State-dependent security decisions for distributed object-systems

Authors:
Joachim Biskup;Thomas Leineweber
Affiliations:
University of Dortmund, 44221 Dortmund, Germany;University of Dortmund, 44221 Dortmund, Germany
Venue:
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Year:
2001

Citing 9
Cited 2

An overview of workflow management: from process modeling to workflow automation infrastructure

Distributed and Parallel Databases - Special issue on software support for work flow management
Role-Based Access Control Models

Computer
A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The WASA2 object-oriented workflow management system

SIGMOD '99 Proceedings of the 1999 ACM SIGMOD international conference on Management of data
A semantic-based execution model for multilevel secure workflows

Journal of Computer Security
A ticket-based access control architecture for object systems

Journal of Computer Security
About the Enforcement of State Dependent Specifications

Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
An Integration Model of Role-Based Access Control and Activity Based Access Control Using Task

Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions

Requirements for secure logging of decentralized cross-organizational workflow executions

OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems
Optimistic anonymous participation in inter-organizational workflow instances

ICISS'06 Proceedings of the Second international conference on Information Systems Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Distributed systems consist of many different objects, participating in distributed activity sequences. We present a system for state-dependent security decisions (SDSD), which can be used to specify and to enforce sets of allowed activity sequences. A specification is expressed as a protocol, which defines such a set as a regular language. The protocol is transformed into a finite automaton. Instantiated copies of the automaton are deployed by the actually participating objects, each of which has been wrapped by the SDSD-system with a security object. Knowing the automaton and based on additional control messages, the security objects can locally decide, whether a requested action is allowed or not. A running prototype implementing the SDSD-system is described, and its full integration into CORBA is outlined.