of the implementation, including requirement analysis, function design and database design. The access control performance of the system is also tested by practical enterprise data.
引文
[1]Dumas M,Aalst W,Hofstede.A.Process-Aware Information Systems:Bridging People and Software through Process Technology.Hoboken,New Jersey:John Wiley & Sons Inc,2005.
[2]WfMC.Workflow reference model.Technical Report(WFMC-TC00-1003),Workflow Management Coalition,Jan,1995.http://www.wfmc.org/standards/docs/tc003v11.pdf.
[3]WfMC.Workflow Process Definition Interface - XML Process Definition Language (XPDL).Technical Report(WFMC-TC-1025),Workflow Management Coalition,2005.
[4]OASIS.Web Services Business Process Execution Language(WS-BPEL),Version 2.0,January,2007.http://docs.oasis-open.org/wsbpel/2.0.
[5]W3C.Web Services Choreography Description Language(WS-CDL),Version 1.0,2005.http://www.w3.org/TR/2005/CR-ws-cdl-10-20051109.
[6]Georgakopoulos D,Homick M,A.Sheth.An Overview of Workflow Management:from Process Modeling to Workflow Automation Infrastructure.Distributed and Parallel Database,1995,3(2):119-153.
[7]Aalst W.M.P,Hofstede A.H.M,Weske M.Business Process Management:A Survey.In:Aalst W.M.P,Hofstede A.H.M,Weske M,editors,Proceedings of Business Process Management.Springer,2003.1-12.
[8]WfMC.Workflow Management Coalition Terminology and Glossary,Version 2.0.Technical Report(WFMC-TC-1011),Workflow Management Coalition,June,1996.
[9]WfMC.Workflow Security Considerations - White Paper.Technical Report(WFMC-TC-1019),Workflow Management Coalition,February,1998.
[10]Aalst W,Hofstede A.YAWL:Yet Another Workflow Language.Information Systems,2005,30(4):245-275.
[11]吴立峰.基于形式化模式分析的工作流执行网:[博士学位论文].北京:上海交通大学,2006.
[12]Aalst W,Hofstede A,Kiepuszewski B,et al.Workflow Patterns.Distributed and Parallel Databases,2003,14(1):5-51.
[13]范玉顺,罗海滨,林慧苹,等.工作流管理技术基础:实现企业业务过程重组、过程管理与过程自动化的核心技术.北京:清华大学出版社,2001.
[14]Aalst W,Hee K,著..工作流管理—模型、方法和系统.北京:清华大学出版社,2004.
[15]ISO.Information processing systems-Open Systems Interconnection-Basic Reference Model-Part 2:Security Architecture.Technical report,International Standard Organization,1989.
[16]Samarati P,Vinmercati S.Access Control:Policies,Models,and Mechanisms.Proceedings of International Summer School on Foundations of Security Analysis and Design,2000.137-196.
[17]Bishop M.Computer Security:Art and Science.Boston:Pearson Education,2003.
[18]刘克龙,冯登国,石文昌.安全操作系统原理与技术.北京:科学出版社,2004.
[19]Harrison M,Ruzzo W,Ullman J.Protection in operating systems.Communications of ACM,1976,19(8):461-471.
[20]Lipton R.J,Snyder L.A linear time algorithm for deciding subject security.Journal of ACM,1977,24(3):33-41.
[21]Lampson B.Protection.Proceedings of Proc.5th Princeton Symp.Informanon Science and Systems,1971.437-443.
[22]Bell D,LaPadula L.Secure computer systems:Mathematical foundations and model.Technical report,MITRE Corporation,Bedford,Massachusetts,1973.
[23]DOD.Trusted Computer System Evaluation Criteria.DOD 5200-28-STD.Technical report,Department of Defense,1985.
[24]Sandhu R.S,Coyne E.J,Feinstein H.L,et al.Role-Based Access Control Models.IEEE Computer,1996,29(2):38-47.
[25]Ferraiolo D.F,Sandhu R,Gavrila S,et al.Proposed NIST Standard for Role-Based Access Control.ACM Transactions on Information and System Security,2001,4(3):224-274.
[26]Thomas R.K,Sandhu R.S.Task-Based Authorization Controls(TBAC):A Family of Models for Active and Enterprise-Oriented Autorization Management.In:Lin T.Y,Qian S,editors,Proceedings of DBSec.Chapman & Hall,1997.166-181.
[27]Sandhu R.S,Bhamidipati V,Munawer Q.The ARBAC97 Model for Role-Based Administration of Roles.ACM Trans.Inf.Syst.Secur,1999,2(1):105-135.
[28]Crampton J,Loizou G.Administrative scope:A foundation for role-based administrative models.ACM Transactions on Information and System Security,2003,6(2):201—231.
[29]Atluri V,Huang W.An Authorization Model for Workflows.Proceedings of Proceedings of the Fifth European Symposium on Research in Computer Security,Rome,Italy,1996.44-64.
[30]Knorr K.Dynamic Access Control through Petri Net Workflows.Proceedings of ACSAC.IEEE Computer Society,2000.159-167.
