A Secure Task Delegation Model for Workflows

Workflow management systems provide some of the required technical means to preserve integrity, confidentiality and availability at the control-, data- and task assignment layers of a workflow. We currently observe a move away from predefined strict workflow enforcement approaches towards supporting exceptions which are difficult to foresee when modelling a workflow. One specific approach for exception handling is that of task delegation. The delegation of a task from one principal to another, however, has to be managed and executed in a secure way, in this context implying the presence of a fixed set of delegation events. In this paper, we propose first and foremost, a secure task delegation model within a workflow. The novel part of this model is separating the various aspects of delegation with regards tousers, tasks, events and data, portraying them in terms of a multi-layered state machine. We then define delegation scenarios and analyse additional requirements to support secure task delegation over these layers. Moreover, we detail a delegation protocol with a specific focus on the initial negotiation steps between the involved principals.

[1]  Andreas Schaad,et al.  Collaboration for Human-Centric eGovernment Workflows , 2007, WISE Workshops.

[2]  Ehud Gudes,et al.  Specifying application-level security in workflow systems , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[3]  Andreas Schaad,et al.  Avoiding Policy-based Deadlocks in Business Processes , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[4]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[5]  Patrick C. K. Hung,et al.  A Secure Workflow Model , 2003, ACSW.

[6]  David M. Eyers,et al.  Policy contexts: controlling information flow in parameterised RBAC , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[7]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[8]  Elisa Bertino,et al.  An Execution Model for Multilevel Seccure Workflows , 1997, DBSec.

[9]  Andreas Schaad,et al.  A Framework for Evidence Lifecycle Management , 2007, WISE Workshops.

[10]  Ravi S. Sandhu,et al.  PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[11]  Wil M. P. van der Aalst,et al.  Workflow Resource Patterns: Identification, Representation and Tool Support , 2005, CAiSE.