DW-RBAC: A formal security model of delegation and revocation in workflow systems

Information Systems

Volumn 32, Issue 3, 2007, Pages 365-384

  Wainer, Jacques ^a   Kumar, Akhil ^b   Barthelmess, Paulo ^c  

^a UNIVERSITY OF CAMPINAS   (Brazil)

^b PENNSYLVANIA STATE UNIVERSITY   (United States)

^c OREGON HEALTH AND SCIENCE UNIVERSITY   (United States)

Author keywords

Access control; Delegation; Role based access control; Security; Workflow

Indexed keywords

INFORMATION MANAGEMENT; MATHEMATICAL MODELS; SOCIETIES AND INSTITUTIONS; SPECIFICATIONS;

ACCESS CONTROL; DELEGATION; ROLE BASED ACCESS CONTROL (RBAC); WORKFLOW SYSTEMS;

SECURITY SYSTEMS;

EID: 33751436350     PISSN: 03064379     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.is.2005.11.008     Document Type: Article

References (33)

1. Sandhu R., Coyne E., Feinstein H., and Youman C. Role-based access control models. IEEE Comput. 29 2 (1996) 38-47
2. E.S. Barka, R. Sandhu, Framework for role-based delegation models, in: 16th Annual Computer Security Applications Conference, December 2000. http://www.acsac.org/2000/abstracts/34.html.
3. E.S. Barka, R. Sandhu, A role-based delegation model and some extensions, in: 23rd National Information Systems Security Conference, October 2000. http://csrc.nist.gov/nissc/2000/proceedings/papers/021.pdf.
4. Yao W., Moody K., and Bacon J. A model of oasis role-based access control and its support for active security. Proceedings of Sixth ACM Symposium on Access Control Models and Technologies, SACMAT 2001 (2001) 171-181
5. C. Ramaswamy, and R. Sandhu. Role-based access control features in commercial database management systems. National Information Systems Security Conference (1998)
6. Wainer J., Kumar A., and Barthelmess P. WRBAC-a workflow security model incorporating controlled overriding of constraints. Int. J. Coop. Inf. Syst. 12 4 (2003) 455-486
7. Wainer J., and Kumar A. A fine-grained, controllable, user-to-user delegation method in RBAC. Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT 05) (2005)
8. Bertino E., Ferrari E., and Atluri V. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2 1 (1999) 65-104
9. Kumar A., van der Aalst W.M.P., and Verbeek H.M.W. Dynamic work distribution in workflow management systems: how to balance quality and performance?. J. MIS 18 3 (2002) 157-193
10. G. Baggio, J. Wainer, and C. Ellis. Applying scheduling techniques to minimize the number of late jobs in workflow systems. SAC '04: Proceedings of the 2004 ACM symposium on Applied computing (2004), ACM Press, New York, NY 1396-1403
11. V. Atluri, and A. Gal. An authorization model for temporal and derived data: securing information portals. ACM Trans. Inf. Syst. Secur. 5 1 (2002) 62-94
12. X. Zhang, S. Oh, R. Sandhu, in: PBDM: a flexible delegation model in RBAC, SACMAT '03: Proceedings of the Eighth ACM symposium on Access Control Models and Technologies, ACM Press, New York, 2003, pp.149-157.
13. Zhang L., Ahn G.-J., and Chu B.-T. A rule-based framework for role-based delegation and revocation. ACM Trans. Inf. Syst. Secur. 6 3 (2003) 404-441
14. C. Ruan, V. Varadharajan, Resolving conflicts in authorization delegations, in: Seventh Australian Conference on Information Security and Privacy, Lecture Notes in Computer Science, vol. 2384, Springer, Berlin, 2002, pp.271-285.
15. J. Bacon, K. Moody, and W. Yao. A model of oasis role-based access control and its support for active security. ACM Trans. Inf. Syst. Secur. 5 4 (2002) 492-540
16. J.S. Park, Y.L. Lee, H.H. Lee, B.N. Noh, A role-based delegation model using role hierarchy supporting restricted permission inheritance, in: Proceedings of the International Conference on Security and Management, SAM '03, 2003, CSREA Press, pp.294-302.
17. Tamassia R., Yao D., and Winsborough W.H. Role-based cascaded delegation. Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies (2004), ACM 146-155
18. W. Yao, Fidelis: a policy-driven trust management framework, in: Trust management, First International Conference, iTrust, Lecture Notes in Computer Science, vol. 2692, Springer, Berlin, 2003, pp.301-317.
19. Bandmann O.L., Firozabadi B.S., and M. Dam. Constrained delegation. IEEE Symposium on Security and Privacy (2002) 131-142
20. Bertino E., Ferrari E., and Atluri V. A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems. Proceedings of the Second ACM workshop on Role-Based Access Control (1997) 1-12
21. Castano S., Casati F., and Fugini M. Managing workflow authorization constraints through active database technology. Inf. Syst. Front. 3 3 (2001)
22. V. Atluri, W-K. Huang, An authorization model for workflows, in: Proceedings of the Fifth European Symposium on Research in Computer Security, Lecture Notes in Computer Science, vol. 1146, Springer, Berlin, 1996, pp.44-64.
23. V. Atluri, W-K. Huang, A petri net based safety analysis of workflow authorization models, J. Comput. Secur. 8 (2/3) (1999).
24. Huang W.-K., and Atluri V. Secureflow: a secure web-enabled workflow management system. Proceedings of the Fourth ACM Workshop on Role-Based Access Control on Role-Based Access Control (1999) 83-94
25. Hung P.C.K., Karlapalem K., and Gray III J.W. A study of least privilege in CapBasED-AMS. Proceedings of the Third IFCIS International Conference on Cooperative Information Systems (1998) 208-217
26. Karpalem K., and Hung P. Security enforcement in activity management systems. NATO Advanced Study Institute (Ed.), Advances in Workflow Management Systems and Interoperability (1997) 166-194
27. Herrmann G., and Pernul G. Viewing business-process security from different perspectives. Int. J. Electron. Commer. 3 3 (1999) 89-103
28. Herrmann G. Security and integrity requirements of business processes-analysis and approach to support their realisation. Proceedings of CAiSE*99 Sixth Doctoral Consortium on Advanced Information Systems Engineeering (1999) 36-47
29. J.A. Miller, M. Fan, S. Wu, I.B. Arpinar, A.P. Sheth, K.J. Kochut, Security for the meteor workflow management system, Uga-cs-lsdis Technical Report, University of Georgia, 1999.
30. S. Wu, Task and role combined access control model for workflow system, Uga-lsdis, University of Georgia, 1999.
31. G.-J. Ahn, R. Sandhu, M.H. Kang, J.S. Park, Injecting RBAC to secure a web-based workflow system, in: Fifth ACM Workshop on Role-Based Access Control, Berlin, Germany, July 2000. http://citeseer.nj.nec.com/ahn00injecting.html.
32. Kumar A. A framework for handling delegation in workflow management systems. Proceedings of Workshop on Information Technologies (1999)
33. V. Atluri, E. Bertino, E. Ferrari, P. Mazzoleni, Supporting delegation in secure workflow management systems, in: IFIP WG 11.3 Conference on Data and Application Security, 2003.