[31]Wu S,Sheth A.P,Miller J.A,et al.Authorization and Access Control of Application Data in Workflow Systems.J.Intell.Inf.Syst,2002,18(l):71-94.
[32]Oh S,Park S.Task-role-based access control model.Information Systems,2003,28(6):533-562.
[33]AHN G.-J,SANDHU R,KANG M,et al.Injecting RBAC to secure a Web-based workflow system.Proceedings of Proceedings of 5th ACM Workshop on Role-Based Access Control,2000.26-28.
[34]邓集波,洪帆.基于任务的访问控制模型.软件学报,2003,14(1):76-82.
[35]王小明,赵宗涛,郝克刚.工作流系统带权角色与周期时间访问控制模型.软件学报,2003,14(1):1841-1848.
[36]徐伟,魏峻,李京.面向服务的工作流访问控制模型研究.计算机研究与发展,2005,39(8):1369-1375.
[37]Liao X,Zhang L,Chan S.A Task-Oriented Access Control Model for WfMS.Proceedings of International Conference on Information Security Practice and Experience(ISPEC),LNCS,2005.168-177.
[38]Hoffner Y,Ludwig H,Gulcu C,et al.An Architecture for Cross-Organisational Business Processes.Proceedings of Second International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems,2000.2-11.
[39]Yan S.-B,Wang F.-J.CA-PLAN,an Inter-Organizational Workflow Model.Proceedings of Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems,2004.154-162.
[40]Chiu D.K.W,Cheung S.-C,Karlapalem K,et al.Workflow View Driven Cross-Organizational Interoperability in a Web-Service Environment.In:Bussler C,Hull R,McIlraith S.A,et al.,editors,Proceedings of WES.Springer,2002.41-56.
[41]Chebbi I,Tara S.CoopFlow:A Framework for Inter-organizational Workflow Cooperation.Proceedings of CoopIS05,2005.112-129.
[42]刘鹤敏.基于插件的业务过程协同框架研究与实现:[硕士学位论文].北京:清华大学,2007.
[43]George Coulouris M.R.Role and task-based access control in the perdis groupware platform.Proceedings of Proceedings of 3rd ACM Workshop on Role-Based Access Control,Fairfax,VA,1998.115-121.
[44]Kang M.H,Park J.S,Froscher J.N.Access control mechanisms for inter-organizational workflow.Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001),Chantilly,Virginia,USA:ACM Press,2001.66-74.
[45]Periorellis P,Parastatidis S.Task-Based Access Control for Virtual Organizations.Proceedings of 4th International workshop on scientific engineering of Distributed Java Applications,2005.38-47.
[46]孙宇清.协同环境中访问控制模型与技术研究:[博士学位论文].山东:山东大学,2006.
[47]Tolone W,Ahn G,Pai T,et al.Access Control in Collaborative Systems.ACM Computing Surveys,2005,37(1):29-41.
[48]Adam N.R,Atluri V,Huang W.-K.Modeling and Analysis of Workflows using Petri Nets.Journal of Intelligent Information Systems,1998,10(2):131-158.
[49]Dong Y,Shen-Sheng Z.Approach for workflow modeling using N-calculus.Journal of Zhejiang University Science,2003,4:643-650.
[50]林闯,田立勤.用进程代数描述可适应工作流的模型方法.电子学报,2002,30(11):1624-1628.
[51]Sadiq W,Orlowska M.E.Analyzing Process Models using Graph Reduction Techniques.Information Systems,2000,25(2):117-134.
[52]Bi H.H,Zhao J.L.Applying Propositional Logic to Workflow Verification.Information Technology and Management,2004,5(3-4):293-318.
[53]Davulcu H,Kifer M,Ramakrishnan C,et al.Logic based modeling and analysis of workflows.Proceedings of Proceedings of the ACM Symposium in PODS' 98,1998.25-33.
[54]Haake J.M,Wang W.Flexible support for business processes:Extending cooperative hy-permedia with process support.Proceedings of Proceedings of ACM SIGGroup Group' 97,1997.341-350.
[55]Medina-Mora R,Winograd T,Flores R,et al.The action workflow approach to workflow management technology.Proceedings of Proceedings of CSCW' 92,1992.281-288.
[56]Endl R,Knolmayer G,Pfahrer M.Modeling processes and workflows by business rules.Proceedings of Proceedings of the 1 st European Workshop on Workflow and Process Management,1998.47-56.
[57]Goh A,Koh Y,Domazet D.ECA rule-based support for workflows.Artificial Intelligence in Engineering,2001,15(1):37-46.
[58]Yang D,Zhang S.Modeling Workflow Process Models with Statechart.Proceedings of Proceedings of the 10 th IEEE International Conference and Workshop on the Engineering of Computer-Based Systems(ECBS' 03),2003.55 -61.
[59]Basu A,Blanning.R.W.A formal approach to workflow analysis.Information Systems Research,2000,11(1):17-36.
