An overview of workflow management: from process modeling to workflow automation infrastructure
Distributed and Parallel Databases - Special issue on software support for work flow management
Role-Based Access Control Models
Computer
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Injecting RBAC to secure a Web-based workflow system
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Protection in operating systems
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A Chinese wall security model for decentralized workflow systems
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Operating System Concepts
Access Rights Administration in Role-Based Security Systems
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Role-based access control for collaborative enterprise in peer-to-peer computing environments
Proceedings of the eighth ACM symposium on Access control models and technologies
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Tools to Support Secure Enterprise Computing
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Napoleon: A Recipe for Workflow
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Dynamic access control through Petri net workflows
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Specifying Application-level Security in Workflow Systems
DEXA '98 Proceedings of the 9th International Workshop on Database and Expert Systems Applications
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
A Secure Transaction Environment for Workflows in Distributed Systems
ICPADS '01 Proceedings of the Eighth International Conference on Parallel and Distributed Systems
Multi-Version Attack Recovery for Workflow Systems
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Traceability and integrity of execution in distributed workflow management systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
This paper proposes a model for access control within workflows. It is based on access control lists (ACLs) and is named WfACL ACL-based access control model for workflows). WfACL prevents information leakage within workflows that may execute among competing organizations. Its objective is threefold. First, it prevents an organization that executes a workflow from leaking its information to other organizations. Second, it prevents information leakage among competing organizations. Third, it prevents information leakage within an organization. In addition to achieving the objective, WfACL offers the following features: (a) managing dynamic role association change, (b) managing dynamic role change, (c) avoiding indirect information leakage, (d) detailing the control granularity to roles, and (e) controlling both read and write access. We embedded WfACL in a rule-based workflow language WfACLL and implemented a prototype environment WfACLE. We evaluated WfACL using WfACLL and WfACLE. The evaluation result is also shown in this paper.