ABSTRACT
Supporting delegation mechanisms in workflow systems is receiving increasing interest from the research community. An important requirement of a constrained workflow is to guarantee the satisfiability of the workflow, which requires that some set of authorized users can complete a workflow. Typically, any mechanism that is used to establish the satisfiability of a workflow is based on the workflow specification and the user authorization information. The effect of a successful user delegation request is to change the user authorization information, thereby affecting the satisfiability of the workflow.
Existing work on delegation in workflows does not consider the satisfiability of the workflow. In this paper, we address the satisfiability problem of workflows, while supporting user delegation mechanisms, in the context of three different workflow execution models. We consider delegation of concrete tasks, abstract tasks and roles. We present algorithms for evaluating various delegation requests in each workflow execution model.
- Atluri, V., Bertino, E., Ferrari, E., and Mazzoleni, P. Supporting delegation in secure workflow management systems. In Proceedings of 17th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (2003), pp. 190--202.Google Scholar
- Atluri, V., and Wainer, J. Supporting conditional delegation in secure workflow management systems. In Proceedings of 10th ACM Symposium on Access Control Models and Technologies (2005), pp. 49--58. Google ScholarDigital Library
- Crampton, J. A reference monitor for workflow systems with constrained task execution. In Proceedings of 10th ACM Symposium on Access Control Models and Technologies (2005), pp. 38--47. Google ScholarDigital Library
- Crampton, J. Personal communication to Ninghui Li, November 2006.Google Scholar
- Crampton, J., and Khambhammettu, H. Delegation in role-based access control. International Journal of Information Security 7, 2 (2008), 123--136. Google ScholarDigital Library
- Crampton, J., and Khambhammettu, H. On delegation and workflow execution models. In Proceedings of 23rd ACM Symposium on Applied Computing (2008), pp. 2137--2144. Google ScholarDigital Library
- Downey, R., and Fellows, M. Parameterized Complexity. Springer, 1999. Google ScholarDigital Library
- Kandala, S., and Sandhu, R. Secure role-based workflow models. Database Security XV: Status and Prospects (2002), 45--58. Google ScholarDigital Library
- Venter, K., and Olivier, M. The delegation authorization model: A model for the dynamic delegation of authorization rights in a secure workflow management system. In Proceedings of Information Security South Africa (2002). Published electronically. Available at http://icsa.cs.up.ac.za/issa/2002/proceedings/A021.pdf.Google Scholar
- Wainer, J., Kumar, A., and Barthelmess, P. DW-RBAC: A formal security model of delegation and revocation in workflow systems. Information Systems 32, 3 (2007), 365--384. Google ScholarDigital Library
- Wang, Q., and Li, N. Satisfiability and resiliency in workflow systems. In Proceedings of 12th European Symposium On Research In Computer Security (2007), vol. 1146 of LNCS, pp. 90--115. Google ScholarDigital Library
Index Terms
- Delegation and satisfiability in workflow systems
Recommendations
On delegation and workflow execution models
SAC '08: Proceedings of the 2008 ACM symposium on Applied computingWorkflow systems have long been of interest to computer science researchers due to their practical relevance. Supporting delegation mechanisms in workflow systems is receiving increasing research interest. In this paper, we conduct a comprehensive study ...
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Capability-Role-Based Delegation in Workflow Systems
EUC '10: Proceedings of the 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous ComputingVarious security models for supporting delegation in workflow systems have been proposed to achieve flexible access control in collaborative business processes. Since workflow systems come into their own when controlling large-scale business processes ...
Comments