Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (7): 700-.

Previous Articles     Next Articles

A Vulnerability Management System Based on Multiconstrained  Secure Workflow


  • Online:2022-07-04 Published:2022-07-04



  1. 1(福建师范大学网络与数据中心福州350117)
  • 通讯作者: 陈圣楠 硕士,实验师.主要研究方向为数据挖掘、网络安全应用.
  • 作者简介:陈圣楠 硕士,实验师.主要研究方向为数据挖掘、网络安全应用. 范新民 硕士,正高级实验师.主要研究方向为网络安全应用、教育信息化、教育大数据. 许力 教授,博士生导师.主要研究方向为网络与信息安全、无线网络与通信、云计算与物联网、图论及其应用、智能信息处理.

Abstract: The cyberspace security faces great challenges nowadays for the increasing amount of vulnerabilities. Many corporations and organizations find it difficult to deal with them, resulting in the economic loss and the endless suffering. As vulnerability management requires people, resources and tools working together, it is necessary to design an efficient and secure workflow. To tackle this problem, a multiconstraint secure workflow model is proposed based on TaskRoleBased Access Control with time, space and context constrains. The proposed model is applied to vulnerability management flow. The practice showed that the workflow can cover the lifecycle management of vulnerabilities and guarantee the consistency between rights and obligation for stakeholders. It makes it easy to identify, process, analyze and record the data, which helps to trace the workflow of vulnerability management.Key words vulnerability management; secure workflow; lifecycle management; finedgrained access control; cyber security

Key words: vulnerability management, secure workflow, lifecycle management, finedgrained access control, cyber security

摘要: 当前网络空间安全形势日益严峻,层出不穷的网络安全漏洞使许多企事业单位痛苦不堪,造成难以估量的经济损失,成为大多数企事业单位的痛点和难点.漏洞管理需要协同人、资源和工具共同完成,必须设计一套高效的、安全的工作流.针对这一情况,在基于任务角色的访问控制策略基础上,添加时间、空间、上下文等属性约束,构建多约束安全工作流模型并将其应用于漏洞管理流程.实践表明,流程可覆盖漏洞全生命周期管理,确保相关人员权责统一.同时,流程能轻松完成对数据及时定位、处理、分析和存档,使漏洞管理全过程可追踪、可回溯.关键词漏洞管理;安全工作流;全生命周期管理;细粒度访问控制;网络安全

关键词: 漏洞管理, 安全工作流, 全生命周期管理, 细粒度访问控制, 网络安全