A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
Inter-instance authorization constraints for secure workflow management
Proceedings of the eleventh ACM symposium on Access control models and technologies
Using a temporal constraint network for business process execution
ADC '06 Proceedings of the 17th Australasian Database Conference - Volume 49
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
Beyond separation of duty: An algebra for specifying high-level security policies
Journal of the ACM (JACM)
On the Security of Delegation in Access Control Systems
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
A transformation approach for security enhanced business processes
SE '08 Proceedings of the IASTED International Conference on Software Engineering
Deriving XACML policies from business process models
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Process compliance analysis based on behavioural profiles
Information Systems
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
Verifying BPEL workflows under authorisation constraints
BPM'06 Proceedings of the 4th international conference on Business Process Management
Trust-Based secure workflow path construction
ICSOC'05 Proceedings of the Third international conference on Service-Oriented Computing
Modeling and mining of learnflows
Transactions on Petri Nets and Other Models of Concurrency V
Performance analysis for workflow management systems under role-based authorization control
GPC'12 Proceedings of the 7th international conference on Advances in Grid and Pervasive Computing
Satisfiability and resiliency in workflow systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
PASOAC-Net: a petri-net model to manage authorization in service-based business process
ICSOC'12 Proceedings of the 10th international conference on Service-Oriented Computing
Comprehensive rule-based compliance checking and risk management with process mining
Decision Support Systems
Generic support for RBAC break-glass policies in process-aware information systems
Proceedings of the 28th Annual ACM Symposium on Applied Computing
A novel approach for dynamic authorisation planning in constrained workflow systems
Proceedings of the 6th International Conference on Security of Information and Networks
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Modelling context-aware RBAC models for mobile business processes
International Journal of Wireless and Mobile Computing
Information and Software Technology
Hi-index | 0.01 |
Workflow management systems (WFMSs) have attracteda lot of interest both in academia and the business community.A workflow consists of a collection of tasks that areorganized to facilitate some business process specification.To simplify the complexity of security administration, it iscommon to use role-based access control (RBAC) to grantauthorization to roles and users. Typically, security policiesare expressed as constraints on users, roles, tasks and theworkflow itself. A workflow system can become very complexand involve several organizations or different units ofan organization, thus the number of security policies may bevery large and their interactions very complex. It is clearlyimportant to know whether the existence of such constraintswill prevent certain instances of the workflow from completing.Unfortunately, no existing constraint models have consideredthis problem satisfactorily.In this paper we define a model for constrained workflowsystems that includes local and global cardinality constraints,separation of duty constraints and binding of dutyconstraints. We define the notion of a workflow specificationand of a constrained workflow authorization schema.Our main result is to establish necessary and sufficient conditionsfor the set of constraints that ensure a sound constrainedworkflow authorization schema, that is, for anyuser or any role who are authorized to a task, there is atleast one complete workflow instance when this user or thisrole executes this task.