摘要
随着数据库、网络和分布式计算的发展,组织任务进一步自动化,与服务相关的信息进一步计算机化,实际的信息系统往往需要由多个相关的任务构成业务流程(工作流)来完成,这促使我们将安全问题方面的注意力从独立的计算机系统中静态的主体和客体保护转移到随着任务的执行而进行动态授权的保护上。目前的访问控制模型都是从系统的角度出发去保护资源,在进行权限控制时没有考虑执行的上下文环境,这种静态的访问控制不能满足工作流对访问控制的要求。针对访问控制策略难以适应工作流系统的问题,文章介绍了一种新的安全模型——基于任务的访问控制(Task-based Access Control,TBAC),TBAC可依据任务和任务状态的不同,对权限进行动态实时的管理。介绍了TBAC的基本概念,对其模型进行了描述和分析,就审批系统的一个典型的审批流程进行了模型化。TBAC把实际应用中的工作流和访问控制所需的各种关系整体地结合在一起,可以清晰地表达复杂工作流的控制机制。
With the development of database,networking and distributed computing,it makes people to shift the focus on security from the protection of individual objects and subjects in isolated computer system to the protection of dynamical authorization with executing tasks.At present,information system sometimes needs many correlative tasks to form workflow,but most access control models take a system-centric view of protecting resources,and they don't take account of the context when controlling the permissions,which can not meet the needs of the workflow access.In this paper,an access control model called TBAC(Task-based Access Control)is introduced,which can manage the permissions through tasks and tasks' status.The basic concepts,formalization description and analysis are introduced.And it also presents a model of a representative workflow in an endorsement system.The control mechanism of complex workflow can be described clearly through TBAC in the applications,which integrate the workflows and the relations refer to access control.
出处
《电脑与信息技术》
2005年第6期58-61,共4页
Computer and Information Technology