ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (10): 2404-2418.doi: 10.7544/issn1000-1239.2017.20170397

• 信息安全 • 上一篇    

业务流程授权约束依从性分析

薄阳1,2,夏春和1,2,3   

  1. 1(网络技术北京市重点实验室(北京航空航天大学) 北京 100191); 2(北京航空航天大学计算机学院 北京 100191); 3(广西师范大学计算机科学与信息工程学院 广西桂林 510004) (cseby@buaa.edu.cn)
  • 出版日期: 2017-10-01
  • 基金资助: 
    国家自然科学基金联合基金项目(U1636208);中航工业产学研项目(CXY2011BH07)

Compliance Analysis of Authorization Constraints in Business Process

Bo Yang1,2, Xia Chunhe1,2,3   

  1. 1(Beijing Key Laboratory of Network Technology (Beihang University), Beijing 100191); 2(School of Computer Science and Engineering, Beihang University, Beijing 100191); 3(College of Computer Science and Information Technology, Guangxi Normal University, Guilin, Guangxi 510004)
  • Online: 2017-10-01

摘要: 授权约束的依从性研究是业务流程安全领域中的重要研究内容.针对授权约束提出了全新的业务流程依从性分析框架,该框架可以处理:1)流程授权和非流程授权;2)业务流程任务委托;3)角色继承关系;4)职责分离和职责绑定约束;5)静态约束和动态约束.提出授权图表示依从性分析框架,并给出授权图的构造和化简方法对授权图进行维护,然后设计了针对授权图的依从性分析算法.基于分析结果,给出了不依从授权约束的冲突模式,针对每一种冲突模式设计一组解决方案,并实现了原型系统.所提出的授权约束依从性分析框架独立于系统部署的平台,适用范围广泛.最后通过实例分析和实验验证说明了该方法的有效性.

关键词: 业务流程, 授权约束, 依从性, 职责分离, 职责绑定, 任务委托

Abstract: A novel framework of business process compliance analysis is proposed in this paper, and the proposed framework can process 1)business process authorization and non-business process authorization; 2)delegation of task of business processes; 3)inheritance of roles; 4)separation of duty and binding of duty constraints; 5)statics constraints and dynamic constraints. Authorization graph is proposed to describe the framework, and construct and reduce methods of authorization graph are designed to maintain the graph, then compliance analysis algorithms of authorization graph are proposed. Based on the analysis results, conflict patterns are presented. A set of resolutions for each pattern are provided, and a prototype system is implemented. The framework of authorization constraint compliance analysis, independent of platform, can be widely applied to system security analyzing. The effectiveness of the proposed method is reported by a case study and experiments at the end of this paper.

Key words: business process, authorization constraints, compliance, separation of duty, binding of duty, task delegation

中图分类号: