论文信息 - Injecting RBAC to secure a Web-based workflow system

Injecting RBAC to secure a Web-based workflow system

Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems, however, provide minimal security services such as authentication of users and network security. In this paper we describes an experiment in injecting role-based access control (RBAC) into an existing web-based workflow system. Specifically, we ensure that each task can only be executed by users belonging to a specific role. In order to achieve this, we define a simplified RBAC model to meet our needs and describe the security architecture to be applied to an existing web-based workflow system. We describe our implementation using commercial off-the-shelf (COTS) technology to demonstrate the feasibility of this approach. Our implementation uses X.509v3 certificates with role attribute, and employs a user-pull style where the client requests a client certificate from the role-server and presents it to the workflow system. A major goal of our implementation is to have minimal changes to the existing web server and no changes to the browser. We also discuss alternative architecture such as server-pull with LDAP (Lightweight Directory Access Protocol).

[1] Ravi S. Sandhu,et al. The URA97 Model for Role-Based User-Role Assignment , 1997, DBSec.

[2] Johann Eder,et al. The Workflow Management System Panta Rhei , 1998 .

[3] Ravi S. Sandhu,et al. Engineering authority and trust in cyberspace: the OM-AM and RBAC way , 2000, RBAC '00.

[4] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[5] Vijayalakshmi Atluri,et al. SecureFlow: a secure Web-enabled workflow management system , 1999, RBAC '99.

[6] Ravi Sandhu,et al. Secure attribute services on the web , 1999 .

[7] Mathias Weske,et al. The WASA Approach to Workflow Management for Scientific Applications , 1998 .

[8] Ravi S. Sandhu,et al. RBAC on the Web by smart certificates , 1999, RBAC '99.

[9] Christoph Bussler,et al. A client/server architecture for distributed workflow management systems , 1994, Proceedings of 3rd International Conference on Parallel and Distributed Information Systems.

[10] Ravi S. Sandhu,et al. Decentralized user-role assignment for Web-based intranets , 1998, RBAC '98.

[11] Amit P. Sheth,et al. A Multilevel Secure Workflow Management System , 1999, CAiSE.