ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Injecting RBAC to secure a Web-based workflow system
Full text PdfPdf (3.59 MB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the fifth ACM workshop on Role-based access control table of contents
Berlin, Germany
Pages: 1 - 10  
Year of Publication: 2000
ISBN:1-58113-259-X
Authors
Gail-Joon Ahn  ISE Department, MS 4A4, George Mason University, Fairfax, VA
Ravi Sandhu  ISE Department, MS 4A4, George Mason University, Fairfax, VA
Myong Kang  Naval Research Laboratory, Information Technology Division, Washington, DC
Joon Park  Naval Research Laboratory, Information Technology Division, Washington, DC
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 15,   Downloads (12 Months): 71,   Citation Count: 13
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/344287.344295
What is a DOI?

ABSTRACT

Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems, however, provide minimal security services such as authentication of users and network security. In this paper we describes an experiment in injecting role-based access control (RBAC) into an existing web-based workflow system. Specifically, we ensure that each task can only be executed by users belonging to a specific role. In order to achieve this, we define a simplified RBAC model to meet our needs and describe the security architecture to be applied to an existing web-based workflow system. We describe our implementation using commercial off-the-shelf (COTS) technology to demonstrate the feasibility of this approach. Our implementation uses X.509v3 certificates with role attribute, and employs a user-pull style where the client requests a client certificate from the role-server and presents it to the workflow system. A major goal of our implementation is to have minimal changes to the existing web server and no changes to the browser. We also discuss alternative architecture such as server-pull with LDAP (Lightweight Directory Access Protocol).


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
Den96
Peter J. Denning. Workflow in the WEB. In Layna Fisher, editor, New tools for New Times: Electronic Commerce. Future Strategies, Inc., 1996.
 
EGL97
Johann Eder, Herbert Groiss, and Walter Liebhart. The workflow management system Panta Rhei. In Asuman Dogac, Leonid Kalinichenko, M. Tamer Ozsu, and Amit Sheth, editors, Advances in Workflow Management Systems and Interoperability, pages 129-144. NATO Advanced Study Institute, 1997.
 
faipcI99
Institute for applied information processing and communications (IAIK). Jigsaw SSL. In http://jcewww.iaik.tugraz.ac.at/Applications/jigsaw.htm, 1999.
HA99
Wei-Kuang Huang , Vijayalakshmi Atluri, SecureFlow: a secure Web-enabled workflow management system, Proceedings of the fourth ACM workshop on Role-based access control, p.83-94, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319179]
 
Hol95
D. Hollingsworth. The workflow reference model. Technical Report TC00-1003, The Workflow Management Coalition, Hampshire, UK, January 1995.
 
KA95
Narayanan Krishnakumar , Amit Sheth, Managing heterogeneous multi-system tasks to support enterprise-wide operations, Distributed and Parallel Databases, v.3 n.2, p.155-186, April 1995  [doi>10.1007/BF01277644]
 
KFS+99
Myong H. Kang , Judith N. Froscher , Amit P. Sheth , Krys Kochut , John A. Miller, A Multilevel Secure Workflow Management System, Proceedings of the 11th International Conference on Advanced Information Systems Engineering, p.271-285, June 14-18, 1999
 
MPS+98
John A. Miller , Devanand Palaniswami , Amit P. Sheth , Krys J. Kochut , Harvinder Singh, WebWork: METEOR_2‘s Web-Based Workflow Management System, Journal of Intelligent Information Systems, v.10 n.2, p.185-215, March/April 1998  [doi>10.1023/A:1008660827609]
 
Par99
Joon Soo Park , Ravi Sandhu, Secure attribute services on the web, 1999
PS99
Joon S. Park , Ravi Sandhu, RBAC on the Web by smart certificates, Proceedings of the fourth ACM workshop on Role-based access control, p.1-9, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319172]
San00
Ravi Sandhu, Engineering authority and trust in cyberspace: the OM-AM and RBAC way, Proceedings of the fifth ACM workshop on Role-based access control, p.111-119, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344309]
 
SB97
Ravi S. Sandhu , Venkata Bhamidipati, The URA97 Model for Role-Based User-Role Assignment, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.262-275, August 10-13, 1997
 