[60]Bajaj A,Ram.S.A state-entity-activity-model for a well-defined workflow development methodology.IEEE Trans.Knowledge Data Engrg,2002,14(2):415-431.
[61]Russell N,Hofstede A,Edmond D,et al.Workflow Data Patterns.Technical report,Queensland University of Technology,2004.
[62]Sadiq S,Orlowska M,Sadiq W,et al.Data flow and validation in workflow modeling.Proceedings of Proc.15th Australasian Database Conf,2004.207-214.
[63]Sun S.X,Zhao J.L,Nunamaker J.F,et al.Formulating the Data-Flow Perspective for Business Process Management.Information Systems Research,2006,17(4):374-391.
[64]Atluri V,Huang W.A Petri Net Based Safety Analysis of Workflow Authorization Models.Journal of Computer Security,2000,8(2/3):209-240.
[65]Zhang Y,Zhang Y,Wang W.Modeling and Analyzing of Workflow Authorization Management.J.Network Syst.Manage,2004,12(4):507-535.
[66]Knorr K,Weidner H.Analyzing Separation of Duties in Petri Net Workflows.Proceedings of MMMACNS:International Workshop on Methods,Models and Architectures for Network Security,LNCS,2001.102-114.
[67]李红臣,史美林.工作流模型及其形式化描述.计算机学报,2003,26(11):1456-1463.
[68]Li H,Yang Y,Chen T.Resource constraints analysis of workflow specifications.The Journal of Systems andSoftware,2003,73:271-285.
[69]周建涛,史美林,叶新铭.CBR:一种支持工作流过程语义验证的组件级化简方法.电子学报,2005,33(6):1060-1065.
[70]Mutara T.Petri Nets:Properties,Analysis and Applications.Proc.IEEE,1989,77:541-580.
[71]袁崇义.Petri网原理与应用.北京:电子工业出版社,2005.
[72]Aalst W.The Application of Petri Nets to Workflow Management.The Journal of Circuits,Systems and Computers,1998,8(1):21-66.
[73]Dong M,Chen F.Petri net-based workflow modelling and analysis of the integrated manufacturing business processes.Int J Adv Manuf Tech,2005,26(9/10):1163-1172.
[74]刘东升.过程形式化定义及其动态演化方法研究:[博士学位论文].北京:清华大学,2002.
[75]Milner R,Parrow J,Walker J.A Calculus of Mobile Processes,Ⅰ and Ⅱ.Information and Computation,1992,100(1):1-40,41-77.
[76]Parrow J.An Introduction to the π-Calculus.In:Bergstra,Ponse,Smolka,editors,Proceedings of Handbook of Process Algebra.Elsevier,2001.
[77]Sangiorgi D,Walker D.The ~c-Calculus:a Theory of Mobile Processes.Cambridge:Cambridge University Press,2001.
[78]Padget J,Bradford R.A π-calculus Model of a Spanish Fish Market.In:Noriega P,Sierra C,editors,Proceedings of Proceedings of the 1 st International Workshop on Agent Mediated Electronic Commerce(AMET-98),Berlin:Springer,1999.166-188.
[79]Puhlmann F,Weske M.Using the pi -Calculus for Formalizing Workflow Patterns.In:Aalst W.M.P,Benatallah B,Casati K et al.,editors,Proceedings of Business Process Management,2005.153-168.
[80]Deng S,Wu Z,Zhou M,et al.Modeling Service Compatibility with Pi-calculus for Choreography.In:Embley D.W,Olive A,Ram S,editors,Proceedings of ER.Springer,2006.26-39.
[81]Lapadula A,Pugliese R,Tiezzi F.A WSDL-Based Type System for WS-BPEL.In:Ciancarini P,Wiklicky H,editors,Proceedings of COORDINATION.Springer,2006.145-163.
[82]Lucchi R,Mazzara M.A pi-calculus based semantics for WS-BPEL.J.Log.Algebr.Program,2007,70(1):96-118.
[83]Zhang L,Yu Z.Web Process Dynamic Stepped Extension:Pi-Calculus-Based Model and Inference Experiments.In:Meersman R,Tari Z,Hacid M.-S,et al.,editors,Proceedings of OTM Conferences(1).Springer,2005.202-219.
[84]于志伟.基于pi演算的工作流模型结构验证:[硕士学位论文].北京:清华大学,2005.
[85]Smith H,Fingar P.Workflow is just a pi process.BPTrends,2003,1:1-5.
[86]Aalst W.Why workflow is NOT just a Pi-process.BPTrends,2004,2:1-2.
[87]Aalst W.Pi calculus versus petri nets:Let us eat "humble pie" rather than further inflate the "pi hype".BPTrends,2005,3(5):1-11.
[88]Puhlmann F.Why do we actually need the Pi-Calculus for Business Process Management?Proceedings of 9th International Conference on Business Information Systems,2006.77-89.
[89]Group P.M.The Process Modelling Group:Workshop Proceedings.Technical report,Process Modeling Group,Technische Universiteit Eindhoven,2005.http://www.process-modelling-group.org.
[90]Xu F,Zhang L.Unified Modeling and Analysis based on Petri nets and Pi calculus.Proceedings of TASE.IEEE Computer Society,2007.75-86.
[91]许斐.基于Petn网和Pi演算的协同业务过程统一建模及分析方法研究:[硕士学位论文].北京:清华大学,2007.
[92]Oh S,Sandhu R.S.A model for role administration using organization structure.Proceedings of SACMAT,2002.155-162.
[93]Wedde H.F,Lischka M.Modular authorization and administration.ACM Transactions on Information and System Security,2004,7(3):363-391.
[94]Koch M,Mancini L.V,Parisi-Presicce F.A graph-based formalism for RBAC.ACM Transactions on Information and System Security,2002,5(3):332-365.
[95]Koch M,Mancini L.V,Parisi-Presicce F.Administrative scope in the graph-based framework.In:Jaeger T,Ferrari E,editors,Proceedings of SACMAT.ACM,2004.97-104.
[96]龙勤,刘鹏,潘爱民.基于角色的扩展可管理访问控制模型研究与实现.计算机研究与发展,2005,42(5):868-876.
[97]Clark D.D,Wilson D.R.A Comparison of Commercial and Military Computer Security Policies.Proceedings of Proceedings of IEEE Symposium on Security and Privacy,1987.184-194.
[98]Sandhu R.S.Separation of Duties in Computerized Information Systems.Proceedings of Proceedings ofIFIP WG11.3 Workshop on Database Security,1990.179-190.
[99]Kuhn D.R.Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems.Proceedings of Proceedings of the 2nd ACM Workshop on Role-Based Access Control,1997.23-30.
[100]Botha R.A,Eloff J.H.P.Separation of duties for access control enforcement in workflow environments.IBM Systems Journal,2001,40(3):666-682.
[101]Bertino E,Ferrari E,Atluri V.An authorization model for supporting the Specification and Enforcement of Authorization Constraints in Workflow Management Systems.ACM Trans.Inf.Syst.Secur,1999,2(1):65-104.
[102]Knorr K,Stormer H.Modeling and Analyzing Separation of Duties in Workflow Environments.In:Dupuy M,Paradinas P,editors,Proceedings of SEC.Kluwer,2001.199-212.
[103]Liu D.-R,Wu M.-Y,Lee S.-T.Role-based authorizations for workflow systems in support of task-based separation of duty.The Journal of Systems and Software,2004,73(3):375-387.
[104]Jensen K.Coloured Petri Nets - basic concepts,analysis methods and practical use.German:Springer,1992.
[105]喻坚,韩燕波.面向服务的计算:原理和应用.北京:清华大学出版社,2006.
[106]Pierce B.Types and Programming Languages.MA:The MIT Press,2002.
[107]Milner R.The Polyadic π-calculus:A Tutorial.LFCS Report Series ECS-LFCS-91-180,University of Edinburgh,October,1991.
[108]Turner D.N.Type and Polymorphism in the π-calculus:[PhD Thesis].Edinburgh:University of Edinburgh,1995.
[109]Kobayashi N.A partially deadlock-free typed process calculus.ACM Transactions on Programming Languages and Systems,1998,20(2):436482.
[110]Hennessy M,Riely J.Information Flow vs.Resource Access in the Asynchronous Pi-Calculus.ACM Transactions on Programming Languages and Systems,2002,24(5):566-591.
[111]Hennessy M,Riely J.Resource Access Control in Systems of Mobile Agents.Information and Computation(formerly Information and Control),2002,173(1):82-120.
[112]王立斌,陈克非.A Simple Type System with Security Level in π-calculus.中国科学院研究生院学报,2002,19(3):278-281.
[113]Braghin C,Gorla D,Sassone V.Role-based access control for a distributed calculus.Journal of Computer Security,2006,14(2):113-155.
[114]Cardelli L,Ghelli G,Gordon A.D.Secrecy and Group Creation.Information and Computation (formerly Information and Control),2005,196(2):127-155.
[115]Bugliesi M,Colazzo D,Crafa S.Type Based Discretionary Access Control.In:Gardner P,Yoshida N,editors,Proceedings of 15th Concurrency Theory(CONCUR'04),London,UK:Springer-Verlag(New York),2004.225-239.
[116]Robinson J.A.A machine-oriented logic based on the resolution principle.J.ACM,1965,12(1):23-41.
[117]Knight K.Unification:A multidisciplinary survey.ACM Computing Surveys,1989,21(1):93-124.
[118]童秉枢,李建明,黄利平,等.产品数据管理(PDM)技术.北京:清华大学出版社,德国:施普林格出版社,2000.
[119]范文慧,李涛,熊光楞.产品数据管理(PDM)的原理与实施.北京:机械工业出版社,2004.
[120]朱战备,韩孝君,刘军.产品生命周期管理:PLM的理论与实务.北京:电子工业出版社.2004.
