The well-founded semantics for general logic programs
Journal of the ACM (JACM)
An overview of workflow management: from process modeling to workflow automation infrastructure
Distributed and Parallel Databases - Special issue on software support for work flow management
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
On an algebra for historical relational databases: two views
SIGMOD '85 Proceedings of the 1985 ACM SIGMOD international conference on Management of data
Analysing the Safety of Workflow Authorization Models
Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
On the Security of Delegation in Access Control Systems
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
Automated analysis of infinite state workflows with access control policies
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Satisfiability and resiliency in workflow systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Definition and enactment of instance-spanning process constraints
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Supporting Secure Information Flow: An Engineering Approach
International Journal of e-Collaboration
Towards a dynamic authorisation planning satisfying intra-instance and inter-instance constraints
Proceedings of the 6th International Conference on Security of Information and Networks
Modelling context-aware RBAC models for mobile business processes
International Journal of Wireless and Mobile Computing
Information and Software Technology
| Hi-index | 0.00 |
Work flows model and control the execution of business process in an organization. They are typically comprised of tasks or logical steps in the business process. To mitigate the ability of insiders to commit fraud, care should be taken that people authorized to perform critical tasks cannot collude. This is typically done through the specification of separation of duty (SOD)constraints. SOD constraints impose restrictions on which users or roles can be assigned to tasks and have been discussed widely in the research literature in the context of a single work flow instance. In this paper, we argue that SOD constraints that span multiple instances of a work flow also need to be considered to mitigate the security fraud. To this end, we extend the notion of SOD to include constraints that span multiple executing instances of a work flow and constraints that also take into consideration the history of completed work flow instances. We present a constraint specification language to specify the inter-instance constraints and propose methodologies to identify the cases in which certain SOD specifications would result in an anomaly. Specifically, we identify 3 types of anomalies, namely, inconsistency, depletion anomaly and overlapping anomaly The identification and rectification of anomalies are done at both the work flow specification time as well as at runtime,as appropriate,so that users can be assigned to tasks in a consistent manner.