Filters








1,472 Hits in 10.1 sec

Role-based authorizations for workflow systems in support of task-based separation of duty

Duen-Ren Liu, Mei-Yu Wu, Shu-Teng Lee
2004 Journal of Systems and Software  
Different from existing work, the proposed authorization model considers the AND/XOR split structures of workflows and execution dependency among tasks to enforce separation of duties in assigning tasks  ...  The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors.  ...  Acknowledgement The authors would like to thank the National Science Council of the Republic of China for financially supporting this research under contract no.  ... 
doi:10.1016/s0164-1212(03)00175-4 fatcat:zeujofklarhjzi23qq54azmezu

Specifying Separation of Duty Constraints in BPEL4People Processes [chapter]

Jan Mendling, Karsten Ploesser, Mark Strembeck
2008 Lecture Notes in Business Information Processing  
Moreover, we identify and discuss shortcomings of the BPEL4People specifications that complicate and/or impede separation of duty enforcement.  ...  In particular, we discuss the importance of "separation of duty" constraints and identify options to specify such constraints in BPEL4People processes.  ...  Moreover, in workflow environments it is of central significance that separation of duty constraints can also be defined and enforced on the level of tasks (see, e.g., [7] ).  ... 
doi:10.1007/978-3-540-79396-0_24 fatcat:5djo4njfyjainmqjkhl5czw4na

Security Policies in Distributed CSCW and Workflow Systems

Tanvir Ahmed, Anand R. Tripathi
2010 IEEE transactions on systems, man and cybernetics. Part A. Systems and humans  
Research challenges of role based access control models for security policies in distributed CSCW and workflow systems are presented.  ...  Lastly, current concerns in security policy enforcement mechanisms in these decentralized systems are discussed.  ...  Identity based separation-of-duties: Enforcement of "separation of duties" policies may require information, such as users' identities, that are acquired from sources outside the policy enforcement mechanisms  ... 
doi:10.1109/tsmca.2010.2046727 fatcat:ysjm5nn5hjeehpfa7k3xbmja64

A flexible policy-based access control model for Workflow Management Systems

Gang Ma, Kehe Wu, Tong Zhang, Wei Li
2011 2011 IEEE International Conference on Computer Science and Automation Engineering  
Access control is crucial to security management in WFMSs. A novel dynamic policy-based access control model for WFMSs called PAWF is presented to satisfy the particular requirements of WFMSs.  ...  In recent years, more and more attentions have been paid on the security of Workflow Management Systems (WFMSs) for its importance both in research and commercial realms.  ...  C.Separation of duty relations Separation of duty relations is a common approach to enforce conflict of interest policies in a workflow that may cause information misuse and fraudulent activities.  ... 
doi:10.1109/csae.2011.5952526 fatcat:gt4sa6kc5be6tpiqk34kd3k5bm

Function-Based Authorization Constraints Specification and Enforcement

Wei Zhou, Christoph Meinel
2007 Third International Symposium on Information Assurance and Security  
On the other hand, the early research effort mainly concentrates on separation of duty.  ...  This approach goes beyond the well known separation of duty constraints, and considers many aspects of entity relation constraints.  ...  Another user-user conflict separation of duty  ... 
doi:10.1109/ias.2007.40 dblp:conf/IEEEias/ZhouM07 fatcat:jl5y5wuzyffbhh3rn5jogum7he

Specifying and enforcing constraints in role-based access control

Jason Crampton
2003 Proceedings of the eighth ACM symposium on Access control models and technologies - SACMAT '03  
We discuss the enforcement of constraints and the relationship between static, dynamic and historical separation of duty constraints.  ...  Constraints in access control in general and separation of duty constraints in particular are an important area of research.  ...  One of the best known requirements for separation of duty is embodied in the Chinese Wall model [5] , in which access to documents that could result in a commercial conflict of interest is strictly controlled  ... 
doi:10.1145/775412.775419 dblp:conf/sacmat/Crampton03 fatcat:aj3uzg3yknd5bht4n7y7onxwv4

Specifying and enforcing constraints in role-based access control

Jason Crampton
2003 Proceedings of the eighth ACM symposium on Access control models and technologies - SACMAT '03  
We discuss the enforcement of constraints and the relationship between static, dynamic and historical separation of duty constraints.  ...  Constraints in access control in general and separation of duty constraints in particular are an important area of research.  ...  One of the best known requirements for separation of duty is embodied in the Chinese Wall model [5] , in which access to documents that could result in a commercial conflict of interest is strictly controlled  ... 
doi:10.1145/775418.775419 fatcat:gkbruee435hozjc5c5y6r6u2oe