[121]CIMData.Product Lifecycle Management."Empowering the Future of Business".Technical report,CIMData Inc,2002.http://www.ariondata.com/servicios/documentacion/PLM_Definition_0210.pdf.
[2]WfMC.Workflow reference model.Technical Report(WFMC-TC00-1003),Workflow Management Coalition,Jan,1995.http://www.wfmc.org/standards/docs/tc003v11.pdf.
[3]WfMC.Workflow Process Definition Interface - XML Process Definition Language (XPDL).Technical Report(WFMC-TC-1025),Workflow Management Coalition,2005.
[4]OASIS.Web Services Business Process Execution Language(WS-BPEL),Version 2.0,January,2007.http://docs.oasis-open.org/wsbpel/2.0.
[5]W3C.Web Services Choreography Description Language(WS-CDL),Version 1.0,2005.http://www.w3.org/TR/2005/CR-ws-cdl-10-20051109.
[6]Georgakopoulos D,Homick M,A.Sheth.An Overview of Workflow Management:from Process Modeling to Workflow Automation Infrastructure.Distributed and Parallel Database,1995,3(2):119-153.
[7]Aalst W.M.P,Hofstede A.H.M,Weske M.Business Process Management:A Survey.In:Aalst W.M.P,Hofstede A.H.M,Weske M,editors,Proceedings of Business Process Management.Springer,2003.1-12.
[8]WfMC.Workflow Management Coalition Terminology and Glossary,Version 2.0.Technical Report(WFMC-TC-1011),Workflow Management Coalition,June,1996.
[9]WfMC.Workflow Security Considerations - White Paper.Technical Report(WFMC-TC-1019),Workflow Management Coalition,February,1998.
[10]Aalst W,Hofstede A.YAWL:Yet Another Workflow Language.Information Systems,2005,30(4):245-275.
[11]吴立峰.基于形式化模式分析的工作流执行网:[博士学位论文].北京:上海交通大学,2006.
[12]Aalst W,Hofstede A,Kiepuszewski B,et al.Workflow Patterns.Distributed and Parallel Databases,2003,14(1):5-51.
[13]范玉顺,罗海滨,林慧苹,等.工作流管理技术基础:实现企业业务过程重组、过程管理与过程自动化的核心技术.北京:清华大学出版社,2001.
[14]Aalst W,Hee K,著..工作流管理—模型、方法和系统.北京:清华大学出版社,2004.
[15]ISO.Information processing systems-Open Systems Interconnection-Basic Reference Model-Part 2:Security Architecture.Technical report,International Standard Organization,1989.
[16]Samarati P,Vinmercati S.Access Control:Policies,Models,and Mechanisms.Proceedings of International Summer School on Foundations of Security Analysis and Design,2000.137-196.
[17]Bishop M.Computer Security:Art and Science.Boston:Pearson Education,2003.
[18]刘克龙,冯登国,石文昌.安全操作系统原理与技术.北京:科学出版社,2004.
[19]Harrison M,Ruzzo W,Ullman J.Protection in operating systems.Communications of ACM,1976,19(8):461-471.
[20]Lipton R.J,Snyder L.A linear time algorithm for deciding subject security.Journal of ACM,1977,24(3):33-41.
[21]Lampson B.Protection.Proceedings of Proc.5th Princeton Symp.Informanon Science and Systems,1971.437-443.
[22]Bell D,LaPadula L.Secure computer systems:Mathematical foundations and model.Technical report,MITRE Corporation,Bedford,Massachusetts,1973.
[23]DOD.Trusted Computer System Evaluation Criteria.DOD 5200-28-STD.Technical report,Department of Defense,1985.
[24]Sandhu R.S,Coyne E.J,Feinstein H.L,et al.Role-Based Access Control Models.IEEE Computer,1996,29(2):38-47.
[25]Ferraiolo D.F,Sandhu R,Gavrila S,et al.Proposed NIST Standard for Role-Based Access Control.ACM Transactions on Information and System Security,2001,4(3):224-274.
[26]Thomas R.K,Sandhu R.S.Task-Based Authorization Controls(TBAC):A Family of Models for Active and Enterprise-Oriented Autorization Management.In:Lin T.Y,Qian S,editors,Proceedings of DBSec.Chapman & Hall,1997.166-181.
[27]Sandhu R.S,Bhamidipati V,Munawer Q.The ARBAC97 Model for Role-Based Administration of Roles.ACM Trans.Inf.Syst.Secur,1999,2(1):105-135.
[28]Crampton J,Loizou G.Administrative scope:A foundation for role-based administrative models.ACM Transactions on Information and System Security,2003,6(2):201—231.
[29]Atluri V,Huang W.An Authorization Model for Workflows.Proceedings of Proceedings of the Fifth European Symposium on Research in Computer Security,Rome,Italy,1996.44-64.
[30]Knorr K.Dynamic Access Control through Petri Net Workflows.Proceedings of ACSAC.IEEE Computer Society,2000.159-167.
