Context-sensitive constraints for access control of business processes

Workflow management systems (WfMS) are used to automate and facilitate business processes of an enterprise. To simplify the administration, it is a common practice in many WfMS solutions to allocate a role to perform each activity of the process and then assign one or more users to each role. Typically, access control for WfMS is role-based with a support of constraints on users and roles. However, merely using role and constraints concepts can hardly satisfy modern access control requirements of a contemporary enterprise. Permissions should not solely depend on common static and dynamic principles, but they must be influenced by the context in which the access is requested. In this paper, we focus on the definition and enforcement of the context-sensitive constraints for workflow systems. We extended the common role-based constraints listed in literature with context-sensitive information and workflow specific components. Also, we propose a mechanism for enforcing such constraints within WfMS.

[1]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[2]  Jan H. P. Eloff,et al.  Access Control in Document-centric Workflow Systems An Agent-based Approach , 2001, Comput. Secur..

[3]  Basit Shafiq,et al.  A GTRBAC based system for dynamic workflow composition and management , 2005, Eighth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC'05).

[4]  Lei Xu,et al.  Access Control Scheme for Workflow , 2009, 2009 International Conference on Computer Engineering and Technology.

[5]  Zora Konjovic,et al.  Context-Sensitive Access Control Model for Government Services , 2012, J. Organ. Comput. Electron. Commer..

[6]  Anand R. Tripathi,et al.  A specification model for context-based collaborative applications , 2005, Pervasive Mob. Comput..

[7]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[8]  Zongkai Yang,et al.  A Context Based Dynamic Access Control Model for Web Service , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[9]  王豐堅,et al.  一個在工作流程系統管理系統中基於Task-Role-Based Access Control Model的代理程序框架 , 2007 .

[10]  Stavros A. Koubias,et al.  A dynamic context-aware access control architecture for e-services , 2006, Comput. Secur..

[11]  Daling Wang,et al.  A Role and Context Based Access Control Model with UML , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[12]  Li Zhang,et al.  Task-Role-Based Access Control in Application on MIS , 2006, 2006 IEEE Asia-Pacific Conference on Services Computing (APSCC'06).

[13]  Thomas H. Davenport,et al.  The New Industrial Engineering: Information Technology and Business Process Redesign , 2011 .

[14]  Lionel C. Briand,et al.  A comprehensive modeling framework for role-based access control policies , 2015, J. Syst. Softw..

[15]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[16]  Mark Strembeck,et al.  An integrated approach to engineer and enforce context constraints in RBAC environments , 2004, TSEC.

[17]  Marko Bohanec,et al.  Ranking of Business Process Simulation Software Tools with DEX/QQ Hierarchical Decision Model , 2016, PloS one.

[18]  Zora Konjovic,et al.  Access control framework for XML document collections , 2011, Comput. Sci. Inf. Syst..

[19]  Hong Fan,et al.  A context-aware role-based access control model for Web services , 2005, IEEE International Conference on e-Business Engineering (ICEBE'05).

[20]  Gregory D. Abowd,et al.  Towards a Better Understanding of Context and Context-Awareness , 1999, HUC.

[21]  Gregory D. Abowd,et al.  The Human Experience , 2002, IEEE Pervasive Comput..

[22]  Hervé Martin,et al.  Using Context Quality Indicators for Improving Context-Based Access Control in Pervasive Environments , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[23]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[24]  Dusan Surla,et al.  Flexible Access Control Framework for MARC Records , 2012, Electron. Libr..

[25]  Gregory D. Abowd,et al.  Who, What, When, Where, How: Design Issues of Capture & Access Applications , 2001, UbiComp.

[26]  Jason Crampton A reference monitor for workflow systems with constrained task execution , 2005, SACMAT '05.

[27]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[28]  Lin Yao,et al.  A Task-Role Based Access Control Model with Multi-Constraints , 2008, 2008 Fourth International Conference on Networked Computing and Advanced Information Management.

[29]  Jan H. P. Eloff,et al.  Separation of duties for access control enforcement in workflow environments , 2001, IBM Syst. J..

[30]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[31]  Bill N. Schilit,et al.  Context-aware computing applications , 1994, Workshop on Mobile Computing Systems and Applications.

[32]  Zora Konjovic,et al.  Context-sensitive access control model for business processes , 2013, Comput. Sci. Inf. Syst..

[33]  Mark Strembeck,et al.  Modelling context-aware RBAC models for mobile business processes , 2013, Int. J. Wirel. Mob. Comput..

[34]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[35]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[36]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[37]  Mark Strembeck,et al.  Modeling Context-Aware RBAC Models for Business Processes in Ubiquitous Computing Environments , 2012, 2012 Third FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing.

[38]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[39]  Ting Yu,et al.  Enforcing security properties in task-based systems , 2008, SACMAT '08.

[40]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[41]  Akhil Kumar,et al.  W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints , 2003, Int. J. Cooperative Inf. Syst..

[42]  Jan H. P. Eloff,et al.  Separation of Duty administration , 2001, South Afr. Comput. J..

[43]  Elisa Bertino,et al.  XML-based specification for Web services document security , 2004, Computer.

[44]  Weili Han,et al.  Context-sensitive access control model and implementation , 2005, The Fifth International Conference on Computer and Information Technology (CIT'05).

[45]  Jianshi Li,et al.  Research on RBAC-based Separation of Duty Constraints , 2007 .

[46]  Arun Kumar,et al.  Context sensitivity in role-based access control , 2002, OPSR.

[47]  Vijayalakshmi Atluri,et al.  Inter-instance authorization constraints for secure workflow management , 2006, SACMAT '06.

[48]  Maria da Graça Campos Pimentel,et al.  Toward a Domain-Independent Semantic Model for Context-Aware Computing , 2005, LA-WEB.