Abstract
Workflow technology is often employed by organizations to automate their day-to-day business processes. The primary advantage of adopting workflow technology is to separate the business policy from the business applications so that flexibility and maintainability of business process reengineering can be enhanced. Today's workflows are not necessarily bound to a single organization, but may span multiple organizations where the tasks within a workflow are executed by different organizations. In order to execute a workflow in a secure and correct manner, one must ensure that only authorized users should be able to gain access to the tasks of the workflow and resources managed by them. This can be accomplished by synchronizing the access control with the specified control flow dependencies among tasks. Without such synchronization, a user may still hold privileges to execute a task even after its completion, which may have adverse effects on security. In addition, the assignment of authorized users to tasks should respect the separation of duty constraints specified to limit the fraud. Another challenging issue in dealing with workflows spanning multiple organizations is to ensure their secure execution while considering conflictof-interest among these organizations. Another issue that is of theoretical interest is the safety analysis of the proposed authorization models and their extension in this area. In this book chapter, we review all the above security requirements pertaining to workflow systems, and discuss the proposed solutions to meet these requirements.
| Original language | English (US) |
|---|---|
| Title of host publication | Handbook of Database Security |
| Subtitle of host publication | Applications and Trends |
| Publisher | Springer US |
| Pages | 213-230 |
| Number of pages | 18 |
| ISBN (Print) | 9780387485324 |
| DOIs | |
| State | Published - 2008 |
All Science Journal Classification (ASJC) codes
- General Computer Science