Role-Based Access Control Models
Computer
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
Supporting conditional delegation in secure workflow management systems
Proceedings of the tenth ACM symposium on Access control models and technologies
Inter-instance authorization constraints for secure workflow management
Proceedings of the eleventh ACM symposium on Access control models and technologies
Resiliency policies in access control
Proceedings of the 13th ACM conference on Computer and communications security
Parameterized Complexity
Delegation and satisfiability in workflow systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
Beyond separation of duty: An algebra for specifying high-level security policies
Journal of the ACM (JACM)
On the Security of Delegation in Access Control Systems
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Authorization and User Failure Resiliency for WS-BPEL Business Processes
ICSOC '08 Proceedings of the 6th International Conference on Service-Oriented Computing
Resiliency Policies in Access Control
ACM Transactions on Information and System Security (TISSEC)
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Towards Trustworthy Delegation in Role-Based Access Control Model
ISC '09 Proceedings of the 12th International Conference on Information Security
Analysis of privacy and security policies
IBM Journal of Research and Development
Integrating constraints to support legally flexible business processes
Information Systems Frontiers
Proactive defense of insider threats through authorization management
Proceedings of 2011 international workshop on Ubiquitous affective awareness and intelligent interaction
An auto-delegation mechanism for access control systems
STM'10 Proceedings of the 6th international conference on Security and trust management
InDico: information flow analysis of business processes for confidentiality requirements
STM'10 Proceedings of the 6th international conference on Security and trust management
Quantitative access control with partially-observable Markov decision processes
Proceedings of the second ACM conference on Data and Application Security and Privacy
Hi-index | 0.00 |
We propose the role-and-relation-based access control (R2BAC) model for workflow systems. In R2BAC, in addition to a user's role memberships, the user's relationships with other users help determine whether the user is allowed to perform a certain step in a workflow. For example, a constraint may require that two steps must not be performed by users who have a conflict of interest. We also study the workflow satisfiability problem, which asks whether a set of users can complete a workflow. We show that the problem is NP-complete for R2BAC, and is NP-complete for any workflow model that supports certain simple types of constraints (e.g., constraints that state certain two steps must be performed by two different users). After that, we apply tools from parameterized complexity theory to better understand the complexities of this problem. We show that the problem is fixed-parameter tractable when the only relations used are = and ≠, and is fixed-parameter intractable when user-defined binary relations can be used. Finally, we study the resiliency problem in workflow systems, which asks whether a workflow can be completed even if a number of users may be absent. We formally define three levels of resiliency in workflow systems, namely, static resiliency, decremental resiliency and dynamic resiliency, and study computational problems related to these notions of resiliency.