The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
SecureFlow: a secure Web-enabled workflow management system
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Modeling and analyzing separation of duties in workflow environments
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Visual Authorization Modeling in E-commerce Applications
IEEE MultiMedia
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
MDA Explained: The Model Driven Architecture: Practice and Promise
MDA Explained: The Model Driven Architecture: Practice and Promise
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Access Control and Authorization Constraints for WS-BPEL
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Access Control of XML Documents and Business Rule Processing for Advanced Information Exchange
ICKS '07 Proceedings of the Second International Conference on Informatics Research for Development of Knowledge Society Infrastructure
On the suitability of BPMN for business process modelling
BPM'06 Proceedings of the 4th international conference on Business Process Management
Workflow resource patterns: identification, representation and tool support
CAiSE'05 Proceedings of the 17th international conference on Advanced Information Systems Engineering
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
A policy-based authorization model for workflow-enabled dynamic process management
Journal of Network and Computer Applications
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
A transformation approach for security enhanced business processes
SE '08 Proceedings of the IASTED International Conference on Software Engineering
Deriving XACML policies from business process models
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
An XACML extension for business process-centric access control policies
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Information and Software Technology
Reinforcement learning based resource allocation in business process management
Data & Knowledge Engineering
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Process compliance analysis based on behavioural profiles
Information Systems
Enforcing access control in workflow systems with a task engineering approach
International Journal of Internet Technology and Secured Transactions
Artifact-Centric modeling using BPMN
ICSOC'11 Proceedings of the 2011 international conference on Service-Oriented Computing
Proceedings of the Workshop on Model-Driven Security
Modelling context-aware RBAC models for mobile business processes
International Journal of Wireless and Mobile Computing
Information and Software Technology
| Hi-index | 0.00 |
Workflows model and control the execution of business processes inan organisation by defining a set of tasks to be done. The specification of workflowsis well-elaborated and heavily tool supported. Task-based access control istailored to specify authorization constraints for task allocation in workflows. Existingworkflow modeling notations do not support the description of authorizationconstraints for task allocation commonly referred to as resource allocationpatterns. In this paper we propose an extension for the Business Process Modeling Notation(BPMN) to express such authorizations within the workflow model, enablingthe support of resource allocation pattern, such as Separation of Duty,Role-Based Allocation, Case Handling, or History-Based Allocation in BPMN.These pattern allow to specify authorization constraints, for instance role-task assignments,separation of duty, and binding of duty constraints. Based on a formalapproach we develop an authorization constraint artifact for BPMN to describesuch constraints. As a pragmatic demonstration of the feasibility of our proposed extensionwe model authorization constraints inspired by a real world banking workflowscenario. In the course of this paper we identify several aspects of future workrelated to verification and consistency analysis of modeled authorization constraints,tool-supported and pattern-driven authorization constraint description,and automatic derivation of authorization policies, such as defined by the eXtensibleAccess Control Markup Language (XACML).