Flexible model supporting the specification and enforcement of role-based authorizations in workflow management systems

Elisa Bertino, Elena Ferrari, Vijayalakshmi Atluri

Research output: Contribution to conferencePaperpeer-review

72 Scopus citations

Abstract

In recent years, workflow management systems (WFMSs) have gained popularity both in research as well as in commercial sectors. WFMSs are used to coordinate and streamline business processes of an organization. Often, very large WFMSs are used in organizations with users in the range of several thousands and number of process instances in the range of tens of thousands. To simplify the complexity of security administration, it is a common practice in many business organizations to allocate a role to perform each activity in the process and then assign one or more users to each role, and granting an authorization to roles rather than to users. Typically the security policies of the organization are expressed as constraints on users and roles, a well-known constraint is separation of duties. Unfortunately, current role-based access control models are not adequate to model such constraints. To address this issue, in this paper, (1) we present a language to express authorization constraints as clauses in a logic program, (2) provide formal notions of constraint consistency, and (3) propose algorithms to check for the consistency of the constraints and to assign roles and users to the workflow tasks in such a way that no constraints are violated.

Original languageEnglish (US)
Pages1-12
Number of pages12
StatePublished - 1997
Externally publishedYes
EventProceedings of the 1997 2nd ACM Workshop on Role-Based Access Control - Fairfax, VA, USA
Duration: Nov 6 1997Nov 7 1997

Other

OtherProceedings of the 1997 2nd ACM Workshop on Role-Based Access Control
CityFairfax, VA, USA
Period11/6/9711/7/97

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Flexible model supporting the specification and enforcement of role-based authorizations in workflow management systems'. Together they form a unique fingerprint.

Cite this