Abstract
Most workflow management systems (WFMS) support a role-based distribution of work in order to respect both functional and static access control constraints. They often have an authorization system that deals with such constraints. However, few of them consider dynamic access control constraints as dynamic separation of duties (DSoD) and least privileges (LP).Respecting those dynamic constraints could produce a problem of completing a workflow instance also known as WSP (Workflow Satisfiability Problem) especially in the case of unavailability of authorized users as a result of holiday or sickness, overloading, emergencies, etc.
In this paper, we propose a new approach to bypass WSP situations while meeting –at run time- the main workflow dynamic access control requirements, precisely LP and DSoD principles. This approach is based on both delegation and priority concepts. It aims to improve access control enforcement and flexibility in WFMS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Crampton, J., Khambhammettu, H.: Delegation and satisfiability in workflow systems. In: 13th ACM SACMAT, pp. 31–40 (2008)
Wang, Q., Li, N.: Satisfiability and Resiliency in Workflow Systems. In: ESORIC 2007 (2007)
Lowalekar, M., Tiwari, R., Karlapalem, K.: Security Policy Satisfiability and Failure Resilience in Workflows. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) IFIP WG 9.2, 9.6/11.6, 11.7/FIDIS. IFIP AICT, vol. 298, pp. 197–210. Springer, Heidelberg (2009)
American national standard for information technology: Role based access control. ANSI INCITS 359 (2004)
Barka, E., Sandhu, R.: Framework for role-based delegation models. In: 16th Annual Computer Security Applications Conference, pp. 168–176. IEEE Computer Society (2000)
El Bakkali, H., Hatim, H.: RB-WAC: New approach for access control in workflows. In: 7th ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 2009), pp. 637–640 (2009)
Perelson, S., Botha, R.A.: Conflict Analysis as a Means of Enforcing Static Separation of Duty Requirements in Workflow Environments. South African Computer Journal (2000)
Wei, X., Jun, W., Yu, L., Jing, L.: SOWAC: a service-oriented workflow access control model. In: The 28th Annual International Computer Software and Applications Conference (COMPSAC), pp. 128–134 (2004)
Atluri, V., Warner, J.: Supporting conditional delegation in secure workflow management systems. In: 10th ACM symposium on Access Control Models and Technologies (SACMAT), pp. 49–58 (2005)
Wainer, J., Kumar, A., Barthelmess, P.: DW-RBAC: A formal security model of delegation and revocation in workflow systems. Information System 32(3), 365–384 (2007)
Kumar, A., Van Der Alst, W.M.P., Verbeek, H.M.W.: Dynamic Work Distribution in Workflow Management Systems: How to balance quality and performance? J. Management Information Systems 18(3), 157–194 (2002)
Delias, P., Doulamis, A., Doulamis, N., Matsatsinis, N.: Optimizing Resource Conflicts in Workflow Management Systems. IEEE Transactions on Knowledge and Data Engineering 23(3), 417–432 (2011)
WFMC, The Workflow Management Coalition. Workflow Management Coalition Terminology and Glossary, Document Number WFMCTC-1011 (1999)
Hamid, H., El Bakkali, H., Berrada, I.: Enforcing Access Control in Workflow Systems with a Task Engineering Approach. Int. J. Internet Technology and Secured Transactions (IJITST), Inderscience 4(1) (2012)
Van der Aalst, W., et al.: Modern Business Process Automation: YAWL and its support environment. Springer (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
El Bakkali, H. (2012). Bypassing Workflow Satisfiability Problem Due to Access Control Constraints. In: Benlamri, R. (eds) Networked Digital Technologies. NDT 2012. Communications in Computer and Information Science, vol 294. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30567-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-30567-2_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30566-5
Online ISBN: 978-3-642-30567-2
eBook Packages: Computer ScienceComputer Science (R0)