Similar articles

Abstract: The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems (WFMSs). Furthermore, existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs. To address these concerns, we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied. Based on the definition, we put forward static and dynamic conflict detection methods for authorization policies. By defining two new concepts, the precedence establishment rule and the conflict resolution policy, we provide a flexible approach to resolving conflicts.

[1] Atluri, V., Huang, W.K., 1996. An Authorization Model for Workflows. Proc. 5th European Symp. on Research in Computer Security, p.44-64.

[2] Atluri, V., Huang, W.K., 2000. A petri net based safety analysis of workflow authorization models. J. Comput. Secur., 8(2):209-240.

[3] Bertino, E., 2003. RBAC models—concepts and trends. Comput. & Secur., 22(6):511-514.

[4] Dunlop, N., Indulska, J., Raymond, K., 2002. Dynamic Conflict Detection in Policy-based Management Systems. Proc. 6th Int. Enterprise Distributed Object Computing Conf., p.15-26.

[5] Dunlop, N., Indulska, J., Raymond, K., 2003. Methods for Conflict Resolution in Policy-based Management System. 7th IEEE Int. Enterprise Distributed Object Computing Conf., p.98-109.

[6] Ferraiolo, D.F., Cugini, J.A., Kuhn, D.R., 1995. Role-Based Access Control (RBAC): Features and Motivations. Proc. 11th Annual Computer Security Application Conf., p.11-15.

[7] Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R., 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224-274.

[8] Georgakopoulos, D., Hornick, M., Sheth, A., 1995. An overview of workflow management: from process modelling to workflow automation infrastructure. Distrib. Parall. Databases, 3(2):119-153.

[9] He, Z.L., Tian, J.D., Zhang, Y.S., 2005. Analysis, detection and resolution of policy conflict. J. Lanzhou Univ. Technol. 31(5):83-86 (in Chinese).

[10] Huang, W.K., Atluri, V., 1999. SecureFlow: A Secure Web-enabled Workflow Management System. Proc. 4th ACM Workshop on Role-based Access Control, p.83-94.

[11] Moffett, J.D., Sloman, M.S., 1994. Policy conflict analysis in distributed system management. Ablex Publish. J. Organ. Comput., 4(1):1-22.

[12] Oh, S., Park, S., 2003. Task-role-based access control model. Inf. Syst., 28(6):533-562.

[13] Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E., 1996. Role-based access control models. IEEE Comput., 29(2):38-47.

[14] Thomas, R.K., Sandhu, R.S., 1997. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. Proc. IFIP WG11.3 Workshop on Database Security, p.11-13.