计算机科学 ›› 2018, Vol. 45 ›› Issue (7): 129-134.doi: 10.11896/j.issn.1002-137X.2018.07.021

• 信息安全 • 上一篇    下一篇

分布式工作流环境下角色匹配的访问控制模型

何思源,欧博,廖鑫   

  1. 湖南大学信息科学与工程学院 长沙410082
  • 收稿日期:2017-02-21 出版日期:2018-07-30 发布日期:2018-07-30
  • 作者简介:何思源(1989-),男,硕士生,主要研究方向为访问控制;欧 博(1985-),男,博士,讲师,硕士生导师,主要研究方向为信息安全,E-mail:oubo@hnu.edu.cn(通信作者);廖 鑫(1985-),男,博士后,讲师,硕士生导师,主要研究方向为信息安全。
  • 基金资助:
    本文受国家自然科学基金(61502160),教育部博士点新教师基金(20130161120004),中央高校基本科研业务费资助。

Role Matching Access Control Model for Distributed Workflow

HE Si-yuan, OU Bo, LIAO Xin   

  1. College of Computer Science and Electronic Engineering,Hunan University,Changsha 410082,China
  • Received:2017-02-21 Online:2018-07-30 Published:2018-07-30

摘要: 在分布式工作流环境中,为了使用户获得最合适的权限来执行工作流任务,往往需要给用户指派相应的角色。针对一组给定授权下的用户最佳角色匹配问题,提出一种分布式工作流环境下角色匹配的访问控制模型。该模型可以根据工作流的不同任务,从系统的角色中寻找拥有相关任务执行权限的一组或多组角色集合,然后参考环境、时间约束和角色间的继承关系来进行匹配优化,最终为用户选取最优的角色集合。实验表明,该模型能够剔除冗余角色,为用户精确分配一组最小的角色集合,从而达到角色匹配优化的目的。

关键词: 访问控制, 分布式工作流, 环境和时间约束, 角色匹配

Abstract: In the distributed workflow,it is required to assign the users with appropriate roles for the security concerns.This paper proposed a role matching access control model under distributed workflow environment to address the optimal role matching problem for a given authorization.According to different tasks of workflow,the model can find a set or multiple sets of roles with relevant executive authority from the system role,and then optimize the role matching by considering the reference environment,time constraints and the inheritance relationship among the roles.The experimental results show that the model can eliminate redundant roles,and assign a set of minimum set of roles for users,thus achieving the role matching optimization.

Key words: Access control, Distributed workflow, Environment and time constraints, Role matching

中图分类号: 

  • TP309.2
[1]WANG Y D,YANG J H,XU C,et al.Survey on Access Control Technologies for Cloud Computing.Journal of Software,2015,26(5):1129-1150.(in Chinese)
王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述.软件学报,2015,26(5):1129-1150.
[2]FENG C S,QIN Z G,YUAN D,et al.Key Techniques of Access Control for Cloud Computing .Acta Electronica Sinica,2015,43(2):312-319.(in Chinese)
冯朝胜,秦志光,袁丁,等.云计算环境下访问控制关键技术.电子学报,2015,43(2):312-319.
[3]LI F H,SU M,SHI Z G,et al.Research Status and Development Trends of Access Control Model .Acta Electronica Sinica,2012,40(4):805-813.(in Chinese)
李凤华,苏铓,史振国,等.访问控制模型研究进展及发展趋势.电子学报,2012,40(4):805-813.
[4]LI N.Discretionary access control∥Encyclopedia of Cryptography and Security.Springer US,2011:353-356.
[5]HAN D J,GAO J,ZHAI H L,et al.Research Development of Access Control Model .Computer Science,2010,37(11):29-33.(in Chinese)
韩道军,高洁,翟浩良,等.访问控制模型研究进展.计算机科学,2010,37(11):29-33.
[6]UPADHYAYA S.Mandatory Access Control∥Encyclopedia of Cryptography and Security.Springer US,2011:756-758.
[7]SANDHU R S,COYNE E J,FEINSTEIN H L,et al.Role-based Access Control Models .Computer,1996,29(2):38-47.
[8]ZHANG X M,HUANG Z Q,SUN Y.Research on Privacy Access Control Based on RBAC .Computer Science,2016,43(1):166-171.(in Chinese)
张学明,黄志球,孙艺.基于RBAC的隐私访问控制研究.计算机科学,2016,43(1):166-171.
[9]WANG X W,ZHAO Y M.A Task-role-based Access ControlModel for Cloud Computing .Computer Engineering,2012,38(24):9-13.(in Chinese)
王小威,赵一鸣.一种基于任务角色的云计算访问控制模型.计算机工程,2012,38(24):9-13.
[10]SEJONG O,SEOG P.Task-role-based Access Control Model.Information System,2003,28(6):533-562.
[11]WANG J Y,FENG L X,ZHENG X F,et al.Research Status and Development Trends of Access Control Model .Journal of Central South University(Science and Technology),2015,46(6):2090-2097.(in Chinese)
王静宇,冯黎晓,郑雪峰.一种面向云计算环境的属性访问控制模型.中南大学学报(自然科学版),2015,46(6):2090-2097.
[12]LI F H,WANG W,MA J F,et al.Action-based Access Control Model and Administration of Actions .Acta Electronica Sinica,2008,36(10):1881-1890.(in Chinese)
李凤华,王巍,马建峰,等.基于行为的访问控制模型及其行为管理.电子学报,2008,36(10):1881-1890.
[13]SU M,LI F H,SHI G Z.Action-based Multilevel Access Control Model .Journal of Computer Research and Document,2014,51(7):1604-1613.(in Chinese)
苏铓,李凤华,史国振.基于行为的多级访问控制模型.计算机研究与发展,2014,51(7):1604-1613.
[14]LANG B.Access Control Oriented Quantified Trust DegreeRepresentation Model for Distributed Systems .Journal on Communications,2010,31(12):45-54.(in Chinese)
郎波.面向分布式系统访问控制的信任度量化模型.通信学报,2010,31(12):45-54.
[15]FU X,XU S,ZHOU D M.Research on Trust-based AccessControl Model in Cloud Computing Environment .Computer Technology and Development,2015,25(9):139-143.(in Chinese)
付雄,徐松,周代明.云计算环境下基于信任的访问控制模型研究.计算机技术与发展,2015,25(9):139-143.
[16]DU S,JOSHI J B D.Supporting Authorization Query and Inter-domain Role Mapping in Presence of Hybrid Role Hierarchy[C]∥Proceedings of the 11th ACM Symposium on Access Control Models and Technologies.New York:ACM,2006:228-236.
[17]YANG L,TANG Z,LI R F,et al.Roles Query Algorithm in Cloud Computing Environment Based on User Require .Journal on Communications,2011,32(7):169-175.(in Chinese)
杨柳,唐卓,李仁发,等.云计算环境中基于用户访问需求的角色查找算法.通信学报,2011,32(7):169-175.
[18]ZHANG Y,JOSHI J B D.Uaq:A Framework for User Authorization Query Processing in RBAC Extended with Hybrid Hie-rarchy and Constraints[C]∥Proceedings of the 13th ACM Symposium on Access Control Models and Technologies.New York:ACM,2008:83-92.
[19]LU J,JOSHI J B D,JIN L,et al.Towards Complexity Analysis of User Authorization Query Problem in RBAC .Computers &Security,2015,48(C):116-130.
[1] 郭鹏军, 张泾周, 杨远帆, 阳申湘.
飞机机内无线通信网络架构与接入控制算法研究
Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft
计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220
[2] 阳真, 黄松, 郑长友.
基于区块链与改进CP-ABE的众测知识产权保护技术研究
Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE
计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[3] 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪.
基于区块链的工业控制系统角色委派访问控制机制
Blockchain-based Role-Delegation Access Control for Industrial Control System
计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235
[4] 程学林, 杨小虎, 卓崇魁.
基于组织架构的数据权限控制模型研究与实现
Research and Implementation of Data Authority Control Model Based on Organization
计算机科学, 2021, 48(6A): 558-562. https://doi.org/10.11896/jsjkx.200700127
[5] 潘瑞杰, 王高才, 黄珩逸.
云计算下基于动态用户信任度的属性访问控制
Attribute Access Control Based on Dynamic User Trust in Cloud Computing
计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013
[6] 曹萌, 于洋, 梁英, 史红周.
基于区块链的大数据交易关键技术与发展趋势
Key Technologies and Development Trends of Big Data Trade Based on Blockchain
计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163
[7] 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳.
多云环境中基于属性加密的高效多关键词检索方案
Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment
计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026
[8] 徐堃, 付印金, 陈卫卫, 张亚男.
基于区块链的云存储安全研究进展
Research Progress on Blockchain-based Cloud Storage Security Mechanism
计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015
[9] 王静宇, 刘思睿.
大数据风险访问控制研究进展
Research Progress on Risk Access Control
计算机科学, 2020, 47(7): 56-65. https://doi.org/10.11896/jsjkx.190700157
[10] 顾荣杰, 吴治平, 石焕.
基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究
New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model
计算机科学, 2020, 47(6A): 400-403. https://doi.org/10.11896/JsJkx.191000066
[11] 潘恒, 李景峰, 马君虎.
可抵御内部威胁的角色动态调整算法
Role Dynamic Adjustment Algorithm for Resisting Insider Threat
计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051
[12] 王辉, 刘玉祥, 曹顺湘, 周明明.
融入区块链技术的医疗数据存储机制
Medical Data Storage Mechanism Integrating Blockchain Technology
计算机科学, 2020, 47(4): 285-291. https://doi.org/10.11896/jsjkx.190400001
[13] 屠袁飞,张成真.
面向云端的安全高效的电子健康记录
Secure and Efficient Electronic Health Records for Cloud
计算机科学, 2020, 47(2): 294-299. https://doi.org/10.11896/jsjkx.181202256
[14] 乔毛,秦岭.
云存储服务中一种高效属性撤销的AB-ACCS方案
AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services
计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015
[15] 黄美蓉, 欧博, 何思源.
一种基于特征提取的访问控制方法
Access Control Method Based on Feature Extraction
计算机科学, 2019, 46(2): 109-114. https://doi.org/10.11896/j.issn.1002-137X.2019.02.017
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!