Skip to main content
SpringerLink
Log in

A New Role-Based Authorization Model in a Corporate Workflow Systems*

  • Conference paper
Computational Science and Its Applications – ICCSA 2004 (ICCSA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Included in the following conference series:

Abstract

The Role Based Access Control (RBAC) model contains a structural representation of the enterprise organization, facilities for the administration of access control, and is extremely flexible. The traditional RBAC model can be applied to WorkFlow Management System (WFMS) well, but applying it causes some issues. Since the senior roles inherit all the permissions of the junior roles and all the permissions are accumulated for the top senior role, applying the traditional RBAC to WFMS does not meet the access control requirements: least privilege principle, Separation of Duty (SoD). This can cause problems with the misuse of rights and the opportunity to commit fraud. It can make it difficult to guarantee the integrity of the system. In order to solve these problems, we propose applying Restricted Permission Inheritance RBAC, called RPI-RBAC, to WFMS authorization. We evaluate the advantages and benefits of applying the RPI-RBAC model to WFMS authorization in design time and runtime.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Moffett, J.D.: Control principles and role hierarchies. In: Proceedings of the third ACM workshop on Role-based access control, October 1998, pp. 63–69 (1998)

    Google Scholar 

  2. Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role- Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  3. Simon, R., Zurko, M.E.: Separation of Duty in Role-based Environments. In: 10th Computer Security Foundations Workshop (CSFW 1997), June 10-12, pp. 183–194 (1997)

    Google Scholar 

  4. Moffett, J.D., Lupu, E.C.: The uses of role hierarchies in access control. In: Proceedings of the fourth ACM workshop on Role-based access control, pp. 153–160 (1999)

    Google Scholar 

  5. Ferraiolo, D.F., Richard Kuhn, D., Chandramouli, R.: Role-Based Access Control. Artech House Publishers, ISBN 1-58053-370-1

    Google Scholar 

  6. Yi, Y., Kim, M., Lee, Y., Lee, H., Noh, B.: Applying RBAC Providing Restricted Permission Inheritance to a Corporate Web Environment. In: Zhou, X., Zhang, Y., Orlowska, M.E. (eds.) APWeb 2003. LNCS, vol. 2642, pp. 287–292. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Barkely, J., Darneston, M.: Workflow Management employing Role-Based Access Control, United States Patent, Patent Number: 6,088,679, Date of Patent: July 11 (2000)

    Google Scholar 

  8. Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40 (March 2001)

    Google Scholar 

  9. Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security 2(1), 65–104 (1999)

    Article  Google Scholar 

  10. Kandala, S., Sandhu, R.: Extending the BFA Workflow Authorization Model to Ex-press Weighted Voting. In: Database Security XIII: Status and Prospects, Kluwer, Dordrecht (2000)

    Google Scholar 

  11. Ahn, G.-J., Sandhu, R., Kang, M., Park, J.: Injecting RBAC to Secure a Web-based Workflow System. In: ACM RBAC 2000 (2000)

    Google Scholar 

  12. Kern, A., Kuhlmann, M., Schaad, A., Moffett, J.: Observations on the Role Life-Cycle in the Context of Enterprise Security Management. In: SACMAT 2002 (2002)

    Google Scholar 

  13. Kuhlmann, M., Shohat, D., Schimpf, G.: Role Mining - Revealing Business Roles for Security Administration using Data Mining Technology. In: SACMAT 2003 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Div. of Information and EC, Wonkwang University, Iksan, Korea, 570-749

    HyungHyo Lee

  2. Dept. of Information Security, Chonnam National University, Gwangju, Korea, 500-757

    SeungYong Lee

  3. Dept. of Computer Science, Chonnam National University, Gwangju, Korea, 500-757

    BongNam Noh

Authors
  1. HyungHyo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. SeungYong Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. BongNam Noh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  5. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  6. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lee, H., Lee, S., Noh, B. (2004). A New Role-Based Authorization Model in a Corporate Workflow Systems*. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_82

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_82

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation