Implementing the Chinese Wall Security Model in Workflow Management Systems

The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which the role-based access control model is not sufficient for this, and we then propose a security policy language to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This language can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this language in a WfMS.

[1]  Vijayalakshmi Atluri,et al.  Security for Workflow Systems , 2001, Inf. Secur. Tech. Rep..

[2]  Hans Schuster,et al.  A configuration management approach for large workflow management systems , 1999, WACC '99.

[3]  Gail-Joon Ahn,et al.  Injecting RBAC to secure a Web-based workflow system , 2000, RBAC '00.

[4]  Shih-Chien Chou,et al.  Preventing information leakage within workflows that execute among competing organizations , 2005, J. Syst. Softw..

[5]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[6]  Charles N. Fischer,et al.  Crafting a Compiler with C , 1991 .

[7]  Elisa Bertino,et al.  A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems , 1997, RBAC '97.

[8]  Gerhard Weikum,et al.  From Centralized Workflow Specification to Distributed Workflow Execution , 1998, Journal of Intelligent Information Systems.

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Paul W. P. J. Grefen,et al.  WIDE-a distributed architecture for workflow management , 1997, Proceedings Seventh International Workshop on Research Issues in Data Engineering. High Performance Database Management for Large-Scale Applications.

[11]  Dan Thomsen,et al.  Napoleon: a recipe for workflow , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[12]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[13]  Ebru Celikel Cankaya,et al.  Chinese Wall Model , 2011, Encyclopedia of Cryptography and Security.

[14]  George Coulouris,et al.  Distributed systems - concepts and design , 1988 .

[15]  Xiang Yong,et al.  Workflow management systems: a survey , 1998, ICCT'98. 1998 International Conference on Communication Technology. Proceedings (IEEE Cat. No.98EX243).

[16]  Amit P. Sheth,et al.  An overview of workflow management: From process modeling to workflow automation infrastructure , 1995, Distributed and Parallel Databases.

[17]  Gwan-Hwan Hwang,et al.  Design of an Object-Oriented Workflow Management System with Reusable and Fine-Grained Components , 2005, CRIWG.

[18]  C. M. Sperberg-McQueen,et al.  eXtensible Markup Language (XML) 1.0 (Second Edition) , 2000 .