In this paper, we develop a new paradigm for access control and authorization management, called task-based authorization controls (TBAC). TBAC models access controls from a task-oriented perspective than the traditional subject-object one. Access mediation now involves authorizations at various points during the completion of tasks in accordance with some application logic. By taking a taskoriented view of access control and authorizations, TBAC lays the foundation for research into a new breed of "active" security models that are required for agentbased distributed computing and workflow management. Keywords Active security models, authorizations-step, composite authorizations, secure workflows 1 INTRODUCTION In this paper, we describe a new paradigm for access control and security models, called task-based authorization controls (TBAC). TBAC is well suited for distributed computing and information processing activities with multiple points of access, control, and decision makin...

We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the “standard ” RBAC models that are described by Sandhu et al., and enable security administrators to define a range of access policies that may include features, like denials of access and temporal authorizations, that are often useful in practice, but which are not widely supported in existing access control models. Representing access policies as constraint logic programs makes it possible to support certain policy options, constraint checks and administrator queries that cannot be represented by using related methods (like logic programs). Representing an access control policy as a constraint logic program also enables access requests and constraint checks to be efficiently evaluated.

OASIS is a role-based access control architecture for achieving secure interoperation of services in an open, distributed environment. Services define roles and implement formally specified policy for role activation and service use; users must present the required credentials, in the specified context, in order to activate a role or invoke a service. Roles are activated for the duration of a session only. In addition, a role is deactivated immediately if any of the conditions of the membership rule associated with its activation becomes false. OASIS does not use role delegation but instead defines the notion of appointment, whereby a user in some role may issue an appointment certificate to some other user. The role activation conditions of services may include appointment certificates, prerequisite roles and environmental constraints. We motivate our approach and formalise OASIS. First, a basic model is presented followed by an extended model which includes parameterisation.

In recent years, workflow management systems (WFMSs) have gained popularity both in research as well as in commercial sectors. WFMSs are used to coordinate and streamline business processes of an organization. Often, very large WFMSs are used in organizations with users in the range of several thousands and number of process instances in the range of tens of thousands. To simplify the complexity of security administration, it is a common practice in many business organizations to allocate a role to perform each activity in the process and then assign one or more users to each role, and granting an authorization to roles rather than to users. Typically the security policies of the organization are expressed as constraints on users and roles. a well-known constraint is separation of duties. Unfortunately, current role-based access control models are not adequate to model such constraints. To address this issue, in this paper, (1) we present a language to express authorization constraints...

This paper presents a pair of role-based access control models for workflow systems, collectively known as the W-RBAC model. The models described here contains both static and dynamic (history based) constraints, which is integrated with a workflow system. The W0-RBAC model describes our concept of dynamic constrains, and the integration of the access control system with the workflow.

The objective of this paper is to present a web-based Workflow Management System (WFMS), called SecureFlow that can serve as a framework for specification and enforcement of complex security policies within a workflow, such as separation of duties. The main advantage of SecureFlow is that it uses a simple 4GL language such as SQL to specify authorization constraints, thereby improving flexibility and user-friendliness. Due to the modular nature of the SecureFlow architecture, the security specification and enforcement modules can be layered on top of existing workflow systems that do not provide adequate support for security. SecureFlow relies on the Workflow Authorization Model (WAM) recently proposed by Atluri and Huang. 1 Introduction Since timely services are critical for any business, there is a great need to automate or reengineer the business processes. Typically many organizations achieve this by executing these coordinated activities (tasks) that constitute the business proc...

Workflow management systems (WFMSs) have attracted a lot of interest both in academia and the business community. A workflow consists of a collection of tasks that are organized to facilitate some business process specification. To simplify the complexity of security administration, it is common to use role-based access control (RBAC) to grant authorization to roles and users. Typically, security policies are expressed as constraints on users, roles, tasks and the workflow itself. A workflow system can become very complex and involve several organizations or different units of an organization, thus the number of security policies may be very large and their interactions very complex. It is clearly important to know whether the existence of such constraints will prevent certain instances of the workflow from completing. Unfortunately, no existing constraint models have considered this problem satisfactorily. In this paper we define a model for constrained workflow systems that includes local and global cardinality constraints, separation of duty constraints and binding of duty constraints. We define the notion of a workflow specification and of a constrained workflow authorization schema. Our main result is to establish necessary and sufficient conditions for the set of constraints that ensure a sound constrained workflow authorization schema, that is, for any user or any role who are authorized to a task, there is at least one complete workflow instance when this user or this role executes this task. 1

Demonstrating the safety of a system (ie. avoiding the undesired propagation of access rights or indirect access through some other granted resource) is one of the goals of access control research, e.g. [1-4]. However, the flexibility required from enterprise resource management (ERP) systems may require the implementation of seemingly contradictory requirements (e.g. tight access control but at the same time support for discretionary delegation of workflow tasks and rights). To aid in the analysis of safety problems in workflow-based ERP system, this paper presents a model-checking based approach for automated analysis of delegation and revocation functionalities. This is done in the context of a real-world banking workflow requiring static and dynamic separation of duty properties. We derived information about the workflow from BPEL specifications and ERP business object repositories. This was captured in a SMV specification together with a definition of possible delegation and revocation scenarios. The required separation properties were translated into a set of LTL-based constraints. In particular, we analyse the interaction between delegation and revocation activities in the context of dynamic separation of duty policies.

Access control needs to be more flexible and fine-grained to support cooperative tasks and processes performed by dynamic teams. This can be done by applying state-of-theart role-based access control (RBAC) technology. This paper examines how to integrate RBAC in a team-based organization context and how to apply such access control to hypermedia structures. Based on the analysis of these issues, a team-and-role-based access control model is proposed, which describes various aspects of role-based access control in cooperative hypermedia environments. The model has been implemented in CHIPS, a cooperative hypermedia-based process support system. Application examples demonstrate that its organizational context management and access permission authorization retain the simplicity of RBAC. Our extensions provide effective and flexible access control for managing various kinds of shared workspaces, especially shared process spaces, where access control is not only used for managing security, but also for supporting coordination.

Worlcfiow Management Systems (WJMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for worlcfiow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in worlcfiow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements.