Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: Database Security
Article type: Research Article
Authors: Atluri, Vijayalakshmi | Huang, Wei-Kuang
Affiliations: Center for Information Management, Integration, and Connectivity (CIMIC) and MS/CIS Department, Rutgers University, 180 University Avenue, Newark, NJ 07102, USA, E-mail: [email protected], [email protected]
Note: [*] A preliminary version of this work appeared in the Proceedings of the 10th IFIP WG 11.3 Working Conference on Database Security, July 1996 [5] and the Proceedings of the Fifth European Symposium on Research in Computer Security, September 1996 [4]. This work was supported in part by the National Science Foundation under grant IRI-9624222 and by the National Security Agency under grant MDA904-96-1-0127.
Abstract: Workflow management systems (WFMS) support the modeling and coordinated execution of processes within an organization. As advances in workflow management take place, they are also required to support security. This paper makes two major contributions to the area of workflow management. First, it shows how both mandatory and discretionary security can be incorporated into WFMS. Second, it provides a formal framework, based on Petri nets (PNs), for modeling workflows. Such a theoretical model is necessary for a standard conceptual representation as well as for analyzing the workflows. This paper first presents a Petri Net based model, called color timed Petri net (CTPN), which is capable of modeling the attributes of both multilevel and discretionary security. With respect to the issue of mandatory security, this paper proposes a multilevel secure workflow transaction model and identifies the task dependencies in a workflow that cannot be enforced in order to meet multilevel security constraints. It shows how CTPN can be used to represent various types of task dependencies and shows how the task dependencies violating security can be automatically detected and prevented by building a secure Petri net (SPN) from CTPN. With respect to the issue of discretionary access control, this paper proposes a workflow authorization model (WAM) that is capable of specifying authorizations in such a way that subjects gain access to required objects only during the execution of the task, thus synchronizing the authorization flow with the workflow. To achieve this synchronization, an authorization template (AT) is associated with each task that allows appropriate authorizations to be granted only when the task starts and to be revoked when the task finishes. This paper also presents how this synchronization can be implemented using CTPN. We argue that Petri net is a suitable tool for modeling workflows because of its rich set of analysis techniques. Properties such as safety of workflows (i.e., whether a workflow terminates in an acceptable state) and safety of WAM can be tested using the already available analysis techniques of PNs.
DOI: 10.3233/JCS-1997-5403
Journal: Journal of Computer Security, vol. 5, no. 4, pp. 303-339, 1997
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]