ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A reference monitor for workflow systems with constrained task execution
Full text PdfPdf (209 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the tenth ACM symposium on Access control models and technologies table of contents
Stockholm, Sweden
SESSION: Access control model I table of contents
Pages: 38 - 47  
Year of Publication: 2005
ISBN:1-59593-045-0
Author
Jason Crampton  University of London
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 10,   Downloads (12 Months): 84,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1063979.1063986
What is a DOI?

ABSTRACT

We describe a model, independent of any underlying access control paradigm, for specifying authorization constraints such as separation of duty and cardinality constraints in workflow systems. We present a number of results enabling us to simplify the set of authorization constraints. These results form the theoretical foundation for an algorithm that can be used to determine whether a given constrained workflow can be satisfied: that is, does there exist an assignment of authorized users to workflow tasks that satisfies the authorization constraints? We show that this algorithm can be incorporated into a workflow reference monitor that guarantees that every workflow instance can complete. We derive the computational complexity of our algorithm and compare its performance to comparable work in the literature.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Vijayalakshmi Atluri , Wei-kuang Huang, An Authorization Model for Workflows, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.44-64, September 25-27, 1996
2
Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999  [doi>10.1145/300830.300837]
 
3
Reinhardt A. Botha , Jan H. P. Eloff, Separation of duties for access control enforcement in workflow environments, IBM Systems Journal, v.40 n.3, p.666-682, March 2001
 
4
Fabio Casati , Silvana Castano , Mariagrazia Fugini, Managing Workflow Authorization Constraints through Active Database Technology, Information Systems Frontiers, v.3 n.3, p.319-338, September 2001  [doi>10.1023/A:1011461409620 ]
 
5
Clark, D., and Wilson, D. A comparison of commercial and military computer security policies. In Proceedings of 1987 IEEE Symposium on Security and Privacy (1987), pp. 184--194.
 
6
Crampton, J. An algebraic approach to the analysis of constrained workflow systems. In Proceedings of 3rd Workshop on Foundations of Computer Security (2004), pp. 61--74.
 
7
Savith Kandala , Ravi Sandhu, Secure role-based workflow models, Proceedings of the fifteenth annual working conference on Database and application security, p.45-58, July 15-18, 2001, Niagara, Ontario, Canada
 
8
Konstantin Knorr , Henrik Stormer, Modeling and Analyzing Separation of Duties in Workflow Environments, Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge, p.199-212, June 11-13, 2001
 
9
Marek Rusinkiewicz , Amit Sheth, Specification and execution of transactional workflows, Modern database systems: the object model, interoperability, and beyond, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
 
10
Kaijun Tan , Jason Crampton , Carl A. Gunter, The Consistency of Task-Based Authorization Constraints in Workflow Systems, Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW'04), p.155, June 28-30, 2004  [doi>10.1109/CSFW.2004.22]
 
11
Wainer, J., Barthelmess, P., and Kumar, A. W-RBAC -- A workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems 12, 4 (2003), 455--486.

CITED BY  3
Jason Crampton , Hemanth Khambhammettu, On delegation and workflow execution models, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Janice Warner , Vijayalakshmi Atluri, Inter-instance authorization constraints for secure workflow management, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
Ninghui Li , Mahesh V. Tripunitara , Ziad Bizri, On mutually exclusive roles and separation-of-duty, ACM Transactions on Information and System Security (TISSEC), v.10 n.2, p.5-es, May 2007

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration
          Subjects: Security, integrity, and protection

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Security, Theory


Keywords:
authorization constraint, entailment constraint, reference monitor, workflow system

Collaborative Colleagues:
Jason Crampton: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player