An approach for implementation of RBAC models with context constraint to business process systems

Business Process Management (BPM) System has recently been paid much attention because they can support dynamic business processes over heterogeneous computing systems. However, most BPM systems merely support fundamental security services at during run time, such as authentication of users and network security. Apparently, to satisfy the real-time systems security requirement, it is more effective and secure to consider security issues during the processes' build time. In this paper, we describe an approach to implement the RBAC models with context constraint for business process system. Specifically, we utilize the RBAC models with context constraint mechanism to meet our needs and describe the security architecture to be applied to a BPM system. The intention of this paper is to extend RBAC models with context constraints to fulfill the requirements of BPM systems with respect to security, flexibility and expansibility.

[1]  Vijayalakshmi Atluri,et al.  A Chinese wall security model for decentralized workflow systems , 2001, CCS '01.

[2]  Silvana Castano,et al.  Managing Workflow Authorization Constraints through Active Database Technology , 2001, Inf. Syst. Frontiers.

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  Mao Bi,et al.  Role based Access Control Model , 2003 .

[5]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[6]  Mark Strembeck,et al.  An integrated approach to engineer and enforce context constraints in RBAC environments , 2004, TSEC.

[7]  Akhil Kumar,et al.  W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints , 2003, Int. J. Cooperative Inf. Syst..

[8]  Fabio Massacci,et al.  An access control framework for business processes for web services , 2003, XMLSEC '03.

[9]  Gail-Joon Ahn,et al.  UML-based representation of role-based access control , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[10]  Yuqing Sun,et al.  PRES: a practical flexible RBAC workflow system , 2005, ICEC '05.

[11]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[12]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[13]  J. Leon Zhao,et al.  Decomposition-Based Verification of Cyclic Workflows , 2005, ATVA.

[14]  Patrick C. K. Hung,et al.  A study of least privilege in CapBasED-AMS , 1998, Proceedings. 3rd IFCIS International Conference on Cooperative Information Systems (Cat. No.98EX122).

[15]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[16]  Stephanie Teufel,et al.  A Context Authentication Service for Role Based Access Control in Distributed Systems - CARDS , 1995 .

[17]  Wenhao Huang,et al.  Proceedings of the 5th WSEAS international conference on Applied computer science , 2006 .

[18]  Gail-Joon Ahn,et al.  Injecting RBAC to secure a Web-based workflow system , 2000, RBAC '00.

[19]  Ravi S. Sandhu,et al.  Role-Based Access Control , 1998, Adv. Comput..

[20]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[21]  David A. Basin,et al.  Model driven security for process-oriented systems , 2003, SACMAT '03.

[22]  Elisa Bertino,et al.  A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems , 1997, RBAC '97.

[23]  Vijayalakshmi Atluri,et al.  Security for Workflow Systems , 2001, Inf. Secur. Tech. Rep..

[24]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .