Preventing information leakage within workflows that execute among competing organizations

Authors:
Shih-Chien Chou;An-Feng Liu;Chien-Jung Wu
Affiliations:
Department of Computer Science and Information Engineering, Natioanl Dong Hwa University, 1 Section 2, Da Hsueh Road, Shou, Hualien 974, Taiwan;Department of Computer Science and Information Engineering, Natioanl Dong Hwa University, 1 Section 2, Da Hsueh Road, Shou, Hualien 974, Taiwan;Department of Computer Science and Information Engineering, Natioanl Dong Hwa University, 1 Section 2, Da Hsueh Road, Shou, Hualien 974, Taiwan
Venue:
Journal of Systems and Software - Special issue: Software engineering education and training
Year:
2005

Citing 26
Cited 1

An overview of workflow management: from process modeling to workflow automation infrastructure

Distributed and Parallel Databases - Special issue on software support for work flow management
Role-Based Access Control Models

Computer
A decentralized model for information flow control

Proceedings of the sixteenth ACM symposium on Operating systems principles
A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Unified Modeling Language reference manual

The Unified Modeling Language reference manual
The ARBAC97 model for role-based administration of roles

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Injecting RBAC to secure a Web-based workflow system

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Protection in operating systems

Communications of the ACM
Protecting privacy using the decentralized label model

ACM Transactions on Software Engineering and Methodology (TOSEM)
Access control mechanisms for inter-organizational workflow

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A Chinese wall security model for decentralized workflow systems

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Operating System Concepts

Operating System Concepts
Access Rights Administration in Role-Based Security Systems

Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management

Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Role Hierarchies and Constraints for Lattice-Based Access Controls

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Role-based access control for collaborative enterprise in peer-to-peer computing environments

Proceedings of the eighth ACM symposium on Access control models and technologies
Model driven security for process-oriented systems

Proceedings of the eighth ACM symposium on Access control models and technologies
Role-Based Access Control Framework for Network Enterprises

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Tools to Support Secure Enterprise Computing

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Napoleon: A Recipe for Workflow

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Dynamic access control through Petri net workflows

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Specifying Application-level Security in Workflow Systems

DEXA '98 Proceedings of the 9th International Workshop on Database and Expert Systems Applications
A secure workflow model

ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
A Secure Transaction Environment for Workflows in Distributed Systems

ICPADS '01 Proceedings of the Eighth International Conference on Parallel and Distributed Systems
Multi-Version Attack Recovery for Workflow Systems

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference

Traceability and integrity of execution in distributed workflow management systems

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a model for access control within workflows. It is based on access control lists (ACLs) and is named WfACL ACL-based access control model for workflows). WfACL prevents information leakage within workflows that may execute among competing organizations. Its objective is threefold. First, it prevents an organization that executes a workflow from leaking its information to other organizations. Second, it prevents information leakage among competing organizations. Third, it prevents information leakage within an organization. In addition to achieving the objective, WfACL offers the following features: (a) managing dynamic role association change, (b) managing dynamic role change, (c) avoiding indirect information leakage, (d) detailing the control granularity to roles, and (e) controlling both read and write access. We embedded WfACL in a rule-based workflow language WfACLL and implemented a prototype environment WfACLE. We evaluated WfACL using WfACLL and WfACLE. The evaluation result is also shown in this paper.