CLC number: TP39
On-line Access:
Received: 2008-05-12
Revision Accepted: 2008-09-19
Crosschecked: 2009-04-10
Cited: 4
Clicked: 5915
Chen-hua MA, Guo-dong LU, Jiong QIU. Conflict detection and resolution for authorization policies in workflow systems[J]. Journal of Zhejiang University Science A, 2009, 10(8): 1082-1092.
@article{title="Conflict detection and resolution for authorization policies in workflow systems",
author="Chen-hua MA, Guo-dong LU, Jiong QIU",
journal="Journal of Zhejiang University Science A",
volume="10",
number="8",
pages="1082-1092",
year="2009",
publisher="Zhejiang University Press & Springer",
doi="10.1631/jzus.A0820366"
}
%0 Journal Article
%T Conflict detection and resolution for authorization policies in workflow systems
%A Chen-hua MA
%A Guo-dong LU
%A Jiong QIU
%J Journal of Zhejiang University SCIENCE A
%V 10
%N 8
%P 1082-1092
%@ 1673-565X
%D 2009
%I Zhejiang University Press & Springer
%DOI 10.1631/jzus.A0820366
TY - JOUR
T1 - Conflict detection and resolution for authorization policies in workflow systems
A1 - Chen-hua MA
A1 - Guo-dong LU
A1 - Jiong QIU
J0 - Journal of Zhejiang University Science A
VL - 10
IS - 8
SP - 1082
EP - 1092
%@ 1673-565X
Y1 - 2009
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/jzus.A0820366
Abstract: The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems (WFMSs). Furthermore, existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs. To address these concerns, we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied. Based on the definition, we put forward static and dynamic conflict detection methods for authorization policies. By defining two new concepts, the precedence establishment rule and the conflict resolution policy, we provide a flexible approach to resolving conflicts.
[1] Atluri, V., Huang, W.K., 1996. An Authorization Model for Workflows. Proc. 5th European Symp. on Research in Computer Security, p.44-64.
[2] Atluri, V., Huang, W.K., 2000. A petri net based safety analysis of workflow authorization models. J. Comput. Secur., 8(2):209-240.
[3] Bertino, E., 2003. RBAC models—concepts and trends. Comput. & Secur., 22(6):511-514.
[4] Dunlop, N., Indulska, J., Raymond, K., 2002. Dynamic Conflict Detection in Policy-based Management Systems. Proc. 6th Int. Enterprise Distributed Object Computing Conf., p.15-26.
[5] Dunlop, N., Indulska, J., Raymond, K., 2003. Methods for Conflict Resolution in Policy-based Management System. 7th IEEE Int. Enterprise Distributed Object Computing Conf., p.98-109.
[6] Ferraiolo, D.F., Cugini, J.A., Kuhn, D.R., 1995. Role-Based Access Control (RBAC): Features and Motivations. Proc. 11th Annual Computer Security Application Conf., p.11-15.
[7] Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R., 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224-274.
[8] Georgakopoulos, D., Hornick, M., Sheth, A., 1995. An overview of workflow management: from process modelling to workflow automation infrastructure. Distrib. Parall. Databases, 3(2):119-153.
[9] He, Z.L., Tian, J.D., Zhang, Y.S., 2005. Analysis, detection and resolution of policy conflict. J. Lanzhou Univ. Technol. 31(5):83-86 (in Chinese).
[10] Huang, W.K., Atluri, V., 1999. SecureFlow: A Secure Web-enabled Workflow Management System. Proc. 4th ACM Workshop on Role-based Access Control, p.83-94.
[11] Moffett, J.D., Sloman, M.S., 1994. Policy conflict analysis in distributed system management. Ablex Publish. J. Organ. Comput., 4(1):1-22.
[12] Oh, S., Park, S., 2003. Task-role-based access control model. Inf. Syst., 28(6):533-562.
[13] Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E., 1996. Role-based access control models. IEEE Comput., 29(2):38-47.
[14] Thomas, R.K., Sandhu, R.S., 1997. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. Proc. IFIP WG11.3 Workshop on Database Security, p.11-13.
Open peer comments: Debate/Discuss/Question/Opinion
<1>