Security policies in distributed CSCW and workflow systems

Authors:
Tanvir Ahmed;Anand R. Tripathi
Affiliations:
Database Security Group, Oracle Corporation, Redwood City, CA;University of Minnesota, Minneapolis, MN
Venue:
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Year:
2010

Citing 53
Cited 0

Data sharing in group work

ACM Transactions on Information Systems (TOIS)
The SeaView Security Model

IEEE Transactions on Software Engineering
Groupware: some issues and experiences

Communications of the ACM
Designing for cooperation: cooperating in design

Communications of the ACM
Cooperation, coordination and control in computer-supported work

Communications of the ACM
Learning from Notes: organizational issues in groupware implementation

CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Design for dynamic user-role-based security

Computers and Security
Virtual individuals, virtual groups: human dimensions of groupware and computer networking

Virtual individuals, virtual groups: human dimensions of groupware and computer networking
Techniques for addressing fundamental privacy and disruption tradeoffs in awareness support systems

CSCW '96 Proceedings of the 1996 ACM conference on Computer supported cooperative work
The Model Checker SPIN

IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Reconciling role based management and role based access control

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Controlling access in multiuser interfaces

ACM Transactions on Computer-Human Interaction (TOCHI)
A distributed trust model

NSPW '97 Proceedings of the 1997 workshop on New security paradigms
A new paradigm for trusted systems

NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
Role activation hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Towards a more complete model of role

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Designing for the dynamics of cooperative work activities

CSCW '98 Proceedings of the 1998 ACM conference on Computer supported cooperative work
The role graph model and conflict of interest

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
SecureFlow: a secure Web-enabled workflow management system

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Designing to support adversarial collaboration

CSCW '00 Proceedings of the 2000 ACM conference on Computer supported cooperative work
Protection in operating systems

Communications of the ACM
A note on the confinement problem

Communications of the ACM
Protecting privacy using the decentralized label model

ACM Transactions on Software Engineering and Methodology (TOSEM)
Role-based authorization constraints specification

ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models

ACM Transactions on Information and System Security (TISSEC)
Temporal hierarchies and inheritance semantics for GTRBAC

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Privacy protection, control of information, and privacy-enhancing technologies

ACM SIGCAS Computers and Society
A model of OASIS role-based access control and its support for active security

ACM Transactions on Information and System Security (TISSEC)
Safety versus Secrecy

SAS '99 Proceedings of the 6th International Symposium on Static Analysis
Introduction

Communications of the ACM - E-services: a cornucopia of digital offerings ushers in the next Net-based evolution
Access Control for Active Spaces

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Separation of Duty in Role-based Environments

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Design of a Policy-Driven Middleware for Secure Distributed Collaboration

ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Specification of Secure Distributed Collaboration Systems

ISADS '03 Proceedings of the The Sixth International Symposium on Autonomous Decentralized Systems (ISADS'03)
Engineering of Role/Permission Assignments

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
The Typed Access Matrix Model

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Trust Relationships in Secure Systems-A Distributed Authentication Perspective

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Decentralized Trust Management

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A security policy model for clinical information systems

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A general theory of security properties

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Trust in the λ-calculus

Journal of Functional Programming
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Policy-based design of secure distributed collaboration systems

Policy-based design of secure distributed collaboration systems
A grounded theory of information sharing behavior in a personal learning space

CSCW '06 Proceedings of the 2006 20th anniversary conference on Computer supported cooperative work
Context-aware telephony: privacy preferences and sharing patterns

CSCW '06 Proceedings of the 2006 20th anniversary conference on Computer supported cooperative work
Specification and verification of security requirements in a programming model for decentralized CSCW systems

ACM Transactions on Information and System Security (TISSEC)
A Practical Synthesis of Dynamic Role Settings in Telecare Services

ICDS '07 Proceedings of the First International Conference on the Digital Society
Formal Models of Capability-Based Protection Systems

IEEE Transactions on Computers
Context-aware role-based access control in pervasive computing systems

Proceedings of the 13th ACM symposium on Access control models and technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, multiuser collaboration systems are categorized into two groups--computer-supported cooperative work (CSCW) and workflow systems--based on a historic perspective of their introduction and on their emphasis on user- or process-centric interactions. The goal of the survey is to identify distinct security requirements--related to availability, integrity, confidentiality and privacy, and access leakage--of these systems. Existing role-based security models and their limitations to express security policies in distributed CSCW and workflow systems are presented. Last, we present an overview of a framework that we have developed to specify, verify, and enforce security policies in distributed CSCW systems.