Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Types for task-based access control in workflow systems

Types for task-based access control in workflow systems

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Add to cart
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)
Add to cart

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Software — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

  • Author(s): Y. Lu 1 ; L. Zhang 2 ; J. Sun 2
    • View affiliations
    • Affiliations: 1: College of Software, Shenzhen University, Shenzhen, People's Republic of China
      2: Key Laboratory for Information Security of Ministry of Education, School of Software, Tsinghua University, Beijing, People's Republic of China
  • Source: Volume 2, Issue 5, October 2008, p. 461 – 473
    DOI:  10.1049/iet-sen:20070098 , Print ISSN 1751-8806, Online ISSN 1751-8814
© The Institution of Engineering and Technology
Published

Task-based access control (TBAC) is a flexible security mechanism, which has been widely implemented in workflow management systems. In TBAC, permissions are assigned to tasks and users can only obtain the permissions during the execution of tasks. The authors aim at developing a method for formalising and analysing security properties of workflow systems under TBAC policy. To achieve this goal, the authors first present WFPI, workflow π-calculus. By adding task execution and submission primitives, and tagging each agent with its executing and distributing tasks, WFPI can flexibly represent the concepts and elements in workflow systems. Then, based on WFPI, a type system is proposed to ensure that the well-typed workflow systems can abide by the TBAC policy at run time, by avoiding run-time access violations. To the best of one's knowledge, the present research is the first attempt to study workflow access control by process calculus and types.

Inspec keywords: workflow management software; task analysis; type theory; pi calculus; authorisation

Other keywords: task-based access control; security mechanism; workflow security policy; type system; TBAC policy; task execution; WFPI-workflow π-calculus; workflow management system; run-time access violation avoidance

Subjects: Office automation; Data security; Formal languages and computational linguistics

References

    1. 1)
      • J. Parrow , J.A. Bergstra , A. Ponse , S.A. Smolka . (2001) An introduction to the Pi calculus, Handbook of process algebra.
    2. 2)
    3. 3)
      • Knorr, K.: `Dynamic access control through Petri net workflows', Proc. 16th Annual Computer Security Applications Conf., December 2000, New Orleans, p. 159–167.
    4. 4)
      • W. Sadiq , M.E. Orlowska . Analyzing process models using graph reduction techniques. Inf. Syst. , 2 , 117 - 134
    5. 5)
      • W.M.P.V.D. Aalst . The application of Petri nets to workflow management. J. Circuits Syst. Comput. , 1 , 21 - 26
    6. 6)
      • V. Atluri , W.K. Huang . A Petri net based safety analysis of workflow authorization models. J. Comput. Secur. , 1 - 13
    7. 7)
    8. 8)
      • Atluri, V., Huang, W.K.: `An authorization model for workflows', Proc. 5th European Symp. on Research in Computer Security, September 1996, Rome, Italy, p. 44–64.
    9. 9)
      • R. Milner , J. Parrow , D. Walker . A calculus of mobile processes. J. Inf. Comput. , 1 , 1 - 77
    10. 10)
      • D. Sangiorgi , D. Walker . (2001) The Pi-Calculus: a theory of mobile processes.
    11. 11)
      • Puhlmann, F., Weske, M.: `Using the Pi-Calculus for formalizing workflow patterns', 3rdInt. Conf. Business Process Management, September 2005, Nancy, p. 153–168.
    12. 12)
      • `Workflow security considerations-white paper', WF-TC-1019:, February 1998.
    13. 13)
    14. 14)
      • `Workflow management coalition: the workflow reference model', WF-TC00-1003:, January 1995.
    15. 15)
      • Cardelli, L., Ghelli, G., Gordon, A.D.: `Secrecy and group creation', Proc. 11th Int. Conf. Concurrency Theory, August 2000, PA, USA, p. 365–379.
    16. 16)
    17. 17)
      • C. Braghin , D. Gorla , V. Sassone . A distributed calculus for role-based access control. J. Comput. Secur. , 2 , 113 - 155
    18. 18)
      • S. Oh , S. Park . Task role based access control models. Inf. Syst. , 6 , 533 - 562
    19. 19)
      • Y. Dong , S.S. Zhang . Approach for workflow modeling using Pi-Calculus. J. Zhejiang Univ. Sci. , 6 , 643 - 650
    20. 20)
      • Thomas, R.K., Sandhu, R.S.: `Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management', Proc. IFIP WG11.3 Workshop on Database Security, August 1997, Vancouver, Canada, p. 166–181.
    21. 21)
      • Bugliesi, M., Colazzo, D., Crafa, S.: `Type based discretionary access control', Proc. 15th Int. Conf. Concurrency Theory, September 2004, London, UK, p. 225–239.
    22. 22)
      • `Web Services Business Process Execution Language (WS-BPEL)', Version 2.0, January 2007.
    23. 23)
      • Padget, J.A., Bradford, R.J.: `A Pi-Calculus model of a Spanish fish market – preliminary report', 1stInt. Workshop on Agent Mediated Electronic Trading, May 1998, Minneapolis, USA, p. 166–188.
    24. 24)
      • B.C. Pierce . (2002) Types and programming languages.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-sen_20070098
Loading

Related content

content/journals/10.1049/iet-sen_20070098
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address