摘要
为实现职责分离和最小权限约束,在传统基于角色和任务访问控制模型的基础上,提出一种应用角色和任务访问控制的工作流动态授权模型。该模型主要包含:①引入了工作流上下文信息来加强职责分离约束;②把权限最小化到任务状态层次;③根据工作流的变化和执行任务所处的状态进行动态地授权。最后以驾驶员培训系统为例,说明了该模型怎样动态实现最小权限约束、职责分离和动态授权,以此说明该模型能够满足工作流动态变化频繁的复杂系统访问控制的需要。
According to the traditional research on task-role-based access control model,the paper proposed a workflow dynamic authorization model with task-role-based access control to achieve the separation of duties and least privilege.The model main contain:①strengthening separation of duties by introducing the context information of workflow;②achieving the least privilege to task-status level;③performing dynamic authorization according to the changes of workflow and the status of task.Finally,gave an example of driver training management system to indicate how to implement the least privilege,separation of duty and dynamic authorization in the model,which could satisfy the requirements of frequent changes of workflow in the complex access control system.
出处
《计算机应用研究》
CSCD
北大核心
2010年第4期1511-1513,共3页
Application Research of Computers
关键词
职责分离
访问控制
最小权限
动态授权
separation of duty
access control
least privilege
dynamic authorization
