ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A Chinese wall security model for decentralized workflow systems
Full text PdfPdf (256 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 8th ACM conference on Computer and Communications Security table of contents
Philadelphia, PA, USA
Session: Access Control table of contents
Pages: 48 - 57  
Year of Publication: 2001
ISBN:1-58113-385-5
Authors
Vijayalakshmi Atluri  Rutgers University, Newark, NJ
Soon Ae Chun  Rutgers University, Newark, NJ
Pietro Mazzoleni  Universita Di Milano, Milan, Italy
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 13,   Downloads (12 Months): 70,   Citation Count: 12
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/501983.501991
What is a DOI?

ABSTRACT

Workflow systems are gaining importance as an infrastructure for automating inter-organizational interactions, such as those in Electronic Commerce. Execution of inter-organiz-ational workflows may raise a number of security issues including those related to conflict-of-interest among competing organizations. Moreover, in such an environment, a centralized Workflow Management System is not desirable because: (i) it can be a performance bottleneck, and (ii) the systems are inherently distributed, heterogeneous and autonomous in nature. In this paper, we propose an approach to realize decentralized workflow execution, in which the workflow is divided into partitions called self-describing workflows, and handled by a light weight workflow management component, called workflow stub, located at each organizational agent. We argue that placing the task execution agents that belong to the same conflict-of-interest class in one self-describing workflow may lead to unfair, and in some cases, undesirable results, akin to being on the wrong side of the Chinese wall. We propose a Chinese wall security model for the decentralized workflow environment to resolve such problems, and a restrictive partitioning solution to enforce the proposed model.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Nabil R. Adam , Vijayalakshmi Atluri , Wei-Kuang Huang, Modeling and Analysis of Workflows Using Petri Nets, Journal of Intelligent Information Systems, v.10 n.2, p.131-158, March/April 1998  [doi>10.1023/A:1008656726700]
 
2
G.Alonso,D.Agrawal,A.El Abbadi,C.Mohan, R.Gunthor,and M.Kamath.EXotica/FMQM:A Persistent Message-Based Architecture for Distributed Work .ow Management.In Proceedings of the IFIP WG8.1 Working Conference on Information Systems for Decentralized Organizations Trondheim,August 1995.
 
3
Vijay Atluri,Soon Ae Chun,and Pietro Mazzoleni.A chinese wall security model for decentralized work .ow systems.Cimic-technical report,MSIS Department, CIMIC-Rut ers University,November 2000.
4
Elisa Bertino , Elena Ferrari , Vijayalakshmi Atluri, A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems, Proceedings of the second ACM workshop on Role-based access control, p.1-12, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266746]
 
5
D.F.C.Brewer and M.J.Nash.The chinese wall security policy.In Proceedings of IEEE Symposium on Security and Privacy pages 206 -214,1989.
 
6
S.Das,K.Kochut,J.Miller,A.Sheth,and D.Worah. ORBWork:A Reliable Distributed CORBA-based Work .ow Enactment System for METEOR 2 Technical Report UGA-CS-TR-97-001,University of Georgia,February 1997.
 
7
Richard Drews Dean , Andrew Appel, Formal aspects of mobile code security, 1999
 
8
William M.Farmer,Joshua D.Guttman,and Vipin Swarup.Security for Mobile Agents:Issues and Requirements.In Proceedings of the 19th National Information Systems Security Conference pages 591 -597,1995.
 
9
Dimitrios Georgakopoulos , Mark Hornick , Amit Sheth, An overview of workflow management: from process modeling to workflow automation infrastructure, Distributed and Parallel Databases, v.3 n.2, p.119-153, April 1995  [doi>10.1007/BF01277643]
 
10
Peter Muth , Dirk Wodtke , Jeanine Weissenfels , Angelika Kotz Dittrich , Gerhard Weikum, From Centralized Workflow Specification to Distributed WorkflowExecution, Journal of Intelligent Information Systems, v.10 n.2, p.159-184, March/April 1998  [doi>10.1023/A:1008608810770]
11
Andrew C. Myers, JFlow: practical mostly-static information flow control, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.228-241, January 20-22, 1999, San Antonio, Texas, United States  [doi>10.1145/292540.292561]
 
