Dynamic Authorisation Policies for Event-Based Task Delegation
Task delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between both workflow and access control systems. There are two important issues relating to delegation, namely allowing task delegation to complete, and having a secure delegation within a workflow. Delegation completion and authorisation enforcement are specified under specific constraints. Constraints are defined from the delegation context implying the presence of a fixed set of delegation events to control the delegation execution.
In this paper, we aim to reason about delegation events to specify delegation policies dynamically. To that end, we present an event-based task delegation model to monitor the delegation process. We then identify relevant events for authorisation enforcement to specify delegation policies. Moreover, we propose a technique that automates delegation policies using event calculus to control the delegation execution and increase the compliance of all delegation changes in the global policy.
KeywordsWorkflow task delegation policy event calculus
- 1.Venter, K., Olivier, M.S.: The delegation authorization model: A model for the dynamic delegation of authorization rights in a secure workflow management system. In: CCITT Recommendation X.420, Blue Book (2002)Google Scholar
- 2.Vijayalakshmi, A., Janice, W.: Supporting conditional delegation in secure workflow management systems. In: SACMAT 2005: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 49–58. ACM, New York (2005)Google Scholar
- 3.Gaaloul, K., Charoy, F.: Task delegation based access control models for workflow systems. In: I3E 2009: Proceedings of Software Services for e-Business and e-Society, 9th IFIP WG 6.1 Conference on e-Business, e-Services and e-Society, Nancy, France, September 23-25. IFIP, vol. 305. Springer, Heidelberg (2009)Google Scholar
- 4.Gaaloul, K., Miseldine, P., Charoy, F.: Towards proactive policies supporting event-based task delegation. In: The International Conference on Emerging Security Information, Systems, and Technologies, pp. 99–104 (2009)Google Scholar
- 5.Atluri, V., Huang, W., Bertino, E.: An execution model for multilevel seccure workflows. In: Proceedings of the IFIP WG11.3 Eleventh International Conference on Database Security, pp. 151–165. Chapman & Hall, Ltd., London (1998)Google Scholar
- 9.Zahoor, E., Perrin, O., Godart, C.: A declarative approach to timed-properties aware Web services composition, INRIA internal report 00455405 (February 2010)Google Scholar
- 10.Mueller, E.T.: Commonsense Reasoning. Morgan Kaufmann Publishers Inc., USA (2006)Google Scholar
- 11.Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
- 14.Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B., Mulmo, O.: Policy administration control and delegation using xacml and delegent. In: Proceedings of 6th IEEE/ACM International Conference on Grid Computing (GRID 2005), Seattle, Washington, USA, November 13-14, pp. 49–54 (2005)Google Scholar