基于 BPMN 扩展的安全约束工作流模型-《计算机技术与发展》

文章信息/Info

Title:: A Business Processes Model of Security Constraint Based on BPMN Extension

Author(s):: YAN Zhang-ling 1 ; DAI Mao 2 ; PENG Qiang 1; 1. Jincheng College of Sichuan University,Chengdu 611731,China;
2. Distance Education College of Sichuan University,Chengdu 610065,China

Keywords:: role and task; workflow access control; minimum permission principle; BPMN

摘要:: 基于角色的访问控制(role based access control,RBAC)是软件系统中常用的授权机制,而工作流引擎中的核心授权单位是任务,使得 RBAC 难以应用在工作流系统中。文中在 RBAC 思想的基础上,通过对工作流资源边界的确立,将角色与工作流中的任务相关联来进行资源的访问控制与授权,很好地将 RBAC 融合进工作流,有效地避免了工作流建立自成体系的权限控制而增加系统复杂性,让同一目标对象的授权在工作流引擎内外得到统一。同时,对业务流程建模与标注(business process model and notation,BPMN)的元模型进行安全约束的扩展,以便于在流程图中准确地表达基于角色和任务的安全约束需求,为业务流程的表示与执行提供了良好的支持;最后,将这种扩展应用在了四川省某电力公司的合同与督查管理系统中,并对其具体业务流程的应用进行分析与验证。

Abstract:: The role based access control (RBAC) is a common authorization mechanism in software system,while task is the core authorization unit in workflow engine,which makes it hard to apply RBAC into workflow system. On the basis of RBAC,we connect the roles and the tasks in the workflow for access control and authorization of resources by defining a resource boundary,which prevents effectively workflow from building a separate authorization control with increase of system complexity,and enables the authorization of the same object to be unified inside and outside the workflow. At the same time,we also extend the meta-model of business process modeling notation (BPMN) in secure constraint so as to accurately express the security constraint requirements based on roles and tasks in the flowchart,which provides a good support for the presentation and execution of business process. Finally,we apply this approach into a typical
business process in a power supply company,which is analyzed and verified in specific business application.