中文摘要：

为了直观和准确地描述工作流访问控制,提出了一个基于图的工作流访问控制模型。使用图和图变换对模型进行形式化描述,并给出了模型应用的相关算法。在该模型中,使用类型图表示访问控制中各元素的类型信息,使用带变量规则表示系统授权状态转换,使用肯定、否定约束限制图结构,并建立了基于图的工作流访问控制授权约束和图变换规则模板。提出了基于图变换的约束一致性验证算法和使用图终止性对授权合理性验证的方法。最后,通过一个实例对模型进行了验证。

英文摘要：

To provide a direct and precise description for workflow access control, an access control model lor work flow systems was developed based on graph and graph transformation. The model was represented by using graph which provided a formal basis for proving the semantic correctness of the model. The model was formally described by graph and graph transformation and relevant algorithms to the model were also presented. In this model, a type of graph was specified to represent the type information of elements in the graph transformation for workflow access control, a set of rules with variable were used to express the transformation of system authorization status and a series of positive and negative constraints were set up to depict wanted and unwanted framework in authorization graph. The graph based authorization constraints of access control in workflow and template of graph transformation rules were also set up. The verification algorithm of constraints consistency was proposed. And the method by using termination to verify access control rationality was also presented. Finally, an application example was provided to verify the feasibility of the model.