Skip to main content
SpringerLink
Log in

A Formal Framework for Adaptive Access Control Models

  • Conference paper
Journal on Data Semantics IX

Part of the book series: Lecture Notes in Computer Science ((JODS,volume 4601))

Abstract

For several reasons enterprises are frequently subject to organizational change. Respective adaptations may concern business processes, but also other components of an enterprise architecture. In particular, changes of organizational structures often become necessary. The information about organizational entities and their relationships is maintained in organizational models. Therefore the quick and correct adaptation of these models is fundamental to adequately cope with organizational changes. However, model changes alone are not sufficient to guarantee consistency. Since organizational models also provide the basis for defining access rules (e.g., actor assignments in workflow management systems or access rules in document-centered applications) this information has to be adapted accordingly (e.g., to avoid dangling references or non-resolvable actor assignments). Current approaches do not adequately address this problem, which often leads to security gaps and delayed change implementation.In this paper we introduce a formal framework for the controlled evolution of organizational models and related access rules. Firstly, we introduce a set of operators with well-defined semantics for defining and changing organizational models. Secondly, we show how to define access rules based on such models. In this context we also define a notion of correctness for access rules. Thirdly, we present a formal framework for the (semi-automated) adaptation of access rules when the underlying organizational model is changed by exploiting the semantics of the applied changes. Altogether the presented approach provides an important contribution for realizing adaptive access control frameworks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. v.d. Aalst, W., van Hee, K.: Workflow Management. MIT Press, Cambridge (2002)

    Google Scholar 

  2. Sutton, M.: Document Management for the Enterprise: Principles, Techniques and Applications. John Wiley, Chichester (1996)

    Google Scholar 

  3. Linthicum, D.: Enterpise Application Integration. Addison-Wesley, Reading (1999)

    Google Scholar 

  4. Bertino, E., Ferrari, E., Alturi, V.: The specification and enforcement of authorization constraints in wfms. ACM Trans. on Inf. and Sys. Sec. 2, 65–104 (1999)

    Article  Google Scholar 

  5. Sandhu, S.: Authentication, access control and audit. ACM Computings Surveys 28, 241–243 (1996)

    Article  Google Scholar 

  6. Ferraiolo, D., Kuhn, D., Chandramouli, R.: Role–Based Access Control. Artech House (2003)

    Google Scholar 

  7. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29, 38–47 (1996)

    Google Scholar 

  8. Wainer, J., Barthelmess, P., Kumar, A.: W–RBAC – a workflow security model incorporating controlled overriding of constraints. International Journal of Collaborative Information Systems 12, 455–485 (2003)

    Article  Google Scholar 

  9. El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Saurel, C., Deswarte, Y., Miege, A., Trouessin, G.: Organization-based access control. In: Proc. 4th IEEE Int. Workshop on Policies for Distributed Systems and Networks, IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  10. Konyen, I.: Organizational structures and business processes in hospitals. Master’s thesis, University of Ulm, Computer Science Faculty (in German) (1996)

    Google Scholar 

  11. Jablonski, S., Schlundt, M., Wedekind, H.: A generic component for the computer–based use of organizational models (in german). Informatik Forschung und Entwicklung 16, 23–34 (2001)

    Article  MATH  Google Scholar 

  12. Klarmann, J.: A comprehensive support for changes in organizational models of workflow management systems. In: ISM 2001. Proc. 4th Int’l Conf. on Inf Systems Modeling, pp. 375–387 (2001)

    Google Scholar 

  13. Dumas, M., ter Hofstede, A.W.A. (eds.): Process Aware Information Systems. Wiley Publishing, Chichester (2005)

    Google Scholar 

  14. Rinderle, S., Reichert, M.: On the controlled evolution of access rules in cooperative information systems. In: Meersman, R., Tari, Z. (eds.) On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE. LNCS, vol. 3760, pp. 238–255. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based acces control. ACM ToISS 4, 224–274 (2001)

    Google Scholar 

  16. Tolone, W., Ahn, G., Pai, T.: Access control in collaborative systems. ACM Computings Surveys 37, 29–41 (2005)

    Article  Google Scholar 

  17. Reichert, M., Rinderle, S., Kreher, U., Dadam, P.: Adaptive process management with adept2. In: ICDE 2005. Proc. 21st Int’l Conf. on Data Engineering, Tokyo, pp. 1113–1114 (2005)

    Google Scholar 

  18. Berroth, M.: Design of a component for organizational models. Master’s thesis, University of Ulm, Computer Science Faculty (in German) (2005)

    Google Scholar 

  19. Howes, T., Smith, M., Good, G.: Understanding and Deploying LDAP Directory Services. New Riders (2001)

    Google Scholar 

  20. Bertino, E.: Data security. DKE 25, 199–216 (1998)

    Article  MATH  Google Scholar 

  21. Zur Muehlen, M.: Resource modeling in workflow applications. In: Proc. of the 1999 Workflow Management Conference (Muenster), pp. 137–153 (1999)

    Google Scholar 

  22. Weber, B., Reichert, M., Wild, W., Rinderle, S.: Balancing flexibility and security in adaptive process management systems. In: Meersman, R., Tari, Z. (eds.) On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE. LNCS, vol. 3760, pp. 59–76. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. NIST: Proposed Standard for Role-Based Access Control (2004), http://csrc.nist.gov/rbac/rbacSTDACM.pdf

  24. Ferraiolo, D., Kuhn, D.: Role based access control. In: 15th National Computer Security Conference (1992)

    Google Scholar 

  25. Botha, R., Eloff, J.: A framework for access control in workflow systems. Information Management and Computer Security 9, 126–133 (2001)

    Article  Google Scholar 

  26. Pfeiffer, V.: A framework for evaluating access control concepts in workflow management systems. Master’s thesis, University of Ulm, Computer Science Faculty (in German) (2005)

