Abstract: The cyberspace security faces great challenges nowadays for the increasing amount of vulnerabilities. Many corporations and organizations find it difficult to deal with them, resulting in the economic loss and the endless suffering. As vulnerability management requires people, resources and tools working together, it is necessary to design an efficient and secure workflow. To tackle this problem, a multiconstraint secure workflow model is proposed based on TaskRoleBased Access Control with time, space and context constrains. The proposed model is applied to vulnerability management flow. The practice showed that the workflow can cover the lifecycle management of vulnerabilities and guarantee the consistency between rights and obligation for stakeholders. It makes it easy to identify, process, analyze and record the data, which helps to trace the workflow of vulnerability management.Key words vulnerability management; secure workflow; lifecycle management; finedgrained access control; cyber security

Key words: vulnerability management, secure workflow, lifecycle management, finedgrained access control, cyber security

摘要： 当前网络空间安全形势日益严峻，层出不穷的网络安全漏洞使许多企事业单位痛苦不堪，造成难以估量的经济损失，成为大多数企事业单位的痛点和难点.漏洞管理需要协同人、资源和工具共同完成，必须设计一套高效的、安全的工作流.针对这一情况，在基于任务角色的访问控制策略基础上，添加时间、空间、上下文等属性约束，构建多约束安全工作流模型并将其应用于漏洞管理流程.实践表明，流程可覆盖漏洞全生命周期管理，确保相关人员权责统一.同时，流程能轻松完成对数据及时定位、处理、分析和存档，使漏洞管理全过程可追踪、可回溯.关键词漏洞管理；安全工作流；全生命周期管理；细粒度访问控制；网络安全

关键词: 漏洞管理, 安全工作流, 全生命周期管理, 细粒度访问控制, 网络安全