DW-RBAC: A formal security model of delegation and revocation in workflow systems

Authors:
Jacques Wainer;Akhil Kumar;Paulo Barthelmess
Affiliations:
Institute of Computing, State University of Campinas, Campinas, 13083-970 SP, Brazil;Smeal College of Business, Penn State University, University Park, PA 16802, USA;Department of Computer Science and Engineering, Oregon Health & Science University, Beaverton, OR 97006, USA
Venue:
Information Systems
Year:
2007

Citing 24
Cited 18

Role-Based Access Control Models

Computer
A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
SecureFlow: a secure Web-enabled workflow management system

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Injecting RBAC to secure a Web-based workflow system

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A model of OASIS role-based access control and its support for active security

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An authorization model for temporal and derived data: securing information portals

ACM Transactions on Information and System Security (TISSEC)
A model of OASIS role-based access control and its support for active security

ACM Transactions on Information and System Security (TISSEC)
Managing Workflow Authorization Constraints through Active Database Technology

Information Systems Frontiers
Resolving Conflicts in Authorization Delegations

ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
An Authorization Model for Workflows

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Study of Least Privilege in CapBasED-AMS

COOPIS '98 Proceedings of the 3rd IFCIS International Conference on Cooperative Information Systems
PBDM: a flexible delegation model in RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
Framework for role-based delegation models

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Constrained Delegation

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A rule-based framework for role-based delegation and revocation

ACM Transactions on Information and System Security (TISSEC)
Applying scheduling techniques to minimize the number of late jobs in workflow systems

Proceedings of the 2004 ACM symposium on Applied computing
Role-based cascaded delegation

Proceedings of the ninth ACM symposium on Access control models and technologies
Supporting conditional delegation in secure workflow management systems

Proceedings of the tenth ACM symposium on Access control models and technologies
A fine-grained, controllable, user-to-user delegation method in RBAC

Proceedings of the tenth ACM symposium on Access control models and technologies
Viewing business-process security from different perspectives

International Journal of Electronic Commerce - Special issue: Developing the business components of the digital economy
Dynamic Work Distribution in Workflow Management Systems: How to Balance Quality and Performance

Journal of Management Information Systems
A Petri net based safety analysis of workflow authorization models^1

Journal of Computer Security
Fidelis: a policy-driven trust management framework

iTrust'03 Proceedings of the 1st international conference on Trust management

On delegation and workflow execution models

Proceedings of the 2008 ACM symposium on Applied computing
Delegation and satisfiability in workflow systems

Proceedings of the 13th ACM symposium on Access control models and technologies
Revocation Schemes for Delegation Licences

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
A Rule-Based Framework Using Role Patterns for Business Process Compliance

RuleML '08 Proceedings of the International Symposium on Rule Representation, Interchange and Reasoning on the Web
A security policy framework for context-aware and user preferences in e-services

Journal of Systems Architecture: the EUROMICRO Journal
Task-activity based access control for process collaboration environments

Computers in Industry
Graph-based delegation authorization in workflow

CCDC'09 Proceedings of the 21st annual international conference on Chinese control and decision conference
Collaboration for human-centric eGovernment workflows

WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Restricted delegation and revocation in language-based security: (position paper)

PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
SecurOntology: A semantic web access control framework

Computer Standards & Interfaces
Conceptual model for online auditing

Decision Support Systems
xDAuth: a scalable and lightweight framework for cross domain access control and delegation

Proceedings of the 16th ACM symposium on Access control models and technologies
A relational database integrity framework for access control policies

Journal of Intelligent Information Systems
Enforcing access control in workflow systems with a task engineering approach

International Journal of Internet Technology and Secured Transactions
Optimal workflow-aware authorizations

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
On the Prevention of Fraud and Privacy Exposure in Process Information Flow

INFORMS Journal on Computing
Encoding secure information flow with restricted delegation and revocation in Haskell

Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages
A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions

Information and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

One reason workflow systems have been criticized as being inflexible is that they lack support for delegation. This paper shows how delegation can be introduced in a workflow system by extending the role-based access control (RBAC) model. The current RBAC model is a security mechanism to implement access control in organizations by allowing users to be assigned to roles and privileges to be associated with the roles. Thus, users can perform tasks based on the privileges possessed by their own role or roles they inherit by virtue of their organizational position. However, there is no easy way to handle delegations within this model. This paper tries to treat the issues surrounding delegation in workflow systems in a comprehensive way. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. The new extended model is called RBAC with delegation in a workflow context (DW-RBAC). It allows for delegations to be specified from a user to another user, and later revoked when the delegation is no longer required. The implications of such specifications and their subsequent revocations are examined. Several formal definitions for assertion, acceptance, execution and revocation are provided, and proofs are given for the important properties of our delegation framework.