Optimal workflow-aware authorizations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
On the parameterized complexity of the workflow satisfiability problem
Proceedings of the 2012 ACM conference on Computer and communications security
Dynamic enforcement of abstract separation of duty constraints
ACM Transactions on Information and System Security (TISSEC)
Constraint expressions and workflow satisfiability
Proceedings of the 18th ACM symposium on Access control models and technologies
On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
Access control is fundamental in protecting information systems but it also poses an obstacle to achieving business objectives. We analyze this tradeoff and its avoidance in the context of systems modeled as workflows restricted by authorization constraints including those specifying Separation of Duty (SoD) and Binding of Duty (BoD).To begin with, we present a novel approach to scoping authorization constraints within workflows with loops and conditional execution. Afterwards, we consider enforcement's effects on business objectives. We identify the notion of obstruction, which generalizes deadlock within a system where access control is enforced, and we formulate the existence of an obstruction-free enforcement mechanism as a decision problem. We present lower and upper bounds for the complexity of this problem and also give an approximation algorithm that performs well when authorizations are equally distributed among users.