SCFY96
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
SJKB94
Hans Schuster , Stefan Jablonski , Thomas Kirsche , Christoph Bussler, A client/server architecture for distributed workflow management systems, Proceedings of the third international conference on on Parallel and distributed information systems, p.253-256, October 1994, Autin, Texas, United States
SP98
Ravi Sandhu , Joon S. Park, Decentralized user-role assignment for Web-based intranets, Proceedings of the third ACM workshop on Role-based access control, p.1-12, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286887]
 
VW97
Gottfried Vossen and Mathias Weske. The WASA approach to workflow management for scientific applications. In Asuman Dogac, Leonid Kalinichenko, M. Tamer Ozsu, and Amit Sheth, editors, Advances in Workflow Management Systems and Interoperability, pages 145-165. NATO Advanced Study Institute, 1997.
 
WWWC99
The World Wide Web Consortium. Jigsaw-the W3C's Web Server. In http://www.w3c.org/jigsaw, 1999.

CITED BY  13
Joon S. Park , Ravi Sandhu , Gail-Joon Ahn, Role-based access control on the web, ACM Transactions on Information and System Security (TISSEC), v.4 n.1, p.37-71, Feb. 2001
Joon S. Park , Gail-Joon Ahn , Ravi Sandhu, Role-based access control on the web using LDAP, Proceedings of the fifteenth annual working conference on Database and application security, p.19-30, July 15-18, 2001, Niagara, Ontario, Canada
Basit Shafiq , James B. D. Joshi , Elisa Bertino , Arif Ghafoor, Secure Interoperation in a Multidomain Environment Employing RBAC Policies, IEEE Transactions on Knowledge and Data Engineering, v.17 n.11, p.1557-1577, November 2005
Savith Kandala , Ravi Sandhu, Secure role-based workflow models, Proceedings of the fifteenth annual working conference on Database and application security, p.45-58, July 15-18, 2001, Niagara, Ontario, Canada
Reinhardt A. Botha , Jan H. P. Eloff, Separation of duties for access control enforcement in workflow environments, IBM Systems Journal, v.40 n.3, p.666-682, March 2001
Michael Zur Muehlen, Organizational Management in Workflow Applications – Issues and Perspectives, Information Technology and Management, v.5 n.3-4, p.271-291, July-October 2004
Duen-Ren Liu , Mei-Yu Wu , Shu-Teng Lee, Role-based authorizations for workflow systems in support of task-based separation of duty, Journal of Systems and Software, v.73 n.3, p.375-387, November-December 2004
Shih-Chien Chou , An-Feng Liu , Chien-Jung Wu, Preventing information leakage within workflows that execute among competing organizations, Journal of Systems and Software, v.75 n.1-2, p.109-123, 15 February 2005
William Tolone , Gail-Joon Ahn , Tanusree Pai , Seng-Phil Hong, Access control in collaborative systems, ACM Computing Surveys (CSUR), v.37 n.1, p.29-41, March 2005
Yuqing Sun , Peng Pan, PRES: a practical flexible RBAC workflow system, Proceedings of the 7th international conference on Electronic commerce, August 15-17, 2005, Xi'an, China
Shih-Chien Chou , Wei-Chuan Hsu , Wei-Kuang Lo, DPE/PAC: decentralized process engine with product access control, Journal of Systems and Software, v.76 n.3, p.207-219, June 2005
Jacques Wainer , Akhil Kumar , Paulo Barthelmess, DW-RBAC: A formal security model of delegation and revocation in workflow systems, Information Systems, v.32 n.3, p.365-384, May, 2007
Yahui Lu , Li Zhang , Jiaguang Sun, Task-activity based access control for process collaboration environments, Computers in Industry, v.60 n.6, p.403-415, August, 2009

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.1 Logical Design
          Subjects: Schema and subschema
      H.2.7 Database Administration
          Subjects: Security, integrity, and protection

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS


General Terms:
Design, Documentation, Languages, Management, Performance, Security, Theory

Collaborative Colleagues:
Gail-Joon Ahn: colleagues
Ravi Sandhu: colleagues
Myong Kang: colleagues
Joon Park: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player