Task-based entailment constraints for basic workflow patterns

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Task-based entailment constraints for basic workflow patterns

Full text

Pdf (961 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the 13th ACM symposium on Access control models and technologies table of contents

Estes Park, CO, USA

SESSION: Workflow systems table of contents

Pages 51-60

Year of Publication: 2008

ISBN:978-1-60558-129-3

Authors

Christian Wolter	SAP Research, Karlsruhe, Germany
Andreas Schaad	SAP Research, Karlsruhe, Germany
Christoph Meinel	University of Potsdam, Germany

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 14, Downloads (12 Months): 207, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1377836.1377844 What is a DOI?

ABSTRACT

Access Control decisions are based on the authorisation policies defined for a system as well as observed context and behaviour when evaluating these constraints at runtime. Workflow management systems have been recognised as a primary source for defining authorisation policies at workflow designtime, as well as generating context at runtime.

This paper analyses recent work in the workflow community regarding established control-flow patterns. We claim that there is an intrinsic relationship between these patterns and a set of task-based entailment constraints - such as Separation of Duty - that have been recently identified by the access control community. These constraints are based on a pre-determined partial order on sequence and parallel execution patterns. When, however, such an order does not exist, because of more complex control-flow patterns, ambiguous constraint evaluation situations will arise at workflow runtime.

