期刊名称:International Journal of Computer Science and Security (IJCSS)
电子版ISSN:1985-1553
出版年度:2010
卷号:4
期号:5
页码:436-450
出版社:Computer Science Journals
摘要:Many organizations in industry and civilian government start deploying Business Process Management systems (BPMS) and technology in their IT applications. This could lead to a dramatic operational efficiency improvement on their business and administrative environments. With these atmospheres, the security issue is becoming a much more important challenge in the BPMS literature. The Role-Based Access Control (RBAC) model has been accepted as a promise security model solution and standard. RBAC is able to accomplish the central administration of an organizational specific security policy. It is also able to meet the secure processing needs of many commercial and civilian government organizations. In spite of these facts, RBAC model is not reliable when applying to the BPMS without further modifications and extensions. RBAC is modified to fit with Service oriented (SRBAC), but still not reliable enough to handle BPMS. Authors of that research proposed a security model based on SRBAC model to be more reliable when using with BPMS. Authors of that research named that proposed security model as Improved Role Based Access Control (IRBAC). The IRBAC model is directly applicable to the BPMS. Authors defined a graphical representation and technical implementation of the IRBAC model. This IRBAC model is tested using simple case study. The test compares between the IRBAC model and SRBAC model where IRBAC is implemented in two cases (IRBAC with caching and IRBAC with no caching). The test results show the validity and performability of the IRBAC model.
关键词:Role Based Access Control RBAC; Business Process Management System BPMS; Caching technique
