Security in PKI/PMI-Based Workflow Security Model
In consideration of simple workflow security model, there are some defects such as simple authentication, inflexible authorization and absent of audit, etc. However, based on the intensive research of security needs of WfMS, and by involving PKI/PMI technology, an enhanced workflow security model can be a viable choice. This model introduces strong factor authentication by utilizing PKI, T&RBAC access control by utilizing PM1 and by utilizing digital signature and DTS to provide non-repudiation and existing services. The requirements of security audit also can be satisfied well. Comparing with simple workflow security model, theory study shows this PKI/PMI-based model improves the safety and flexibility significantly. A convenient and reliable solution for Data Privacy, Data Integrity, data Availability and Non Repudiation is adjusted to the requirements of workflow. The risks from illegal and unauthorized operations are reduced to minimum.
component Workflow Security Model PKI PMI Audit
XU Zhiqi JIANG Chaohui
School of Computer Science and Information Guizhou University Guiyans, China School of Computer Science and Information Guizhou University Guiyang, China
国际会议
2010 Second Asia-Pacific Conference on Information Processing(2010年第二届亚太地区信息处理国际会议 APCIP 2010)
南昌
英文
226-229
2010-09-17(万方平台首次上网日期,不代表论文的发表时间)