An overview of workflow management: from process modeling to workflow automation infrastructure
Distributed and Parallel Databases - Special issue on software support for work flow management
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
SecureFlow: a secure Web-enabled workflow management system
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Modeling and analyzing separation of duties in workflow environments
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Distributed and Parallel Databases
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Integration of risk identification with business process models
Systems Engineering
Access Control and Authorization Constraints for WS-BPEL
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Beyond separation of duty: an algebra for specifying high-level security policies
Proceedings of the 13th ACM conference on Computer and communications security
YAWL: yet another workflow language
Information Systems
Deriving XACML policies from business process models
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Modeling control objectives for business process compliance
BPM'07 Proceedings of the 5th international conference on Business process management
On the suitability of BPMN for business process modelling
BPM'06 Proceedings of the 4th international conference on Business Process Management
Workflow resource patterns: identification, representation and tool support
CAiSE'05 Proceedings of the 17th international conference on Advanced Information Systems Engineering
Satisfiability and resiliency in workflow systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Enforcing access control in workflow systems with a task engineering approach
International Journal of Internet Technology and Secured Transactions
Generic support for RBAC break-glass policies in process-aware information systems
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Business process regulatory compliance management solution frameworks: a comparative evaluation
APCCM '12 Proceedings of the Eighth Asia-Pacific Conference on Conceptual Modelling - Volume 130
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Information and Software Technology
| Hi-index | 0.00 |
Access Control decisions are based on the authorisation policies defined for a system as well as observed context and behaviour when evaluating these constraints at runtime. Workflow management systems have been recognised as a primary source for defining authorisation policies at workflow designtime, as well as generating context at runtime. This paper analyses recent work in the workflow community regarding established control-flow patterns. We claim that there is an intrinsic relationship between these patterns and a set of task-based entailment constraints - such as Separation of Duty - that have been recently identified by the access control community. These constraints are based on a pre-determined partial order on sequence and parallel execution patterns. When, however, such an order does not exist, because of more complex control-flow patterns, ambiguous constraint evaluation situations will arise at workflow runtime. Accordingly, this paper reviews basic workflow patterns and identifies relationships between these and task-based entailment constraints. In addition, an analysis of possible runtime ambiguities that may arise from these relationships is presented. Our approach is based on recently developed techniques for visual constraint representation at a workflow design-time.