Abstract
In this paper we introduce a series of reference models for Secure Role-Based Workflow systems. We build our models over the well-known RBAC96 framework. The RBAC96 model supports the notion of abstract permissions. The nature of permissions is highly dependent upon the implementation details of the system, so we interpret the permissions for a Workflow system in terms of its components such as tasks, instances of the tasks and operations on them like execute, commit, abort etc. With this interpretation, we show that most of the components of RBAC96 still remain intact. The only components that change are the nature of permissions and their assignment to roles. The models are developed using the recently introduced four-layer OM-AM framework (comprising objective, model, architecture and mechanism layers). In this paper, we focus on the top two layers of OM-AM. We systematically describe our security objectives and construct our models to address these objectives. We also formally describe the models in terms of their components and their interactions. The main purpose for proposing these models is to articulate requirements for building Secure Role-Based Workflow Systems.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35587-0_24
Chapter PDF
Similar content being viewed by others
References
Ahn G, Sandhu R, Myong H K, Park J. (2000) Injecting RBAC to Secure a Web-based Workflow System. Fifth ACM Workshop on RBAC, pp 1— 10
Bertino, E., Ferrari, E. and Atluri, V. (1997). A flexible model for the specification and enforcement of authorization constraints in workflow management system. Proceedings of the Second ACM Workshop on Role-Based Access Control.
Clark, D.D. and Wilson, D.R. (1987). A comparison of commercial and military security policies. Proceedings of IEEE Symposium on Security and Privacy, pp. 184–194.
Narayanan K, Sheth A, (1995) Managing Heterogeneous Multi-system Tasks to Support Enterprise-wide Operation. Distributed and Parallel Databases vol 3 number 2 April 1995 pp 155–186 [5] Nash, M.J. and Poland, K.R. (1987). Some conundrums concerning separation of duty. Proceedings of IEEE Symposium on Security and Privacy, pp. 201207.
Sandhu, R. (1988). Transaction control expressions for separation of duties. Proceedings of the Fourth Aerospace Computer Security Applications Conference, pp. 282–286.
Sandhu, R., Coyne, E.J., Feinstein, H.L. and Youman, C.E. (1996). Role-based access control models. IEEE Computer, 29 (2), pp. 38–47.
Sandhu, R. (1990). Separation of duties in computerized information systems. Proceedings of the IFIP WG 11.3 Workshop on Database Security.
Sandhu, R, (2000) Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way. Fifth ACM Workshop on RBAC, pp 111 —119
Sandhu R, Ferraiolo D, Kuhn R, (2000) The NIST Model for Role-based Access Control: Towards a Unified Standard, Fifth ACM Workshop on RBAC, pp 47–64
Simon, R.T. and Zurko, M.E. (1997). Separation of duty in role-based environments. Proceedings of Computer Foundations Workshop X.
Thomas, R.K. and Sandhu R. (1997). Task-based authorization controls (TBAC) Proceedings of the IFIP WG 11.3 Workshop on Database Security.
Ullman, J (1989) Principles of Database and Knowledge-Base Systems (2nd volume). Computer Science Press, New York.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Kandala, S., Sandhu, R. (2002). Secure Role-Based Workflow Models. In: Olivier, M.S., Spooner, D.L. (eds) Database and Application Security XV. IFIP — The International Federation for Information Processing, vol 87. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35587-0_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-35587-0_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-1028-1
Online ISBN: 978-0-387-35587-0
eBook Packages: Springer Book Archive