Abstract
Bertino, Ferrari and Atluri (BFA) have recently presented a model for specifying and enforcing authorization constraints for Workflow Management Systems (WFMS). The model is comprehensive and exhibits strong properties such as (1) a language to express constraints, (2) formal notions of constraint consistency and (3) algorithms for role-task and user-task assignments. In this paper, we extend the BFA model to include primitives for weighted voting. We show that the BFA model cannot express weighted voting in a straightforward manner, whereas Transaction Control Expressions (TCEs) proposed by Sandhu [5] incorporates this notion. Since, all other aspects of TCEs can be easily simulated in BFA, we believe that the notion of weighted voting is a fundamental operation which is missing in the BFA model. Although, we do not formally prove that BFA cannot simulate weighted voting, we make a strong case that this cannot be done easily or directly. We also show that the extended-BFA model retains all the strong properties of the BFA model.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35508-5_22
Chapter PDF
Similar content being viewed by others
References
Benin, E., Ferrari, E. and Atluri, V. (1997). A flexible model for the specification and enforcement of authorization constraints in workflow management system. Proceedings of the Second ACM Workshop on Role-Based Access Control.
Clark, D. and Wilson, D. (1987). A comparison of commercial and military security policies. Proceedings of IEEE Symposium on Security and Privacy, pp. 184–194.
Das, S. (1992). Deductive Databases and Logic Programming,Addison-Wesley.
Nash, M. and Poland, K. (1987). Some conundrums concerning separation of duty. Proceedings ofIEEE Symposium on Security and Privacy, pp. 201–207.
Sandhu, R. (1988). Transaction control expressions for separation of duties. Proceedings of the Fourth Aerospace Computer Security Applications Conference, pp. 282–286.
Sandhu, R., Coyne, E.J., Feinstein, H.L. and Youman, C.E. (1996). Role-based access control models. IEEE Computer, 29 (2), pp. 38–47.
Sandhu, R. (1990). Separation of duties in computerized information systems. Proceedings of the IFIP WG 11.3 Workshop on Database Security.
Simon, R.T. and Zurko, M.E. (1997). Separation of duty in role-based environments. Proceedings of Computer Foundations Workshop X.
Thomas, R.K. and Sandhu R. (1997). Task-based authorization controls (TBAC) Proceedings of the IFIP WG 11.3 Workshop on Database Security.
Ullman, J. (1989). Principles ofDatabase and Knowledge-Base Systems (2 nd Volume),Computer Science Press.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Kandala, S., Sandhu, R. (2000). Extending the BFA Workflow Authorization Model to Express Weighted Voting. In: Atluri, V., Hale, J. (eds) Research Advances in Database and Information Systems Security. IFIP — The International Federation for Information Processing, vol 43. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35508-5_10
Download citation
DOI: https://doi.org/10.1007/978-0-387-35508-5_10
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6411-6
Online ISBN: 978-0-387-35508-5
eBook Packages: Springer Book Archive