[31]Wu S,Sheth A.P,Miller J.A,et al.Authorization and Access Control of Application Data in Workflow Systems.J.Intell.Inf.Syst,2002,18(l):71-94.
[32]Oh S,Park S.Task-role-based access control model.Information Systems,2003,28(6):533-562.
[33]AHN G.-J,SANDHU R,KANG M,et al.Injecting RBAC to secure a Web-based workflow system.Proceedings of Proceedings of 5th ACM Workshop on Role-Based Access Control,2000.26-28.
[34]邓集波,洪帆.基于任务的访问控制模型.软件学报,2003,14(1):76-82.
[35]王小明,赵宗涛,郝克刚.工作流系统带权角色与周期时间访问控制模型.软件学报,2003,14(1):1841-1848.
[36]徐伟,魏峻,李京.面向服务的工作流访问控制模型研究.计算机研究与发展,2005,39(8):1369-1375.
[37]Liao X,Zhang L,Chan S.A Task-Oriented Access Control Model for WfMS.Proceedings of International Conference on Information Security Practice and Experience(ISPEC),LNCS,2005.168-177.
[38]Hoffner Y,Ludwig H,Gulcu C,et al.An Architecture for Cross-Organisational Business Processes.Proceedings of Second International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems,2000.2-11.
[39]Yan S.-B,Wang F.-J.CA-PLAN,an Inter-Organizational Workflow Model.Proceedings of Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems,2004.154-162.
[40]Chiu D.K.W,Cheung S.-C,Karlapalem K,et al.Workflow View Driven Cross-Organizational Interoperability in a Web-Service Environment.In:Bussler C,Hull R,McIlraith S.A,et al.,editors,Proceedings of WES.Springer,2002.41-56.
[41]Chebbi I,Tara S.CoopFlow:A Framework for Inter-organizational Workflow Cooperation.Proceedings of CoopIS05,2005.112-129.
[42]刘鹤敏.基于插件的业务过程协同框架研究与实现:[硕士学位论文].北京:清华大学,2007.
[43]George Coulouris M.R.Role and task-based access control in the perdis groupware platform.Proceedings of Proceedings of 3rd ACM Workshop on Role-Based Access Control,Fairfax,VA,1998.115-121.
[44]Kang M.H,Park J.S,Froscher J.N.Access control mechanisms for inter-organizational workflow.Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001),Chantilly,Virginia,USA:ACM Press,2001.66-74.
[45]Periorellis P,Parastatidis S.Task-Based Access Control for Virtual Organizations.Proceedings of 4th International workshop on scientific engineering of Distributed Java Applications,2005.38-47.
[46]孙宇清.协同环境中访问控制模型与技术研究:[博士学位论文].山东:山东大学,2006.
[47]Tolone W,Ahn G,Pai T,et al.Access Control in Collaborative Systems.ACM Computing Surveys,2005,37(1):29-41.
[48]Adam N.R,Atluri V,Huang W.-K.Modeling and Analysis of Workflows using Petri Nets.Journal of Intelligent Information Systems,1998,10(2):131-158.
[49]Dong Y,Shen-Sheng Z.Approach for workflow modeling using N-calculus.Journal of Zhejiang University Science,2003,4:643-650.
[50]林闯,田立勤.用进程代数描述可适应工作流的模型方法.电子学报,2002,30(11):1624-1628.
[51]Sadiq W,Orlowska M.E.Analyzing Process Models using Graph Reduction Techniques.Information Systems,2000,25(2):117-134.
[52]Bi H.H,Zhao J.L.Applying Propositional Logic to Workflow Verification.Information Technology and Management,2004,5(3-4):293-318.
[53]Davulcu H,Kifer M,Ramakrishnan C,et al.Logic based modeling and analysis of workflows.Proceedings of Proceedings of the ACM Symposium in PODS' 98,1998.25-33.
[54]Haake J.M,Wang W.Flexible support for business processes:Extending cooperative hy-permedia with process support.Proceedings of Proceedings of ACM SIGGroup Group' 97,1997.341-350.
[55]Medina-Mora R,Winograd T,Flores R,et al.The action workflow approach to workflow management technology.Proceedings of Proceedings of CSCW' 92,1992.281-288.
[56]Endl R,Knolmayer G,Pfahrer M.Modeling processes and workflows by business rules.Proceedings of Proceedings of the 1 st European Workshop on Workflow and Process Management,1998.47-56.
[57]Goh A,Koh Y,Domazet D.ECA rule-based support for workflows.Artificial Intelligence in Engineering,2001,15(1):37-46.
[58]Yang D,Zhang S.Modeling Workflow Process Models with Statechart.Proceedings of Proceedings of the 10 th IEEE International Conference and Workshop on the Engineering of Computer-Based Systems(ECBS' 03),2003.55 -61.
[59]Basu A,Blanning.R.W.A formal approach to workflow analysis.Information Systems Research,2000,11(1):17-36.
[60]Bajaj A,Ram.S.A state-entity-activity-model for a well-defined workflow development methodology.IEEE Trans.Knowledge Data Engrg,2002,14(2):415-431.
