Communicating sequential processes
Communicating sequential processes
Role-Based Access Control Models
Computer
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
Modeling and Analyzing Separation of Duties in Workflow Environments
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
WMP '00 Proceedings of the Workshop on Multiset Processing: Multiset Processing, Mathematical, Computer Science, and Molecular Computing Points of View
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Beyond separation of duty: An algebra for specifying high-level security policies
Journal of the ACM (JACM)
A process-algebraic approach to workflow specification and refinement
SC'07 Proceedings of the 6th international conference on Software composition
Proceedings of the 15th ACM symposium on Access control models and technologies
Separation of duties as a service
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Strong non-leak guarantees for workflow models
Proceedings of the 2011 ACM Symposium on Applied Computing
From ASTD access control policies to WS-BPEL processes deployed in a SOA environment
WISS'10 Proceedings of the 2010 international conference on Web information systems engineering
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Dynamic enforcement of abstract separation of duty constraints
ACM Transactions on Information and System Security (TISSEC)
Enforcing ASTD Access-Control Policies with WS-BPEL Processes in SOA Environments
International Journal of Systems and Service-Oriented Engineering
Hi-index | 0.00 |
Separation of Duties (SoD) aims to prevent fraud and errors by distributing tasks and associated privileges among multiple users. Li and Wang proposed an algebra (SoDA) for specifying SoD requirements, which is both expressive in the requirements it formalizes and abstract in that it is not bound to any specific workflow model. In this paper, we both generalize SoDA and map it to enforcement mechanisms. First, we increase SoDA's expressiveness by extending its semantics to multisets. This better suits policy enforcement over workflows, where users may execute multiple tasks. Second, we further generalize SoDA to allow for changing role assignments. This lifts the strong restriction that authorizations do not change during workflow execution. Finally, we map SoDA terms to CSP processes, taking advantage of CSP's operational semantics to provide the critical link between abstract specifications of SoD requirements by SoDA terms and runtime-enforcement mechanisms.