| As the fast development of computer science, communication technology and information technology, workflow management system(WFMS) that computerizes business process developed fast and became more mature. However, new challenge of information security in WFMS came out as we used it. That traditional information security mechanism couldn't protect information properly in WFMS made it always unreliable, so it might not computerize business process completely.In this paper, basing on popular access control mechanism Role-Based Access Control (RBAC) and referring to Task-Based Access Control (TBAC), an information security model was designed and used to direct practical WFMS development and implementation. The main content of this paper is:Firstly, this paper introduces related conception of WFMS, formulates the theoretical and practical importance of researching information security in WFMS and sums up the domestic and foreign research in this field, recognizing there're still some critical problems to be solved.Secondly, it introduces the architecture of WFMS and information security, and then illustrated the requirement of information security, corresponding device and implementation technology, including some WFMS products.Thirdly, it specifically explains existing information security model of WFMS, including workflow reference model, identity authentification model, access control model and authorization model. It emphasizes RBAC and TBAC among the access control model, which are the bases for the model to be designed.Fourthly, by analyzing the advantage and disadvantage of existing model, the author designed a new model that is based on RBAC and combines RBAC with TBAC. It is more secure for WFMS, analyzed its capability of security, and then set an actual WFMS as an example to explain the practical application of the new model.Lastly, the author summarized up the paper and pointed out the future research direction. |
PDF Full Text Request