Bypassing Workflow Satisfiability Problem Due to Access Control Constraints

El Bakkali, Hanan

doi:10.1007/978-3-642-30567-2_15

Hanan El Bakkali²

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 294))

Included in the following conference series:

International Conference on Networked Digital Technologies

1012 Accesses

Abstract

Most workflow management systems (WFMS) support a role-based distribution of work in order to respect both functional and static access control constraints. They often have an authorization system that deals with such constraints. However, few of them consider dynamic access control constraints as dynamic separation of duties (DSoD) and least privileges (LP).Respecting those dynamic constraints could produce a problem of completing a workflow instance also known as WSP (Workflow Satisfiability Problem) especially in the case of unavailability of authorized users as a result of holiday or sickness, overloading, emergencies, etc.

In this paper, we propose a new approach to bypass WSP situations while meeting –at run time- the main workflow dynamic access control requirements, precisely LP and DSoD principles. This approach is based on both delegation and priority concepts. It aims to improve access control enforcement and flexibility in WFMS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Crampton, J., Khambhammettu, H.: Delegation and satisfiability in workflow systems. In: 13th ACM SACMAT, pp. 31–40 (2008)
Google Scholar
Wang, Q., Li, N.: Satisfiability and Resiliency in Workflow Systems. In: ESORIC 2007 (2007)
Google Scholar
Lowalekar, M., Tiwari, R., Karlapalem, K.: Security Policy Satisfiability and Failure Resilience in Workflows. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) IFIP WG 9.2, 9.6/11.6, 11.7/FIDIS. IFIP AICT, vol. 298, pp. 197–210. Springer, Heidelberg (2009)
Chapter Google Scholar
American national standard for information technology: Role based access control. ANSI INCITS 359 (2004)
Google Scholar
Barka, E., Sandhu, R.: Framework for role-based delegation models. In: 16th Annual Computer Security Applications Conference, pp. 168–176. IEEE Computer Society (2000)
Google Scholar
El Bakkali, H., Hatim, H.: RB-WAC: New approach for access control in workflows. In: 7th ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 2009), pp. 637–640 (2009)
Google Scholar
Perelson, S., Botha, R.A.: Conflict Analysis as a Means of Enforcing Static Separation of Duty Requirements in Workflow Environments. South African Computer Journal (2000)
Google Scholar
Wei, X., Jun, W., Yu, L., Jing, L.: SOWAC: a service-oriented workflow access control model. In: The 28th Annual International Computer Software and Applications Conference (COMPSAC), pp. 128–134 (2004)
Google Scholar
Atluri, V., Warner, J.: Supporting conditional delegation in secure workflow management systems. In: 10th ACM symposium on Access Control Models and Technologies (SACMAT), pp. 49–58 (2005)
Google Scholar
Wainer, J., Kumar, A., Barthelmess, P.: DW-RBAC: A formal security model of delegation and revocation in workflow systems. Information System 32(3), 365–384 (2007)
Article Google Scholar
Kumar, A., Van Der Alst, W.M.P., Verbeek, H.M.W.: Dynamic Work Distribution in Workflow Management Systems: How to balance quality and performance? J. Management Information Systems 18(3), 157–194 (2002)
Google Scholar
Delias, P., Doulamis, A., Doulamis, N., Matsatsinis, N.: Optimizing Resource Conflicts in Workflow Management Systems. IEEE Transactions on Knowledge and Data Engineering 23(3), 417–432 (2011)
Article Google Scholar
WFMC, The Workflow Management Coalition. Workflow Management Coalition Terminology and Glossary, Document Number WFMCTC-1011 (1999)
Google Scholar
Hamid, H., El Bakkali, H., Berrada, I.: Enforcing Access Control in Workflow Systems with a Task Engineering Approach. Int. J. Internet Technology and Secured Transactions (IJITST), Inderscience 4(1) (2012)
Google Scholar
Van der Aalst, W., et al.: Modern Business Process Automation: YAWL and its support environment. Springer (2010)
Google Scholar

Download references

Author information

Authors and Affiliations

Université Mohammed V – Souissi, ENSIAS, ISeRT Team, Morocco
Hanan El Bakkali

Authors

Hanan El Bakkali
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Software Engineering, Faculty of Engineering, Lakehead University, 955 Oliver Rd., P7B 5E1, Thunder Bay, Ontario, Canada
Rachid Benlamri

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

El Bakkali, H. (2012). Bypassing Workflow Satisfiability Problem Due to Access Control Constraints. In: Benlamri, R. (eds) Networked Digital Technologies. NDT 2012. Communications in Computer and Information Science, vol 294. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30567-2_15

Download citation

DOI: https://doi.org/10.1007/978-3-642-30567-2_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30566-5
Online ISBN: 978-3-642-30567-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics