Policy resolution in workflow management systems
Digital Technical Journal
Computational Issues in Secure Interoperation
IEEE Transactions on Software Engineering
Scheduling workforce and workflow in a high volume factory
Management Science
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Queueing networks and Markov chains: modeling and performance evaluation with computer science applications
Modeling and Analysis of Workflows Using Petri Nets
Journal of Intelligent Information Systems - Special issue on workflow management systems
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Optimistic security: a new access control paradigm
Proceedings of the 1999 workshop on New security paradigms
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Workflow Modeling: Tools for Process Improvement and Application Development
Workflow Modeling: Tools for Process Improvement and Application Development
Computers and Intractability; A Guide to the Theory of NP-Completeness
Computers and Intractability; A Guide to the Theory of NP-Completeness
Authorization and Access Control of Application Data in Workflow Systems
Journal of Intelligent Information Systems - Special issue: A survey of research questions for intelligent information systems in education
Managing Workflow Authorization Constraints through Active Database Technology
Information Systems Frontiers
Workflow Optimization through Task Redesign in Business Information Processes
HICSS '98 Proceedings of the Thirty-First Annual Hawaii International Conference on System Sciences - Volume 1
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
Workflow Management: Models, Methods, and Systems
Workflow Management: Models, Methods, and Systems
Privacy risk models for designing privacy-sensitive ubiquitous computing systems
DIS '04 Proceedings of the 5th conference on Designing interactive systems: processes, practices, methods, and techniques
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
Access control in collaborative systems
ACM Computing Surveys (CSUR)
Chinese wall security for decentralized workflow management systems
Journal of Computer Security - Special issue on ACM conference on computer and communications security, 2001
Minimizing Information Loss and Preserving Privacy
Management Science
Specification, planning, and execution of QoS-aware Grid workflows within the Amadeus environment
Concurrency and Computation: Practice & Experience - First International Workshop on Workflow Systems in Grid Environments (WSGE2006)
Scientific Programming - Scientific Workflows
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Collaborative business and data privacy: Toward a cyber-control?
Computers in Industry - Special issue: The digital factory: an instrument of the present and the future
Personal schedules for workflow systems
BPM'03 Proceedings of the 2003 international conference on Business process management
Fundamentals of Queueing Theory
Fundamentals of Queueing Theory
Secure electronic markets for private information
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Hi-index | 0.00 |
Our work addresses internal information breaches that emanate from organizational workflows. Information breaches are particularly piquant in organizational workflows, as the underlying tasks constitute natural points where private information on individuals is accessed to execute the workflows. Our work builds on and extends the widely used role-based access controls by considering processwide security considerations to both optimize the efficiency of workflow staffing and minimize data exposure in complex workflows. We employ a Jackson queueing network modeling framework, which allows both predictable and stochastic variability as well as varied employee skill sets. This framework enables the modeling of internal security threats that emanate from cross-task and cross-personnel assignments and the development of optimal staffing strategies that meet security requirements at minimum operational costs. Our detailed implementation analysis reveals that the model developed is not demanding in terms of required parameters and that the proposed approach is practical and adaptable to evolving business, regulatory, and workforce conditions. Our model is applicable to any digital transformation that involves confidential data sequences that carry security vulnerability, as is often the case in many settings such as health care, online banking, electronic payment systems, and interorganizational data interchange.