Enhancing Workflow Systems Resiliency by Using Delegation and Priority Concepts

Enforcing dynamic access control constraints in workflow management systems (WFMS) is a very important requirement with regard to security issues. However, respecting those constraints may prohibit the completion of a workflow instance in the case of the lack of authorized users. Such situation is known in the literature as a WSP (Workflow Satisfiability Problem). The ability of a WFMS to use different methods to bypass a WSP situation is often seen as a resiliency property. In this work, we propose a new approach that aims to enhance the resiliency of a WFMS while meeting -at run time- the main workflow dynamic access control requirements. In fact, by using both delegation and priority concepts it is possible to find a user which is as suitable as possible to perform the current task instance with lesser security risks.

[1]  Wei Xu,et al.  SOWAC: a service-oriented workflow access control model , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[2]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[3]  Akhil Kumar,et al.  Dynamic Work Distribution in Workflow Management Systems: How to Balance Quality and Performance , 2002, J. Manag. Inf. Syst..

[4]  American National Standard for Information Technology – Role Based Access Control , 2004 .

[5]  Hanan El Bakkali,et al.  RB-WAC: New approach for access control in workflows , 2009, AICCSA.

[6]  Jason Crampton,et al.  Delegation and satisfiability in workflow systems , 2008, SACMAT '08.

[7]  Hanan El Bakkali,et al.  Enforcing access control in workflow systems with a task engineering approach , 2012 .

[8]  Reinhardt A. Botha,et al.  Conflict analysis as a means of enforcing static separation of duty requirements in workflow environments , 2000, South Afr. Comput. J..

[9]  Akhil Kumar,et al.  DW-RBAC: A formal security model of delegation and revocation in workflow systems , 2007, Inf. Syst..

[10]  Ninghui Li,et al.  Satisfiability and Resiliency in Workflow Systems , 2007, ESORICS.

[11]  Manachai Toahchoodee,et al.  Towards Trustworthy Delegation in Role-Based Access Control Model , 2009, ISC.

[12]  Wil M. P. van der Aalst,et al.  Modern Business Process Automation: YAWL and its Support Environment , 2009 .

[13]  Nathaniel Palmer,et al.  Workflow Management Coalition , 2009, Encyclopedia of Database Systems.

[14]  Jinjun Chen,et al.  A policy-based authorization model for workflow-enabled dynamic process management , 2009, J. Netw. Comput. Appl..

[15]  Hong Chen,et al.  On the Security of Delegation in Access Control Systems , 2008, ESORICS.

[16]  Vijayalakshmi Atluri,et al.  Supporting conditional delegation in secure workflow management systems , 2005, SACMAT '05.

[17]  Nikolaos F. Matsatsinis,et al.  Optimizing Resource Conflicts in Workflow Management Systems , 2011, IEEE Transactions on Knowledge and Data Engineering.

[18]  Kamalakar Karlapalem,et al.  Security Policy Satisfiability and Failure Resilience in Workflows , 2008, FIDIS.