电子学报
電子學報
전자학보
ACTA ELECTRONICA SINICA
2013年
10期
2087-2093
,共7页
翟治年%卢亚辉%奚建清%赵铁柱%汤德佑%顾春华
翟治年%盧亞輝%奚建清%趙鐵柱%湯德祐%顧春華
적치년%로아휘%해건청%조철주%탕덕우%고춘화
访问控制%任务%角色%细粒度职责分离%冗余约束
訪問控製%任務%角色%細粒度職責分離%冗餘約束
방문공제%임무%각색%세립도직책분리%용여약속
access control%task%role%fine-grained separation of duties%redundant constraint
为企业级工作流授权机制定义了多维可泛化的职责分离框架,能够对团队任务涉及的多种分工形式进行深入全面的限制。系统分析了框架中的约束覆盖规则,并证明其正确性和完备性,为约束管理自动化奠定了基础。作为应用,根据规则给出了冗余动态约束的检测算法。最后通过案例研究验证了模型特性。
為企業級工作流授權機製定義瞭多維可汎化的職責分離框架,能夠對糰隊任務涉及的多種分工形式進行深入全麵的限製。繫統分析瞭框架中的約束覆蓋規則,併證明其正確性和完備性,為約束管理自動化奠定瞭基礎。作為應用,根據規則給齣瞭冗餘動態約束的檢測算法。最後通過案例研究驗證瞭模型特性。
위기업급공작류수권궤제정의료다유가범화적직책분리광가,능구대단대임무섭급적다충분공형식진행심입전면적한제。계통분석료광가중적약속복개규칙,병증명기정학성화완비성,위약속관리자동화전정료기출。작위응용,근거규칙급출료용여동태약속적검측산법。최후통과안례연구험증료모형특성。
Based on some enterprise-level workflow authorization mechanisms ,a multi-dimensional and generalizable frame-work for Separation of Duty is specified ,and multiple labor dividing forms related to team-collaborated tasks can be restricted deeply and all-sidedly .Coverage rules among these constraints are analyzed systematically .The correctness and completeness of these rules are proved such that a basis for the automation of constraint administration is provided .As application of the rules ,a detecting algo-rithm for redundant dynamic constraints is given .Finally ,the features of this model are verified via a case study .
