Separation of duties for access control enforcement in workflow environments

Botha, Reinhardt A.; Eloff, Jan H. P.

doi:10.1147/sj.403.0666

Cited by 146 publications

(82 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…An example is the common practice to separate the "controller" role and the "chief buyer" role in medium-sized and large companies. In this context, a task-based SOD constraint is a constraint that considers task order and task history in a particular process instance to decide if a certain subject or role is allowed to perform a certain task [3,17,19]. Task-based SOD constraints can be static or dynamic.…”

Section: Mutual Exclusion and Binding Constraintsmentioning

confidence: 99%

“…In the context of business process management, mutual exclusion and binding constraints are an important means to assist the specification of business processes and to control the execution of workflows. In particular, they are used to enforce process-related separation of duty (SOD) and binding of duty (BOD) policies with respect to a corresponding role-based access control (RBAC) model (see, e.g., [1,3,4,17,18]). A number of approaches exist that allow for the formal specification and analysis of process-related access control policies and constraints (see, e.g., [2,8,17]).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context

Strembeck

Mendling

2010

On the Move to Meaningful Internet Systems: OTM 2010

View full text Add to dashboard Cite

In this paper, we present generic algorithms to ensure the consistency of mutual-exclusion and binding constraints in a business process context. We repeatedly identified the need for such generic algorithms in our real-world projects. Thus, the algorithms are a result of the experiences we gained in analyzing, designing, and implementing a number of corresponding software systems and tools. In particular, these algorithms check corresponding consistency requirements to prevent constraint conflicts and to ensure the design-time and runtime compliance of a process-related role-based access control (RBAC) model.

show abstract

Section: Mutual Exclusion and Binding Constraintsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context

Strembeck

Mendling

2010

On the Move to Meaningful Internet Systems: OTM 2010

View full text Add to dashboard Cite

show abstract

“…Uncontrolled changes of an org. model, for example, may violate semantical constraints like separation of duty (SoD) or mutual exclusion [27,28,46,47]. Among other things, this may result in security gaps.…”

Section: Discussionmentioning

confidence: 99%

A Formal Framework for Adaptive Access Control Models

Rinderle

Reichert

Journal on Data Semantics IX

View full text Add to dashboard Cite

Abstract. For several reasons enterprises are frequently subject to organizational change. Respective adaptations may concern business processes, but also other components of an enterprise architecture. In particular, changes of organizational structures often become necessary. The information about organizational entities and their relationships is maintained in organizational models. Therefore the quick and correct adaptation of these models is fundamental to adequately cope with organizational changes. However, model changes alone are not sufficient to guarantee consistency. Since organizational models also provide the basis for defining access rules (e.g., actor assignments in workflow management systems or access rules in document-centered applications) this information has to be adapted accordingly (e.g., to avoid dangling references or non-resolvable actor assignments). Current approaches do not adequately address this problem, which often leads to security gaps and delayed change implementation.In this paper we introduce a formal framework for the controlled evolution of organizational models and related access rules. Firstly, we introduce a set of operators with well-defined semantics for defining and changing organizational models. Secondly, we show how to define access rules based on such models. In this context we also define a notion of correctness for access rules. Thirdly, we present a formal framework for the (semi-automated) adaptation of access rules when the underlying organizational model is changed by exploiting the semantics of the applied changes. Altogether the presented approach provides an important contribution for realizing adaptive access control frameworks.

show abstract

“…Specification of rules that account for all possible executable workflows originating from a service composition may be tiresome and error-prone. Definition of separation of duties for task execution [4,13] may also help the user to avoid services to access conflicting data. Still, such solutions usually require that roles are well-defined among workflow participants and this is not always possible in open environments.…”

Section: Related Workmentioning

confidence: 99%

“…Some solutions assume environments under a single administrative domain and propose mechanisms for specification of separation of duties in control flows [4,13], while others enable specification of access control constraints on the data flow [6]. Pervasive computing environments, however, are more dynamic and hardly ever the exact user-defined workflow can be constructed with available services.…”

Section: Introductionmentioning

confidence: 99%

A Model for Reasoning About the Privacy Impact of Composite Service Execution in Pervasive Computing

Cardoso

Issarny

IFIP – The International Federation for Information Processing

View full text Add to dashboard Cite

Service composition is a fundamental feature of pervasive computing middleware. It enables users to leverage available computing power by using existing services as building blocks for creating new composite services. In open and dynamic environments, service composition must be flexible enough to admit realization by different executable workflows that have similar functionalities but that present different partitions of tasks among available services. This flexibility, however, raises new privacy issues e.g., a single service performing all tasks of a workflow has access to more data than different services executing parts of the workflow.In this paper we propose a model that enables users to reason about the impact on privacy of executing a composite service. The model is based on an extension of Fuzzy Cognitive Maps, and considers the impact of the composition as a whole according to the partition of tasks. We introduce our extension called Fuzzy Cognitive Maps with Causality Feedback, describe how they can be used to model the relationship among different personal data and the privacy impact of their disclosure, and give an example of how the model can be applied to a composition scenario.

show abstract

Separation of duties for access control enforcement in workflow environments

Cited by 146 publications

References 22 publications

Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context

Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context

A Formal Framework for Adaptive Access Control Models

A Model for Reasoning About the Privacy Impact of Composite Service Execution in Pervasive Computing

Contact Info

Product

Resources

About