Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Gudes, Ehuda | Olivier, Martin S.b | van de Riet, Reind P.c
Affiliations: [a] Department of Mathematics and Computer Science, Ben-Gurion University, Beer-Sheva, Israel. E-mail: [email protected] | [b] Department of Computer Science, Rand Afrikaans University, Johannesburg, South Africa. E-mail: [email protected] | [c] Department of Mathematics and Computer Science, Vrije Universiteit, Amsterdam. E-mail: [email protected]
Abstract: Workflow Management (WFM) Systems automate traditional processes where information flows between individuals. WFM systems have two major implications for security. Firstly, since the description of a workflow process explicitly states when which function is to be performed by whom, security specifications may be automatically derived from such descriptions. Secondly, the derived security specifications have to be enforced. The paper considers the issues that need to be addressed by a secure workflow system. In particular it addresses the requirement that security for workflow systems need to be specified at the workflow level, and not at the level of the underlying components, such as the database or networks. One reason why it is necessary to consider security at this level is the dynamic nature of workflow systems, with access restrictions depending on the state of the workflow process. In addition, workflow systems may handle many instances of a given workflow specification and needs to be able to protect the instances according to the requirements posed by each. The intention of this paper is to provide an orderly framework for these concepts and to discuss a more generalized implementation architecture which can be based on existing technologies of the Web and Object-oriented systems. The framework is based on three levels: Modelling, Specification and Implementation; each level refines the concepts of the level above it. Modelling is illustrated by using a notion of Alter-Egos and a workflow modelling tool known as COLOR-X. How these and related concepts may be formally specified are considered in the second part of the paper. The specification is based on the formal language Z. The implementation section considers protocols, standards and architectures that may be used to realize such a secure workflow system. Since the implementation does not use any specific system but only very general components, it can be realized on various platforms.
Keywords: Security and database systems, workflow, Cyberspace, object-oriented databases, role-based security
DOI: 10.3233/JCS-1999-7403
Journal: Journal of Computer Security, vol. 7, no. 4, pp. 287-315, 1999
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]