Security for Workflow Systems

Vijay Atluri
2001 Information Security Technical Report  
Separation of duties is a principle often applied in everyday life; e.g., opening a safe requires two keys, held by different individuals, approval of a business trip requires approval of the department  ...  In this chapter, we highlight the security requirements of workflow systems and discuss authorization, separation of duties, authentication and anonymity at length.  ... 
doi:10.1016/s1363-4127(01)00207-2 fatcat:ivpa5blkgzcbvbo34pou5fmw4e

A lightweight approach to specification and analysis of role-based access control extensions

Andreas Schaad, Jonathan D. Moffett
2002 Proceedings of the seventh ACM symposium on Access control models and technologies - SACMAT '02  
However, the simultaneous integration of these extensions can cause conflicts in a later system implementation.  ...  We demonstrate how we use the Alloy language for the specification of a conflict-free rolebased system.  ...  As we can see in figure 13 , workflow W0 requires two permissions P1, P2.  ... 
doi:10.1145/507711.507714 dblp:conf/sacmat/SchaadM02 fatcat:yg7xr7ugjrf3znpozpfqxky4qy

A lightweight approach to specification and analysis of role-based access control extensions

Andreas Schaad, Jonathan D. Moffett
2002 Proceedings of the seventh ACM symposium on Access control models and technologies - SACMAT '02  
However, the simultaneous integration of these extensions can cause conflicts in a later system implementation.  ...  We demonstrate how we use the Alloy language for the specification of a conflict-free rolebased system.  ...  As we can see in figure 13 , workflow W0 requires two permissions P1, P2.  ... 
doi:10.1145/507712.507714 fatcat:reo26ocdxfan3gxibrvhedlute

A case study of separation of duty properties in the context of the Austrian "eLaw" process

Andreas Schaad, Pascal Spadone, Helmut Weichsel
2005 Proceedings of the 2005 ACM symposium on Applied computing - SAC '05  
called separation of duties.  ...  We present a detailed system and workflow representation referring to the example process of changing a federal law in Austria.  ...  Static Separation of Duties a) (Simple) Static Separation of Duties: A principal may not be a member of any two exclusive roles.  ... 
doi:10.1145/1066677.1066976 dblp:conf/sac/SchaadSW05 fatcat:c2oaexrx6jewzlnygkd2fetjgu

Analysis of Healthcare Workflows in Accordance with Access Control Policies

Sandeep Lakaraju, Dianxiang Xu, Yong Wang
2016 International Journal of Healthcare Information Systems and Informatics  
There are three types of authorization constraints that we consider here, in regards to workflows: static authorizations, dynamic Separation of Duties, and dynamic Binding of Duties.  ...  Following that, binding of duty constraints and separation of duty constraints can be validated as discussed in chapter 3 for any obstructions in the workflow instances.  ... 
doi:10.4018/ijhisi.2016010101 fatcat:yvn7s6keobb5hpcopwsdosnsyu

A dynamic access control model using authorising workflow and task-role based access control

Mumina Uddin, Shareeful Islam
2019 IEEE Access  
The current access control models are static and lack of Dynamic Segregation of Duties (SoD), Task instance level of Segregation and decision making in real time.  ...  the dynamic access control requirements and enforce the access control rules for real time decision making to mitigate risk relating to access control such as escalation of privilege in broken access  ...  IT workflow task require static and dynamic SoD for its statements.  ... 
doi:10.1109/access.2019.2947377 fatcat:2bhd7dzlarce3kwa6u62kbsrpi

Separation of duties as a service

David Basin, Samuel J. Burri, Günter Karjoth
2011 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11  
We introduce the concept of Separation of Duties (SoD) as a Service, a new approach to enforce SoD requirements on workflows and thereby prevent fraud and errors.  ...  SoD as a Service facilitates a separation of concern between business experts and security professionals.  ...  Separation of Duty Algebra Li and Wang's separation of duty algebra (SoDA) describes SoD constraints independent of workflows.  ... 
doi:10.1145/1966913.1966972 dblp:conf/ccs/BasinBK11 fatcat:urodyxjce5cq5oq7utn4npxo5q

A Review of Delegation and Break-Glass Models for Flexible Access Control Management [chapter]

Sigrid Schefer-Wenzl, Helena Bukvova, Mark Strembeck
2014 Lecture Notes in Business Information Processing  
Access control models provide an important means for the systematic specification and management of the permissions in a business information system.  ...  In our literature review, we revealed different ways of providing delegation and break-glass concepts in general as well as in the context of business process management.  ...  Support for entailment constraints is limited to static separation of duty constraints.  ... 
doi:10.1007/978-3-319-11460-6_9 fatcat:a7hvpr3cnfec3dn5kbvyisklam
« Previous Showing results 1 — 15 out of 1,472 results