The Consistency of Task-Based Authorization Constraints in Workflow Systems

Authors:
Kaijun Tan;Jason Crampton;Carl A. Gunter
Affiliations:
University of Pennsylvania;University of London;University of Pennsylvania
Venue:
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Year:
2004

Citing 0
Cited 28

A reference monitor for workflow systems with constrained task execution

Proceedings of the tenth ACM symposium on Access control models and technologies
Inter-instance authorization constraints for secure workflow management

Proceedings of the eleventh ACM symposium on Access control models and technologies
Using a temporal constraint network for business process execution

ADC '06 Proceedings of the 17th Australasian Database Conference - Volume 49
On mutually exclusive roles and separation-of-duty

ACM Transactions on Information and System Security (TISSEC)
Task-based entailment constraints for basic workflow patterns

Proceedings of the 13th ACM symposium on Access control models and technologies
Beyond separation of duty: An algebra for specifying high-level security policies

Journal of the ACM (JACM)
On the Security of Delegation in Access Control Systems

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Verification of Business Process Entailment Constraints Using SPIN

ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
A transformation approach for security enhanced business processes

SE '08 Proceedings of the IASTED International Conference on Software Engineering
Deriving XACML policies from business process models

WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Modeling of task-based authorization constraints in BPMN

BPM'07 Proceedings of the 5th international conference on Business process management
Satisfiability and Resiliency in Workflow Authorization Systems

ACM Transactions on Information and System Security (TISSEC)
Generic algorithms for consistency checking of mutual-exclusion and binding constraints in a business process context

OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Modeling process-related RBAC models with extended UML activity models

Information and Software Technology
Process compliance analysis based on behavioural profiles

Information Systems
Detecting and resolving conflicts of mutual-exclusion and binding constraints in a business process context

OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
Verifying BPEL workflows under authorisation constraints

BPM'06 Proceedings of the 4th international conference on Business Process Management
Trust-Based secure workflow path construction

ICSOC'05 Proceedings of the Third international conference on Service-Oriented Computing
Modeling and mining of learnflows

Transactions on Petri Nets and Other Models of Concurrency V
Performance analysis for workflow management systems under role-based authorization control

GPC'12 Proceedings of the 7th international conference on Advances in Grid and Pervasive Computing
Satisfiability and resiliency in workflow systems

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
PASOAC-Net: a petri-net model to manage authorization in service-based business process

ICSOC'12 Proceedings of the 10th international conference on Service-Oriented Computing
Comprehensive rule-based compliance checking and risk management with process mining

Decision Support Systems
Generic support for RBAC break-glass policies in process-aware information systems

Proceedings of the 28th Annual ACM Symposium on Applied Computing
A novel approach for dynamic authorisation planning in constrained workflow systems

Proceedings of the 6th International Conference on Security of Information and Networks
Enforcement of entailment constraints in distributed service-based business processes

Information and Software Technology
Modelling context-aware RBAC models for mobile business processes

International Journal of Wireless and Mobile Computing
A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions

Information and Software Technology

Quantified Score

Hi-index	0.01

Visualization

Abstract

Workflow management systems (WFMSs) have attracteda lot of interest both in academia and the business community.A workflow consists of a collection of tasks that areorganized to facilitate some business process specification.To simplify the complexity of security administration, it iscommon to use role-based access control (RBAC) to grantauthorization to roles and users. Typically, security policiesare expressed as constraints on users, roles, tasks and theworkflow itself. A workflow system can become very complexand involve several organizations or different units ofan organization, thus the number of security policies may bevery large and their interactions very complex. It is clearlyimportant to know whether the existence of such constraintswill prevent certain instances of the workflow from completing.Unfortunately, no existing constraint models have consideredthis problem satisfactorily.In this paper we define a model for constrained workflowsystems that includes local and global cardinality constraints,separation of duty constraints and binding of dutyconstraints. We define the notion of a workflow specificationand of a constrained workflow authorization schema.Our main result is to establish necessary and sufficient conditionsfor the set of constraints that ensure a sound constrainedworkflow authorization schema, that is, for anyuser or any role who are authorized to a task, there is atleast one complete workflow instance when this user or thisrole executes this task.