Toward resolving access control policy conflict in inter-organizational workflows

The rapid growth of Internet and business globalization has lead organizations to collaborate in order to reach common goals through creating inter-organizational workflows. This collaboration poses new security challenges, particularly the cohabitation of different security policies of participating organizations in the workflow. In fact, organizations could have different or even conflicting policies. How to conciliate different local policies and create new coherent global policy free of conflict? How to resolve detected policy conflict? In this paper, we propose a new approach in order to respond to these two issues. This approach is based on the organization weight to resolve detected policy conflict in inter-organizational workflows.

[1]  Guo-dong Lu,et al.  Conflict detection and resolution for authorization policies in workflow systems , 2009 .

[2]  Antonios Gouglidis,et al.  domRBAC: An access control model for modern collaborative systems , 2012, Comput. Secur..

[3]  Naranker Dulay,et al.  A Workflow-Based Access Control Framework for e-Health Applications , 2008, 22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008).

[4]  Le Xuan Hung,et al.  An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow , 2012, J. Biomed. Informatics.

[5]  Poh Kuang Teo,et al.  Security policy integration based on role-based access control model in healthcare collaborative environments , 2010 .

[6]  Asmaa Elkandoussi,et al.  On access control requirements for inter-organizational workflow , 2014, Proceedings of the 4th Edition of National Security Days (JNS4).

[7]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[8]  Andrew P. Martin,et al.  A Survey of Trust in Workflows and Relevant Contexts , 2012, IEEE Communications Surveys & Tutorials.

[9]  Stephen S. Yau,et al.  A Privacy Preserving Repository for Data Integration across Data Sharing Services , 2008, IEEE Transactions on Services Computing.

[10]  Guo-Dong Lu,et al.  An authorization model for collaborative access control , 2009, Journal of Zhejiang University SCIENCE C.

[11]  Flora Malamateniou,et al.  An Event-Based, Role-Based Authorization Model for Healthcare Workflow Systems , 2010, eHealth.

[12]  Stefanie Rinderle-Ma,et al.  AW-RBAC: Access Control in Adaptive Workflow Systems , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[13]  Hanan El Bakkali,et al.  RB-WAC: New approach for access control in workflows , 2009, AICCSA.