Abstract
Complex business processes are usually realized by specifying the integration and interaction of smaller modular software components. For example, hitherto monolithic enterprise resource planning systems (ERP) are decomposed into Web services which are then again orchestrated in terms of Web service workflows, bringing about higher levels of flexibility and adaptability. In general, such services constitute autonomous software components with their own dedicated security requirements. In this paper we present our approach for consolidating the access control of (Web service) workflows. The proposed security engineering method allows, first, to determine for whom workflows are executable from a privileges point of view, second, to assess compliance with the principle of least privilege, and, third, helps to reduce policy enforcement costs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An Algebra for Composing Access Control Policies. ACM Trans. Inf. Syst. Secur. 5(1), 1–35 (2002)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
ANSI INCITS 359-2004, Role Based Access Control. American National Standards Institute, Inc. (ANSI), New York, NY, USA (February 2004)
Thatte, S., et al.: Business Process Execution Language for Web Services version 1.1 (BPEL4WS 1.1) (May 2003), http://www-128.ibm.com/developerworks/library/specification/ws-bpel/
Wimmer, M., Eberhardt, D., Ehrnlechner, P., Kemper, A.: Reliable and Adaptable Security Engineering for Database-Web Services. In: Koch, N., Fraternali, P., Wirsing, M. (eds.) ICWE 2004. LNCS, vol. 3140, pp. 502–515. Springer, Heidelberg (2004)
Rosenkrantz, D.J., Hunt, H.B.: Processing Conjunctive Predicates and Queries. In: Proc. of the Intl. Conf. on Very Large Data Bases (VLDB), Montreal, Canada, pp. 64–72 (October 1980)
Khalaf, R., Leymann, F.: On Web Services Aggregation. In: Benatallah, B., Shan, M.-C. (eds.) TES 2003. LNCS, vol. 2819, pp. 1–13. Springer, Heidelberg (2003)
Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e.V., AG Datenschutz in Gesundheitsinformationssystemen, http://info.imsd.uni-mainz.de/AGDatenschutz/
Altunay, M., Brown, D., Byrd, G.T., Dean, R.: Trust-Based Secure Workflow Path Construction. In: Benatallah, B., Casati, F., Traverso, P. (eds.) ICSOC 2005. LNCS, vol. 3826, pp. 502–515. Springer, Heidelberg (2005)
Huang, W.-K., Atluri, V.: SecureFlow: a Secure Web-enabled Workflow Management System. In: RBAC 1999: Proceedings of the 4th ACM Workshop on Role-based Access Control, pp. 83–94. ACM Press, New York (1999)
Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Trans. Inf. Syst. Secur. 2, 65–104 (1999)
Bettini, C., Wang, X.S., Jajodia, S.: Temporal Reasoning in Workflow Systems. Distrib. Parallel Databases 11(3), 269–306 (2002)
Rits, M., Boe, B.D., Schaad, A.: Xact: a Bridge between Resource Management and Access Control in Multi-layered Applications. In: SESS 2005: Proceedings of the 2005 Workshop on Software Engineering for Secure Systems, pp. 1–7. ACM Press, New York (2005)
Rannenberg, K., Müller, G.: Security in Communications – Technology, Infrastructure, Economy. Addison-Wesley, Reading (1999)
Biskup, J., Leineweber, T., Parthe, J.: Administration Rights in the SDSD-System. In: Proceedings of the Seventeenth Annual Working Conference on Database and Application Security, Estes Park, Colorado, United States (August 2003)
Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A Model of Authorization for Next-Generation Database Systems. ACM Trans. Database Syst. 16(1), 88–131 (1991)
Fernandez, E.B., Gudes, E., Song, H.: A Model for Evaluation and Administration of Security in Object-Oriented Databases. IEEE Transactions on Knowledge and Data Engineering 6(2), 275–292 (1994)
Moses, T., et al.: eXtensible Access Control Markup Language (XACML) version 2.0 (February 2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Anderson, A.: Core and Hierarchical Role Based Access Control RBAC Profile of XACML version 2.0 (September 2004), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wimmer, M., Albutiu, MC., Kemper, A. (2006). Optimized Workflow Authorization in Service Oriented Architectures. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_3
Download citation
DOI: https://doi.org/10.1007/11766155_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34640-1
Online ISBN: 978-3-540-34642-5
eBook Packages: Computer ScienceComputer Science (R0)