    Google Scholar 

  27. Giuri, L., Iglio, P.: A formal model for role-based access control with constraints. In: Proc. Computer Security Foundations Workshop, pp. 136–145 (1996)

    Google Scholar 

  28. Kuhn, D.: Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In: Proc. 2nd ACM Workshop on Role-based Access Control, pp. 23–30. ACM Press, New York (1997)

    Chapter  Google Scholar 

  29. v.d. Aalst, W.: Exterminating the dynamic change bug: A concrete approach to support worfklow change. Information Systems Frontiers 3, 297–317 (2001)

    Article  Google Scholar 

  30. Rinderle, S., Reichert, M., Dadam, P.: Correctness criteria for dynamic changes in workflow systems – a survey. Data and Knowledge Engineering, Special Issue on Advances in Business Process Management 50, 9–34 (2004)

    Google Scholar 

  31. Agostini, A., De Michelis, G.: Improving flexibility of workflow management systems. In: BPM 2000. Proc. Int’l Conf. on Business Process Management, pp. 218–234 (2000)

    Google Scholar 

  32. Joeris, G., Herzog, O.: Managing evolving workflow specifications. In: CoopIS 1998. Proc. Int’l Conf. on Cooperative Information Systems, New York City, pp. 310–321 (1998)

    Google Scholar 

  33. Weske, M.: Workflow management systems: Formal foundation, conceptual design, implementation aspects. University of Münster, Germany, Habilitation Thesis (2000)

    Google Scholar 

  34. Sadiq, S., Marjanovic, O., Orlowska, M.: Managing change and time in dynamic workflow processes. IJCIS 9, 93–116 (2000)

    Google Scholar 

  35. Fent, A., Reiter, H., Freitag, B.: Design for change: Evolving workflow specifications in ULTRAflow. In: Pidduck, A.B., Mylopoulos, J., Woo, C.C., Ozsu, M.T. (eds.) CAiSE 2002. LNCS, vol. 2348, pp. 516–534. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  36. Kochut, K., Arnold, J., Sheth, A., Miller, J., Kraemer, E., Arpinar, B., Cardoso, J.: IntelliGEN: A distributed workflow system for discovering protein-protein interactions. Distributed and Parallel Databases 13, 43–72 (2003)

    Article  MATH  Google Scholar 

  37. Edmond, D., ter Hofstede, A.: A reflective infrastructure for workflow adaptability. Data and Knowledge Engineering 34, 271–304 (2000)

    Article  MATH  Google Scholar 

  38. Reichert, M., Dadam, P.: ADEPT flex - supporting dynamic changes of workflows without losing control. JIIS 10, 93–129 (1998)

    Google Scholar 

  39. Rinderle, S., Reichert, M., Dadam, P.: Flexible support of team processes by adaptive workflow systems. Distributed and Parallel Databases 16, 91–116 (2004)

    Article  Google Scholar 

  40. Rinderle, S., Weber, B., Reichert, M., Wild, W.: Integrating process learning and process evolution - a semantics based approach. In: van der Aalst, W.M.P., Benatallah, B., Casati, F., Curbera, F. (eds.) BPM 2005. LNCS, vol. 3649, Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  41. Klarmann, J.: A comprehensive support for changes in organizational models of workflow management systems. In: ISM 2001. Proc. Int’l Conf. on Information Systems Modeling, Hradec nad Moravici, Czech Republic (2001)

    Google Scholar 

  42. Domingos, D., Rito–Silva, A., Veiga, P.: Authorization and access control in adaptive workflows. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 23–28. Springer, Heidelberg (2003)

    Google Scholar 

  43. v.d. Aalst, W., Jablonski, S.: Dealing with workflow change: Identification of issues an solutions. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 267–276. Springer, Heidelberg (2003)

    Google Scholar 

  44. Klarmann, J.: Using conceptual graphs for organization modeling in workflow management systems. In: WM 2001. Proc. Conf. Professionelles Wissensmanagement, pp. 19–23 (2001)

    Google Scholar 

  45. Rinderle, S., Reichert, M., Dadam, P.: Disjoint and overlapping process changes: Challenges, solutions, applications. In: Meersman, R., Tari, Z. (eds.) On the Move to Meaningful Internet Systems 2004: CoopIS, DOA, and ODBASE. LNCS, vol. 3290, pp. 101–120. Springer, Heidelberg (2004)

    Google Scholar 

  46. Simon, R., Zurko, M.: Separation of duty in role based environments. In: Proc. Computer Security Foundations Workshop X (1997)

    Google Scholar 

  47. Botha, R., Eloff, J.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3) (2001)

    Google Scholar 

  48. Ly, T., Rinderle, S., Dadam, P., Reichert, M.: Mining staff assignment rules from event-based data. In: Castellanos, M., Weijters, T. (eds.) BPI 2005. First International Workshop on Business Process Intelligence, Nancy, France, pp. 177–190 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department Databases and Information Systems, University of Ulm, Germany

    Stefanie Rinderle

  2. Information Systems Group, University of Twente, The Netherlands

    Manfred Reichert

Authors
  1. Stefanie Rinderle
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manfred Reichert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Stefano Spaccapietra Paolo Atzeni François Fages Mohand-Saïd Hacid Michael Kifer John Mylopoulos Barbara Pernici Pavel Shvaiko Juan Trujillo Ilya Zaihrayeu

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rinderle, S., Reichert, M. (2007). A Formal Framework for Adaptive Access Control Models. In: Spaccapietra, S., et al. Journal on Data Semantics IX. Lecture Notes in Computer Science, vol 4601. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74987-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74987-5_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74982-0

  • Online ISBN: 978-3-540-74987-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation