产业链协同SaaS平台业务流程定制安全技术研究

计算机科学 ›› 2014, Vol. 41 ›› Issue (1): 230-234.

产业链协同SaaS平台业务流程定制安全技术研究

曹帅,王淑营

西南交通大学CAD工程中心成都610031;西南交通大学CAD工程中心成都610031

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家科技支撑计划课题(2011BAH21B02,2011BAH21B03),四川省科技攻关技术项目(2010GZ0189),制造业产业链协同与信息化支撑技术四川省重点实验室开放项目(2013-002)资助

Research on Security Technology of Workflow Customization for Collaborative SaaS Platform of Industrial Chains

CAO Shuai and WANG Shu-ying

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 针对产业链协同SaaS平台企业群以盟主企业为核心的业务流定制过程中的流程规则编排、存储/访问以及执行控制3个环节可能存在的安全隐患,建立了基于数字签名及业务实例关联的业务流程安全控制模型,对XML数字签名和验证模式、存储策略及模型执行策略进行了研究,提出了基于用户身份认证和业务实例关联的安全签名、存储和执行算法。对该安全模型和算法在汽车产业链协同SaaS平台企业群车辆售后的三包业务流程定制和执行过程进行了验证,结果表明其能防止业务流程在编排、存储和执行过程中被非法篡改和调用。

关键词: SaaS平台,安全,流程定制,数字签名

Abstract: A workflow control security model for security risks that may exist in the process of workflow rules choreography,storage/access and execution control in the workflow customization of collaborative SaaS platform of industrial chains with dominant enterprise as core was proposed based on the digital signature and service instance association．According to the research on the XML digital signature alone with its validating procedure and the strategy on storage and executing models,a digital signature which includes methods of validating the identity of users and is related to business operations,way of storing and arithmetic was proposed．The security model and arithmetic were validated in the customization and execution of the after service of vehicle on the collaborative SaaS platform of industrial chains,showing that it can prevent illegal tampering and transferring of workflow in the process of choreography,storage and execution.

Key words: SaaS platform,Security,Workflow customization,Digital signature

曹帅,王淑营. 产业链协同SaaS平台业务流程定制安全技术研究[J]. 计算机科学, 2014, 41(1): 230-234. https://doi.org/

CAO Shuai and WANG Shu-ying. Research on Security Technology of Workflow Customization for Collaborative SaaS Platform of Industrial Chains[J]. Computer Science, 2014, 41(1): 230-234. https://doi.org/

参考文献

[1] 周亮,曹健,陈姣娟．软件即服务流程模型的自动演化[J]．计算机集成制造系统,2011,17(8):1603-1608
[2] Thomas K,Thao N,Linh L．A software as a service with multi-tenancy support for an electronic contract management application[C]∥2008IEEE International Conference on Services Computing．Hawaii,2008:179-186
[3] Zhang Kuo,Zhang Xin,Sun Wei,et al．A policy-driven approach for software-as-services customization[C]∥Proceedings of the 9th IEEE International Conference on E-Commerce Technology(CEC) and the 4th IEEE International Conference on Enterprise Computing(EEE)．Tokyo,Japan,2007:123-130
[4] Li Ya,Wang Hai-rui,Zhang Zhibin.Multi-Agent Based Workflow Management Systems Design[M].Adv.Scl．Lett.6,2012:727-731
[5] 曹健,李明禄,张申生．基于多Agent协商的服务流程定制[J]．计算机学报,2006,29(7):1116-1124
[6] 史玉良,栾帅,李庆忠,等．基于TLA的SaaS业务流程定制及验证机制研究[J]．计算机学报,2010,3(11):2055-2066
[7] 高嵩,欧阳昱,刘玉树.工作流模型的有向图表示及基于Petri网的验证方法[J]．计算机仿真,2004,21(6):182-184
[8] Stormer H,Knorr K.A model for security in agent-based workflows[J]．INFORMATIK/INFORMATI- QUE,(6):24-29
[9] 琚洁慧,吴吉义,章剑林,等．SaaS应用中的多租户与安全技术研究[J]．电信科学,2010,10:41-46
[10] 王菽兰,李晓桓,李伟．基于SaaS的物流信息系统安全性机制研究[J]．信息安全与技术,2012:36-38
[11] 王凯,张毅坤,杨凯峰,等．面向OA系统的工作流引擎研发[J]．计算机工程与设计,2008:4967-4970

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed