Role-based authorizations for workflow systems in support of task-based separation of duty

Authors:
Duen-Ren Liu;Mei-Yu Wu;Shu-Teng Lee
Affiliations:
Institute of Information Management, National Chiao Tung University, 1001 Ta Hseuh Road, Hsinchu 300, Taiwan;Institute of Information Management, National Chiao Tung University, 1001 Ta Hseuh Road, Hsinchu 300, Taiwan;Institute of Information Management, National Chiao Tung University, 1001 Ta Hseuh Road, Hsinchu 300, Taiwan
Venue:
Journal of Systems and Software
Year:
2004

Citing 13
Cited 4

An overview of workflow management: from process modeling to workflow automation infrastructure

Distributed and Parallel Databases - Special issue on software support for work flow management
Role-Based Access Control Models

Computer
Implementing role-based access control using object technology

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
SecureFlow: a secure Web-enabled workflow management system

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Injecting RBAC to secure a Web-based workflow system

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Access control mechanisms for inter-organizational workflow

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A Chinese wall security model for decentralized workflow systems

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
An integrated approach to distributed version management and role-based access control in computer supported collaborative writing

Journal of Systems and Software
Workflow and Process Automation: Concepts and Technology

Workflow and Process Automation: Concepts and Technology
An Authorization Model for Workflows

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Multifunctional Smart Cards for Electronic Commerce-Application of the Role and Task-Based Security Model

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Separation of Duty in Role-based Environments

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations

A Rule-Based Framework Using Role Patterns for Business Process Compliance

RuleML '08 Proceedings of the International Symposium on Rule Representation, Interchange and Reasoning on the Web
A Flexible Access Control Model for Dynamic Workflow Using Extended WAM and RBAC

Computer Supported Cooperative Work in Design IV
Conceptual model for online auditing

Decision Support Systems
Balancing flexibility and security in adaptive process management systems

OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I

Quantified Score

Hi-index	0.00

Visualization

Abstract

Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work analyzes and defines several duty-conflict relationships among tasks, and designs authorization rules to enforce SoD constraints based on the analysis. A novel authorization model that incorporates authorization rules is then proposed to support the planning of assigning tasks to roles/users, and the run-time activation of tasks. Different from existing work, the proposed authorization model considers the AND/XOR split structures of workflows and execution dependency among tasks to enforce separation of duties in assigning tasks to roles/users. A prototype system is developed to realize the effectiveness of the proposed authorization model.