The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Distributed and Parallel Databases
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
ProActive Access Control for Business Process-Driven Environments
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Digraphs: Theory, Algorithms and Applications
Digraphs: Theory, Algorithms and Applications
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
Relationship-based access control: protection model and policy language
Proceedings of the first ACM conference on Data and application security and privacy
Obstruction-Free Authorization Enforcement: Aligning Security with Business Objectives
CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
Model checking of security-sensitive business processes
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Optimal workflow-aware authorizations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Automated analysis of infinite state workflows with access control policies
STM'11 Proceedings of the 7th international conference on Security and Trust Management
On the parameterized complexity of the workflow satisfiability problem
Proceedings of the 2012 ACM conference on Computer and communications security
On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
A workflow specification defines a set of steps and the order in which those steps must be executed. Security requirements and business rules may impose constraints on which users are permitted to perform those steps. A workflow specification is said to be satisfiable if there exists an assignment of authorized users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. We develop new methods for determining workflow satisfiability based on the concept of constraint expressions, which were introduced recently by Khan and Fong. These methods are surprising versatile, enabling us to develop algorithms for, and determine the complexity of, a number of different problems related to workflow satisfiability.