ROLE AND TASK BASED AUTHORIZATION MANAGEMENT FOR PROCESS-VIEW

Mei-Yu Wu, Duen-Ren Liu

2007

Abstract

Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work discusses the authorization management of organizational roles in a process-view. A process-view, an abstracted process (workflow) derived from a base process, can provide adaptable task granularity to suit different needs of workflow participants. A novel authorization mechanism is proposed to derive a role’s permissions on virtual activities based on the role’s permissions on base activities. The proposed authorization mechanisms consider duty-conflict relationships among base activities to enforce SoD.

References

  1. Ahn, G-J, Sandhu, R., Kang, M., Park, J.(2002). Injecting RBAC to Secure a Web-based Workflow System, In Proceedings of 5th ACM Workshop on Role-Based Access Control.
  2. Atluri, V., Huang W-K (1996). An Authorization Model for Workflows, Proceedings of the fifth European Symposium on Research in Computer Security, Rome, Italy, 44 - 64.
  3. Bertino, E., Ferrari, E., Atluri, V. (1999). Specification and Enforcement of Authorization Constraints in Workflow Management Systems, ACM Transactions on Information and System Security, Vol. 2, No. 1, 65 - 104.
  4. Ferraiolo, D.F., Cugini, J., Kuhn, R. (1995). Role-Based Access Control (RBAC): Features and Motivations, Proceedings of 11th Annual Computer Security Application Conference, IEEE Computer Society Press, 241-248.
  5. Ferraiolo, D.F., Kuhn, R. (1992). Role-Based Access Control, In Proceedings of 15th NIST-NCSC National Computer Security Conference, 554-563.
  6. Georgakopoulos, D., Hornick, M., Sheth, A. (1995). An Overview of Workflow Management: From Process Modeling to Workflow Automation Infrastructure, Distributed and Parallel Databases, 119-153
  7. Gligor, V.D., Gavrila, S.I., Ferraiolo, D. (1998). On the Formal Definition of Separation-of-Duty Policies and Their Composition, Proceedings of IEEE Symposium on Security and Privacy, IEEE Computer Society.
  8. Huang, W-K, Atluri, V. (1999). SecureFlow: A secure web-based workflow management system, In Proceedings of 4th ACM Workshop on Role-Based Access Control, 83-94.
  9. Nash, M.J., Poland, K.R. (1990). Some Conundrums Concerning Separation of Duty, Proceedings of IEEE Computer Society Symposium on Security and Privacy, IEEE Computer Society Press.
  10. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman C.E. (1996). Role-Based Access Control Models, IEEE Computer, 29(2), 38-47.
  11. Schulz, K.A., Orlowska, M.E. (2004). Facilitating crossorganizational workflows with a workflow view approach, Data & Knowledge Engineering, 51, p109-147.
  12. Shen, M., Liu, D.R. (2004). Discovering role-relevant process-views for disseminating process knowledge, Expert Systems with Applications, 26, 301-310.
  13. Simon, R.T., Zurko, M.E. (1997). Separation of Duty in Role-Based Environments, 10th Computer Security Foundations Workshop.
Download


Paper Citation


in Harvard Style

Wu M. and Liu D. (2007). ROLE AND TASK BASED AUTHORIZATION MANAGEMENT FOR PROCESS-VIEW . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 85-90. DOI: 10.5220/0002126300850090


in Bibtex Style

@conference{secrypt07,
author={Mei-Yu Wu and Duen-Ren Liu},
title={ROLE AND TASK BASED AUTHORIZATION MANAGEMENT FOR PROCESS-VIEW},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={85-90},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002126300850090},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - ROLE AND TASK BASED AUTHORIZATION MANAGEMENT FOR PROCESS-VIEW
SN - 978-989-8111-12-8
AU - Wu M.
AU - Liu D.
PY - 2007
SP - 85
EP - 90
DO - 10.5220/0002126300850090