Generic support for RBAC break-glass policies in process-aware information systems

Proceedings of the ACM Symposium on Applied Computing

Volumn , Issue , 2013, Pages 1441-1446

  Schefer Wenzl, Sigrid ^a   Strembeck, Mark ^a  

^a VIENNA UNIVERSITY OF ECONOMICS AND BUSINESS   (Austria)

Author keywords

Break glass policies; Process aware information systems; Role based access control

Indexed keywords

PROCESS MODELING LANGUAGE; PROCESS-AWARE INFORMATION SYSTEMS; ROLE-BASED ACCESS CONTROL; ROLE-BASED ACCESS CONTROL MODEL; RUNTIMES;

INFORMATION SYSTEMS;

GLASS;

EID: 84877993148     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2480362.2480631     Document Type: Conference Paper

References (32)

1. Business Activity Library and Runtime Engine. Available at: http://wi.wu.ac.at/home/mark/BusinessActivities/library.html, 2012.
2. C. A. Ardagna, S. D. C. di Vimercati, S. Foresti, T. W. Grandison, S. Jajodia, and P. Samarati. Access control for smarter healthcare using policy spaces. Computers & Security, 29(8):848-858, 2010.
3. A. D. Brucker and H. Petritsch. Extending Access Control Models with Break-Glass. In Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT), 2009.
4. F. Casati, S. Ceri, S. Paraboschi, and G. Pozzi. Specification and implementation of exceptions in workflow management systems. ACM Trans. Database Syst., 24:405-451, September 1999.
5. D. K. W. Chiu, Q. Li, and K. Karlapalem. A meta modeling approach to workflow management systems supporting exception handling. Inf. Syst., 24:159-184, April 1999.
6. J. Crampton and H. Khambhammettu. Delegation and Satisfiability in Workflow Systems. In Proceedings of the 13th ACM symposium on Access control models and technologies (SACMAT), 2008.
7. D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli. Role-Based Access Control. Artech House, second edition edition, 2007.
8. A. Ferreira, D. Chadwick, P. Farinha, R. Correia, G. Zao, R. Chilro, and L. Antunes. How to Securely Break into RBAC: The BTG-RBAC Model. In Proceedings of the 2009 Annual Computer Security Applications Conference, December 2009.
9. A. Ferreira, R. Cruz-Correia, L. Antunes, P. Farinha, E. Oliveira-Palhares, D. W. Chadwick, and A. Costa-Pereira. How to Break Access Control in a Controlled Manner. In Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems, 2006.
10. C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas. Flexible Team-Based Access Control Using Contexts. In Proceedings of the sixth ACM symposium on Access control models and technologies (SACMAT), May 2001.
11. S. Marinovic, R. Craven, J. Ma, and N. Dulay. Rumpole: A Flexible Break-Glass Access Control Model. In Proceedings of the 16th ACM symposium on Access control models and technologies (SACMAT), 2011.
12. S. Nurcan. A Survey on the Flexibility Requirements Related to Business Processes and Modeling Artifacts. In Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS), January 2008.
13. S. Oh and S. Park. Task-Role-Based Access Control Model. Information Systems, 28(6), 2003.
14. D. Povey. Optimistic Security: A New Access Control Paradigm. In Proceedings of the 1999 workshop on New security paradigms (NSPW), 2000.
15. H. F. Ravi Sandhu, Edward Coyne and C. Youman. Role-Based Access Control Models. IEEE Computer, 29(2), 1996.
16. M. Reichert and P. Dadam. Adept flex-Supporting Dynamic Changes of Workflows Without Losing Control. J. Intell. Inf. Syst., 10(2), 1998.
17. M. Reichert, S. Rinderle-Ma, and P. Dadam. Flexibility in Process-Aware Information Systems. In Transactions on Petri Nets and Other Models of Concurrency II. 2009.
18. E. Rissanen, B. S. Firozabadi, and M. Sergot. Towards a Mechanism for Discretionary Overriding of Access Control. In Proceedings of the 12th International Workshop on Security Protocols, 2004.
19. N. Russell, W. M. van der Aalst, and A. H. M. T. Hofstede. Exception Handling Patterns in Process-Aware Information Systems. In International Conference on Advanced Information Systems Engineering (CAiSE), 2006.
20. S. Schefer, M. Strembeck, and J. Mendling. Checking Satisfiability Aspects of Binding Constraints in a Business Process Context. In Proc. of the BPM Workshop on Workflow Security Audit and Certification (WfSAC), 2011.
21. S. Schefer, M. Strembeck, J. Mendling, and A. Baumgrass. Detecting and Resolving Conflicts of Mutual-Exclusion and Binding Constraints in a Business Process Context. In Proc. of the 19th International Conference on Cooperative Information Systems (CoopIS), October 2011.
22. S. Schefer-Wenzl and M. Strembeck. A UML Extension for Modeling Break-Glass Policies. In 5th International Workshop on Enterprise Modelling and Information Systems Architectures (EMISA), 2012.
23. S. Schefer-Wenzl and M. Strembeck. Modeling Context-Aware RBAC Models for Business Processes in Ubiquitous Computing Environments. In Proc. of the 3rd International Conference on Mobile, Ubiquitous and Intelligent Computing (MUSIC), June 2012.
24. M. Strembeck. Scenario-Driven Role Engineering. IEEE Security & Privacy, 8(1), 2010.
25. M. Strembeck and J. Mendling. Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context. In Proc. of the 18th International Conference on Cooperative Information Systems (CoopIS), 2010.
26. M. Strembeck and J. Mendling. Modeling Process-related RBAC Models with Extended UML Activity Models. Information and Software Technology, 53(5), 2011.
27. K. Tan, J. Crampton, and C. A. Gunter. The Consistency of Task-Based Authorization Constraints in Workflow Systems. In Proceedings of the 17th IEEE workshop on Computer Security Foundations, June 2004.
28. R. K. Thomas and R. S. Sandhu. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management. In Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, August 1997.
29. W. M. P. van der Aalst, M. Rosemann, and M. Dumas. Deadline-based Escalation in Process-Aware Information Systems. Decision Support Systems, 43:492-511, March 2007.
30. J. Wainer, P. Barthelmess, and A. Kumar. W-RBAC-A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems (IJCIS), 12(4), 2003.
31. B. Weber, S. Rinderle, and M. Reichert. Change Patterns and Change Support Features in Process-Aware Information Systems. In International Conference on Advanced Information Systems Engineering (CAiSE), 2007.
32. C. Wolter, A. Schaad, and C. Meinel. Task-Based Entailment Constraints for Basic Workflow Patterns. In Proceedings of the 13th ACM symposium on Access control models and technologies (SACMAT), 2008.