Role-Based Access Control Models
Computer
Constraints for role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
Constraint generation for separation of duty
Proceedings of the eleventh ACM symposium on Access control models and technologies
Inter-instance authorization constraints for secure workflow management
Proceedings of the eleventh ACM symposium on Access control models and technologies
Resiliency policies in access control
Proceedings of the 13th ACM conference on Computer and communications security
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Resiliency Policies in Access Control
ACM Transactions on Information and System Security (TISSEC)
Parameterized Complexity
Program synthesis in administration of higher-order permissions
Proceedings of the 16th ACM symposium on Access control models and technologies
Modeling and analyzing the impact of authorization on workflow executions
Future Generation Computer Systems
Optimal workflow-aware authorizations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Automated analysis of infinite state workflows with access control policies
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Performance analysis for workflow management systems under role-based authorization control
GPC'12 Proceedings of the 7th international conference on Advances in Grid and Pervasive Computing
On the parameterized complexity of the workflow satisfiability problem
Proceedings of the 2012 ACM conference on Computer and communications security
Allocating Resources for Workflows Running under Authorization Control
GRID '12 Proceedings of the 2012 ACM/IEEE 13th International Conference on Grid Computing
Constraint expressions and workflow satisfiability
Proceedings of the 18th ACM symposium on Access control models and technologies
On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem
ACM Transactions on Information and System Security (TISSEC)
A novel approach for dynamic authorisation planning in constrained workflow systems
Proceedings of the 6th International Conference on Security of Information and Networks
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Information and Software Technology
Hi-index | 0.00 |
We propose the role-and-relation-based access control (R2BAC) model for workflow authorization systems. In R2BAC, in addition to a user’s role memberships, the user’s relationships with other users help determine whether the user is allowed to perform a certain step in a workflow. For example, a constraint may require that two steps must not be performed by users who have conflicts of interests. We study computational complexity of the workflow satisfiability problem, which asks whether a set of users can complete a workflow. In particular, we apply tools from parameterized complexity theory to better understand the complexities of this problem. Furthermore, we reduce the workflow satisfiability problem to SAT and apply SAT solvers to address the problem. Experiments show that our algorithm can solve instances of reasonable size efficiently. Finally, it is sometimes not enough to ensure that a workflow can be completed in normal situations. We study the resiliency problem in workflow authorization systems, which asks whether a workflow can be completed even if a number of users may be absent. We formally define three levels of resiliency in workflow systems and study computational problems related to these notions of resiliency.