Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Casati, Fabioa; * | Castano, Silvanab | Fugini, Maria Graziaa
Affiliations: [a] Dipartimento di Elettronica e Informazione, Politecnico di Milano, Piazza L. Da Vinci, 32, I-20133 Milano, Italy. E-mail: [email protected] | [b] Dipartimento di Scienze dell’Informazione, Università di Milano, Via Comelico 39, I-20135 Milano, Italy. E-mail: [email protected]
Correspondence: [*] Corresponding author. Present address: Hewlett-Packard Laboratories, 1501 Page Mill Road, Palo Alto, CA 94304, USA. E-mail: [email protected].
Abstract: Workflow design involves modeling different aspects of a business process. Among these aspects, workflow design should consider also security requirements. These relate to the authorizations for the users in the organization to execute workflow tasks according to the security policies about handling business processes and workflow data. This paper presents an approach based on triggers to specify and enforce workflow authorization constraints for a flexible assignment of tasks to roles and agents. The approach has been conceived in the framework of the WIDE Workflow Management System. Authorization triggers specify when and how the set of authorizations for a given workflow should be changed and which actions should be taken by the system or by the administrator. A basic set of triggers is provided enforcing security policies common to workflow systems, such as need-to-know and task confinement. Methodological issues related to trigger design for a given workflow application are discussed and an approach based on authorization patterns is illustrated. The paper shows how authorization patterns can be instantiated into triggers and briefly discusses aspects related to the analysis of a set of authorization triggers defined for a given workflow application.
Keywords: Authorization constraints, workflow systems, triggers, authorization patterns
DOI: 10.3233/JCS-1998-6403
Journal: Journal of Computer Security, vol. 6, no. 4, pp. 257-285, 1998
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]