[61]Russell N,Hofstede A,Edmond D,et al.Workflow Data Patterns.Technical report,Queensland University of Technology,2004.
[62]Sadiq S,Orlowska M,Sadiq W,et al.Data flow and validation in workflow modeling.Proceedings of Proc.15th Australasian Database Conf,2004.207-214.
[63]Sun S.X,Zhao J.L,Nunamaker J.F,et al.Formulating the Data-Flow Perspective for Business Process Management.Information Systems Research,2006,17(4):374-391.
[64]Atluri V,Huang W.A Petri Net Based Safety Analysis of Workflow Authorization Models.Journal of Computer Security,2000,8(2/3):209-240.
[65]Zhang Y,Zhang Y,Wang W.Modeling and Analyzing of Workflow Authorization Management.J.Network Syst.Manage,2004,12(4):507-535.
[66]Knorr K,Weidner H.Analyzing Separation of Duties in Petri Net Workflows.Proceedings of MMMACNS:International Workshop on Methods,Models and Architectures for Network Security,LNCS,2001.102-114.
[67]李红臣,史美林.工作流模型及其形式化描述.计算机学报,2003,26(11):1456-1463.
[68]Li H,Yang Y,Chen T.Resource constraints analysis of workflow specifications.The Journal of Systems andSoftware,2003,73:271-285.
[69]周建涛,史美林,叶新铭.CBR:一种支持工作流过程语义验证的组件级化简方法.电子学报,2005,33(6):1060-1065.
[70]Mutara T.Petri Nets:Properties,Analysis and Applications.Proc.IEEE,1989,77:541-580.
[71]袁崇义.Petri网原理与应用.北京:电子工业出版社,2005.
[72]Aalst W.The Application of Petri Nets to Workflow Management.The Journal of Circuits,Systems and Computers,1998,8(1):21-66.
[73]Dong M,Chen F.Petri net-based workflow modelling and analysis of the integrated manufacturing business processes.Int J Adv Manuf Tech,2005,26(9/10):1163-1172.
[74]刘东升.过程形式化定义及其动态演化方法研究:[博士学位论文].北京:清华大学,2002.
[75]Milner R,Parrow J,Walker J.A Calculus of Mobile Processes,Ⅰ and Ⅱ.Information and Computation,1992,100(1):1-40,41-77.
[76]Parrow J.An Introduction to the π-Calculus.In:Bergstra,Ponse,Smolka,editors,Proceedings of Handbook of Process Algebra.Elsevier,2001.
[77]Sangiorgi D,Walker D.The ~c-Calculus:a Theory of Mobile Processes.Cambridge:Cambridge University Press,2001.
[78]Padget J,Bradford R.A π-calculus Model of a Spanish Fish Market.In:Noriega P,Sierra C,editors,Proceedings of Proceedings of the 1 st International Workshop on Agent Mediated Electronic Commerce(AMET-98),Berlin:Springer,1999.166-188.
[79]Puhlmann F,Weske M.Using the pi -Calculus for Formalizing Workflow Patterns.In:Aalst W.M.P,Benatallah B,Casati K et al.,editors,Proceedings of Business Process Management,2005.153-168.
[80]Deng S,Wu Z,Zhou M,et al.Modeling Service Compatibility with Pi-calculus for Choreography.In:Embley D.W,Olive A,Ram S,editors,Proceedings of ER.Springer,2006.26-39.
[81]Lapadula A,Pugliese R,Tiezzi F.A WSDL-Based Type System for WS-BPEL.In:Ciancarini P,Wiklicky H,editors,Proceedings of COORDINATION.Springer,2006.145-163.
[82]Lucchi R,Mazzara M.A pi-calculus based semantics for WS-BPEL.J.Log.Algebr.Program,2007,70(1):96-118.
[83]Zhang L,Yu Z.Web Process Dynamic Stepped Extension:Pi-Calculus-Based Model and Inference Experiments.In:Meersman R,Tari Z,Hacid M.-S,et al.,editors,Proceedings of OTM Conferences(1).Springer,2005.202-219.
[84]于志伟.基于pi演算的工作流模型结构验证:[硕士学位论文].北京:清华大学,2005.
[85]Smith H,Fingar P.Workflow is just a pi process.BPTrends,2003,1:1-5.
[86]Aalst W.Why workflow is NOT just a Pi-process.BPTrends,2004,2:1-2.
[87]Aalst W.Pi calculus versus petri nets:Let us eat "humble pie" rather than further inflate the "pi hype".BPTrends,2005,3(5):1-11.
[88]Puhlmann F.Why do we actually need the Pi-Calculus for Business Process Management?Proceedings of 9th International Conference on Business Information Systems,2006.77-89.
[89]Group P.M.The Process Modelling Group:Workshop Proceedings.Technical report,Process Modeling Group,Technische Universiteit Eindhoven,2005.http://www.process-modelling-group.org.
[90]Xu F,Zhang L.Unified Modeling and Analysis based on Petri nets and Pi calculus.Proceedings of TASE.IEEE Computer Society,2007.75-86.
[91]许斐.基于Petn网和Pi演算的协同业务过程统一建模及分析方法研究:[硕士学位论文].北京:清华大学,2007.
[92]Oh S,Sandhu R.S.A model for role administration using organization structure.Proceedings of SACMAT,2002.155-162.
[93]Wedde H.F,Lischka M.Modular authorization and administration.ACM Transactions on Information and System Security,2004,7(3):363-391.
[94]Koch M,Mancini L.V,Parisi-Presicce F.A graph-based formalism for RBAC.ACM Transactions on Information and System Security,2002,5(3):332-365.
[95]Koch M,Mancini L.V,Parisi-Presicce F.Administrative scope in the graph-based framework.In:Jaeger T,Ferrari E,editors,Proceedings of SACMAT.ACM,2004.97-104.
[96]龙勤,刘鹏,潘爱民.基于角色的扩展可管理访问控制模型研究与实现.计算机研究与发展,2005,42(5):868-876.
[97]Clark D.D,Wilson D.R.A Comparison of Commercial and Military Computer Security Policies.Proceedings of Proceedings of IEEE Symposium on Security and Privacy,1987.184-194.
[98]Sandhu R.S.Separation of Duties in Computerized Information Systems.Proceedings of Proceedings ofIFIP WG11.3 Workshop on Database Security,1990.179-190.
[99]Kuhn D.R.Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems.Proceedings of Proceedings of the 2nd ACM Workshop on Role-Based Access Control,1997.23-30.
[100]Botha R.A,Eloff J.H.P.Separation of duties for access control enforcement in workflow environments.IBM Systems Journal,2001,40(3):666-682.
[101]Bertino E,Ferrari E,Atluri V.An authorization model for supporting the Specification and Enforcement of Authorization Constraints in Workflow Management Systems.ACM Trans.Inf.Syst.Secur,1999,2(1):65-104.
[102]Knorr K,Stormer H.Modeling and Analyzing Separation of Duties in Workflow Environments.In:Dupuy M,Paradinas P,editors,Proceedings of SEC.Kluwer,2001.199-212.
[103]Liu D.-R,Wu M.-Y,Lee S.-T.Role-based authorizations for workflow systems in support of task-based separation of duty.The Journal of Systems and Software,2004,73(3):375-387.
[104]Jensen K.Coloured Petri Nets - basic concepts,analysis methods and practical use.German:Springer,1992.
[105]喻坚,韩燕波.面向服务的计算:原理和应用.北京:清华大学出版社,2006.
[106]Pierce B.Types and Programming Languages.MA:The MIT Press,2002.
[107]Milner R.The Polyadic π-calculus:A Tutorial.LFCS Report Series ECS-LFCS-91-180,University of Edinburgh,October,1991.
[108]Turner D.N.Type and Polymorphism in the π-calculus:[PhD Thesis].Edinburgh:University of Edinburgh,1995.
[109]Kobayashi N.A partially deadlock-free typed process calculus.ACM Transactions on Programming Languages and Systems,1998,20(2):436482.
[110]Hennessy M,Riely J.Information Flow vs.Resource Access in the Asynchronous Pi-Calculus.ACM Transactions on Programming Languages and Systems,2002,24(5):566-591.
[111]Hennessy M,Riely J.Resource Access Control in Systems of Mobile Agents.Information and Computation(formerly Information and Control),2002,173(1):82-120.
[112]王立斌,陈克非.A Simple Type System with Security Level in π-calculus.中国科学院研究生院学报,2002,19(3):278-281.
[113]Braghin C,Gorla D,Sassone V.Role-based access control for a distributed calculus.Journal of Computer Security,2006,14(2):113-155.
[114]Cardelli L,Ghelli G,Gordon A.D.Secrecy and Group Creation.Information and Computation (formerly Information and Control),2005,196(2):127-155.
[115]Bugliesi M,Colazzo D,Crafa S.Type Based Discretionary Access Control.In:Gardner P,Yoshida N,editors,Proceedings of 15th Concurrency Theory(CONCUR'04),London,UK:Springer-Verlag(New York),2004.225-239.
[116]Robinson J.A.A machine-oriented logic based on the resolution principle.J.ACM,1965,12(1):23-41.
[117]Knight K.Unification:A multidisciplinary survey.ACM Computing Surveys,1989,21(1):93-124.
[118]童秉枢,李建明,黄利平,等.产品数据管理(PDM)技术.北京:清华大学出版社,德国:施普林格出版社,2000.
[119]范文慧,李涛,熊光楞.产品数据管理(PDM)的原理与实施.北京:机械工业出版社,2004.
[120]朱战备,韩孝君,刘军.产品生命周期管理:PLM的理论与实务.北京:电子工业出版社.2004.
[121]CIMData.Product Lifecycle Management."Empowering the Future of Business".Technical report,CIMData Inc,2002.http://www.ariondata.com/servicios/documentacion/PLM_Definition_0210.pdf.