Accordingly, this paper reviews basic workflow patterns and identifies relationships between these and task-based entailment constraints. In addition, an analysis of possible runtime ambiguities that may arise from these relationships is presented. Our approach is based on recently developed techniques for visual constraint representation at a workflow design-time.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Dimitrios Georgakopoulos , Mark Hornick , Amit Sheth, An overview of workflow management: from process modeling to workflow automation infrastructure, Distributed and Parallel Databases, v.3 n.2, p.119-153, April 1995 [doi>10.1007/BF01277643]
	2	Andreas Schaad , Volkmar Lotz , Karsten Sohr, A model-checking approach to analysing organisational controls in a loan origination process, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA [doi>10.1145/1133058.1133079]
	3	J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. In Proc. IEEE, volume 63, pages 1278--1308. IEEE Computer Society, 1975.
	4	David D. Clark and David R. Wilson. A Comparison of Commercial and Military Computer Security Policies. Security and Privacy, 00:184, 1987.
	5	M. Nash and K. Poland. Some Conundrums Concerning Separation of Duty. In In IEEE Symposium on Security and Privacy, pages 201--209, Oakland, CA, 1990.
	6	Reinhardt A. Botha , Jan H. P. Eloff, Separation of duties for access control enforcement in workflow environments, IBM Systems Journal, v.40 n.3, p.666-682, March 2001
	7	Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999 [doi>10.1145/300830.300837]
	8	Kaijun Tan , Jason Crampton , Carl A. Gunter, The Consistency of Task-Based Authorization Constraints in Workflow Systems, Proceedings of the 17th IEEE workshop on Computer Security Foundations, p.155, June 28-30, 2004 [doi>10.1109/CSFW.2004.22]
	9	Christian Wolter and Andreas Schaad. Modeling of Task-Based Authorization Constraints in BPMN. In Proceedings of the 5th International Conference on Business Process Management (BPM), pages 64--79, 2007.
	10	W. M. P. van der Aalst and A. H. M. ter Hofstede. Workflow Patterns: On the Expressive Power of Workflow Languages. In Proc. of the 4th Workshop on Practical Use of Coloured Petri Nets and the CPN Tools, Aarhus, Denmark, August 28-30, 2002 / Kurt Jensen (Ed.), pages 1--20. Technical Report DAIMI PB-560, August 2002.
	11	P. Wohed, W.M.P. van der Aalst, M. Dumas, A.H.M. ter Hofstede, and N. Russell. On the Suitability of BPMN for Business Process Modelling. In Proceedings of the 4th International Conference on Business Process Management (BPM), 2006.
	12	W. M. P. van der Aalst. Pi calculus versus Petri nets: Let us eat humble pie rather than further inflate the Pi hype. In BPTrends 3, volume 5, pages 1--11, 2005.
	13	Jason Crampton, A reference monitor for workflow systems with constrained task execution, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden [doi>10.1145/1063979.1063986]
	14	Shazia Wasim Sadiq, Guido Governatori, and Kioumars Namiri. Modeling Control Objectives for Business Process Compliance. In BPM, pages 149--164, 2007.
	15	James H. Lambert , Rachel K. Jennings , Nilesh N. Joshi, Integration of risk identification with business process models, Systems Engineering, v.9 n.3, p.187-198, October 2006 [doi>10.1002/sys.v9:3]
	16	Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
	17	Elisa Bertino , Jason Crampton , Federica Paci, Access Control and Authorization Constraints for WS-BPEL, Proceedings of the IEEE International Conference on Web Services, p.275-284, September 18-22, 2006 [doi>10.1109/ICWS.2006.21]
	18	Jacques Thomas, Federica Paci, Elisa Bertino, and Patrick Eugster. User Tasks and Access Control over Web Services. In ICWS, pages 60--69. IEEE Computer Society, 2007.
	19	N. Nagaratnam , A. Nadalin , M. Hondo , M. McIntosh , P. Austel, Business-driven application security: from modeling to managing secure applications, IBM Systems Journal, v.44 n.4, p.847-867, 2005
	20	Christian Wolter, Andreas Schaad, and Christoph Meinel. Deriving XACML Policies from Business Process Models. In WISE Workshops, pages 142--153, 2007.
	21	Object Management Group. Business Process Modeling Notation Specification. www.bpmn.org, 2006.
	22	N. Russell, W.M.P. van der Aalst, A.H.M. ter Hofstede, and D. Edmond. Workflow Resource Patterns: Identification, Representation and Tool Support. In In Proc. of 17th Int. Conf. on Advanced Information Systems Engineering (CAiSE05), 2005.
	23	W. M. P. Van Der Aalst , A. H. M. Ter Hofstede , B. Kiepuszewski , A. P. Barros, Workflow Patterns, Distributed and Parallel Databases, v.14 n.1, p.5-51, July 2003 [doi>10.1023/A:1022883727209]
	24	B. Kiepuszewski, A. Hofstede, and W. van der Aalst. Fundamentals of Control Flow in Workflows, 2002.
	25	W. M. P. van der Aalst , A. H. M. ter Hofstede, YAWL: yet another workflow language, Information Systems, v.30 n.4, p.245-275, June 2005 [doi>10.1016/j.is.2004.02.002]
	26	Ninghui Li , Qihua Wang, Beyond separation of duty: an algebra for specifying high-level security policies, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA [doi>10.1145/1180405.1180449]
	27	Wei-Kuang Huang , Vijayalakshmi Atluri, SecureFlow: a secure Web-enabled workflow management system, Proceedings of the fourth ACM workshop on Role-based access control, p.83-94, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319179]
	28	Qihua Wang and Ninghui Li. Satisfiability and Resiliency in Workflow Systems. In ESORICS, pages 90--105, 2007.
	29	Konstantin Knorr , Henrik Stormer, Modeling and analyzing separation of duties in workflow environments, Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge, June 11-13, 2001, Paris, France
	30	David Basin , Jürgen Doser , Torsten Lodderstedt, Model driven security for process-oriented systems, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy [doi>10.1145/775412.775425]
	31	Jan Jürjens, UMLsec: Extending UML for Secure Systems Development, Proceedings of the 5th International Conference on The Unified Modeling Language, p.412-425, September 30-October 04, 2002
	32	Alfonso Rodríguez, Eduardo Fernández-Medina, and Mario Piattini. Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes. In TrustBus, pages 51--61, 2006.
	33	Nick Russell, Arthur, Wil M. P. van der Aalst, and Natalya Mulyar. Workflow Control-Flow Patterns: A Revised View. Technical report, BPMcenter.org, 2006.