Satisfiability and Resiliency in Workflow Authorization Systems

Authors:
Qihua Wang;Ninghui Li
Affiliations:
IBM Almaden Research Center;Purdue University
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
2010

Citing 20
Cited 13

Role-Based Access Control Models

Computer
Constraints for role-based access control

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
On the increasing importance of constraints

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The RSL99 language for role-based separation of duty constraints

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An access control model for simplifying constraint expression

Proceedings of the 7th ACM conference on Computer and communications security
Role-based authorization constraints specification

ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models

ACM Transactions on Information and System Security (TISSEC)
An Authorization Model for Workflows

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Specifying and enforcing constraints in role-based access control

Proceedings of the eighth ACM symposium on Access control models and technologies
Separation of Duty in Role-based Environments

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
The Consistency of Task-Based Authorization Constraints in Workflow Systems

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A reference monitor for workflow systems with constrained task execution

Proceedings of the tenth ACM symposium on Access control models and technologies
Constraint generation for separation of duty

Proceedings of the eleventh ACM symposium on Access control models and technologies
Inter-instance authorization constraints for secure workflow management

Proceedings of the eleventh ACM symposium on Access control models and technologies
Resiliency policies in access control

Proceedings of the 13th ACM conference on Computer and communications security
On mutually exclusive roles and separation-of-duty

ACM Transactions on Information and System Security (TISSEC)
Efficient policy analysis for administrative role based access control

Proceedings of the 14th ACM conference on Computer and communications security
Resiliency Policies in Access Control

ACM Transactions on Information and System Security (TISSEC)
Parameterized Complexity

Parameterized Complexity

Program synthesis in administration of higher-order permissions

Proceedings of the 16th ACM symposium on Access control models and technologies
Modeling and analyzing the impact of authorization on workflow executions

Future Generation Computer Systems
Optimal workflow-aware authorizations

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
A framework for verification and optimal reconfiguration of event-driven role based access control policies

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Automated analysis of infinite state workflows with access control policies

STM'11 Proceedings of the 7th international conference on Security and Trust Management
Performance analysis for workflow management systems under role-based authorization control

GPC'12 Proceedings of the 7th international conference on Advances in Grid and Pervasive Computing
On the parameterized complexity of the workflow satisfiability problem

Proceedings of the 2012 ACM conference on Computer and communications security
Allocating Resources for Workflows Running under Authorization Control

GRID '12 Proceedings of the 2012 ACM/IEEE 13th International Conference on Grid Computing
Constraint expressions and workflow satisfiability

Proceedings of the 18th ACM symposium on Access control models and technologies
On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem

ACM Transactions on Information and System Security (TISSEC)
A novel approach for dynamic authorisation planning in constrained workflow systems

Proceedings of the 6th International Conference on Security of Information and Networks
Enforcement of entailment constraints in distributed service-based business processes

Information and Software Technology
A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions

Information and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose the role-and-relation-based access control (R2BAC) model for workflow authorization systems. In R2BAC, in addition to a user’s role memberships, the user’s relationships with other users help determine whether the user is allowed to perform a certain step in a workflow. For example, a constraint may require that two steps must not be performed by users who have conflicts of interests. We study computational complexity of the workflow satisfiability problem, which asks whether a set of users can complete a workflow. In particular, we apply tools from parameterized complexity theory to better understand the complexities of this problem. Furthermore, we reduce the workflow satisfiability problem to SAT and apply SAT solvers to address the problem. Experiments show that our algorithm can solve instances of reasonable size efficiently. Finally, it is sometimes not enough to ensure that a workflow can be completed in normal situations. We study the resiliency problem in workflow authorization systems, which asks whether a workflow can be completed even if a number of users may be absent. We formally define three levels of resiliency in workflow systems and study computational problems related to these notions of resiliency.