12
Andrew C. Myers , Barbara Liskov, Mostly-static decentralized information flow control, 1999
 
13
Marek Rusinkiewicz , Amit Sheth, Specification and execution of transactional workflows, Modern database systems: the object model, interoperability, and beyond, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
 
14
Marek Rusinkiewicz , Amit Sheth , George Karabatis, Specifying Interdatabase Dependencies in a Multidatabase Environment, Computer, v.24 n.12, p.46-53, December 1991  [doi>10.1109/2.116888]
 
15
Ravi S.Sandhu.A Lattice Interpretation of the Chinese Wall Policy.In Proc. 15th NIST-NCSC Computer Security Conf.,pages 329 -339,Washington, D.C.,October 1992.
 
16
Mobile Agents and Security, January 1998
 
17
DanSethWallach.A New Approach to Mobile Security PhD thesis,Computer Science Department, Princeton University,1999.
 
18
Dirk Wodtke , Gerhard Weikum, A Formal Foundation for Distributed Workflow Execution Based on State Charts, Proceedings of the 6th International Conference on Database Theory, p.230-246, January 08-10, 1997

CITED BY  12
Sushil Jajodia , Duminda Wijesekera, Recent advances in access control models, Proceedings of the fifteenth annual working conference on Database and application security, p.3-15, July 15-18, 2001, Niagara, Ontario, Canada
Duen-Ren Liu , Mei-Yu Wu , Shu-Teng Lee, Role-based authorizations for workflow systems in support of task-based separation of duty, Journal of Systems and Software, v.73 n.3, p.375-387, November-December 2004
Mangala Gowri Nanda , Neeran Karnik, Synchronization analysis for decentralizing composite Web services, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
Shih-Chien Chou , An-Feng Liu , Chien-Jung Wu, Preventing information leakage within workflows that execute among competing organizations, Journal of Systems and Software, v.75 n.1-2, p.109-123, 15 February 2005
Soon Ae Chun , Vijayalakshmi Atluri , Nabil R. Adam, Dynamic composition of workflows for customized eGovernment service delivery, Proceedings of the 2002 annual national conference on Digital government research, p.1-7, May 19-22, 2002, Los Angeles, California
Jon A. Solworth, Approvability, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
Eldon Y. Li , Timon C. Du , Jacqueline W. Wong, Access control in collaborative commerce, Decision Support Systems, v.43 n.2, p.675-685, March, 2007
Yasuharu Katsuno , Yuji Watanabe , Sanehiro Furuichi , Michiharu Kudo, Chinese-wall process confinement for practical distributed coalitions, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Wei Tan , Yushun Fan, Dynamic workflow model fragmentation for distributed execution, Computers in Industry, v.58 n.5, p.381-391, June, 2007
Mohamed Shehab , Kamal Bhattacharya , Arif Ghafoor, Web services discovery in secure collaboration environments, ACM Transactions on Internet Technology (TOIT), v.8 n.1, p.5-es, November 2007
Mohamed Shehab , Elisa Bertino , Arif Ghafoor, Workflow authorisation in mediator-free environments, International Journal of Security and Networks, v.1 n.1/2, p.2-12, September 2006
Meng Yu , Peng Liu , Wanyu Zang, The implementation and evaluation of a recovery system for workflows, Journal of Network and Computer Applications, v.32 n.1, p.158-183, January, 2009

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.4 Electronic Commerce
          Subjects: Electronic data interchange (EDI)

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.4 Systems
          Subjects: Distributed databases
  H.4 INFORMATION SYSTEMS APPLICATIONS
      H.4.1 Office Automation
          Subjects: Workflow management


General Terms:
Algorithms, Design, Security


Keywords:
Chinese wall security policy, decentralized workflow execution, self-describing workflow

Collaborative Colleagues:
Vijayalakshmi Atluri: colleagues
Soon Ae Chun: colleagues
Pietro Mazzoleni: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player