Abstract
In this paper, we present generic algorithms to ensure the consistency of mutual-exclusion and binding constraints in a business process context. We repeatedly identified the need for such generic algorithms in our real-world projects. Thus, the algorithms are a result of the experiences we gained in analyzing, designing, and implementing a number of corresponding software systems and tools. In particular, these algorithms check corresponding consistency requirements to prevent constraint conflicts and to ensure the design-time and runtime compliance of a process-related role-based access control (RBAC) model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ahn, G., Sandhu, R.: Role-based Authorization Constraints Specification. ACM Transactions on Information and System Security (TISSEC) 3(4) (November 2000)
Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security (TISSEC) 2(1) (February 1999)
Botha, R., Eloff, J.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3) (2001)
Casati, F., Castano, S., Fugini, M.: Managing Workflow Authorization Constraints through Active Database Technology. Information Systems Frontiers 3(3) (September 2001)
Ferraiolo, D., Barkley, J., Kuhn, D.: A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information and System Security (TISSEC) 2(1) (February 1999)
Kunz, S., Evdokimov, S., Fabian, B., Stieger, B., Strembeck, M.: Role-Based Access Control for Information Federations in the Industrial Service Sector. In: Proc. of the 18th European Conference on Information Systems (ECIS) (June 2010)
Li, N., Tripunitara, M., Bizri, Z.: On Mutually Exclusive Roles and Separation-of-Duty. ACM Transactions on Information and System Security (TISSEC) 10(2) (May 2007)
Li, N., Wang, Q.: Beyond separation of duty: An algebra for specifying high-level security policies. Journal of the ACM (JACM) 55(3) (July 2008)
Mendling, J., Ploesser, K., Strembeck, M.: Specifying Separation of Duty Constraints in BPEL4 People Processes. In: Proc. of the 11th International Conference on Business Information Systems (BIS). LNBIP, vol. 7, Springer, Heidelberg (2008)
Neumann, G., Strembeck, M.: Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language. In: Proc. of the 8th ACM Conference on Computer and Communications Security (CCS) (November 2001)
Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow Resource Patterns: Identification, Representation and Tool Support. In: Pastor, Ó., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 216–232. Springer, Heidelberg (2005)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2) (February 1996)
Strembeck, M.: Conflict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences. In: Proc. of the Conference on Software Engineering, SE 2004 (February 2004)
Strembeck, M.: A Role Engineering Tool for Role-Based Access Control. In: Proc. of the 3rd Symposium on Requirements Engineering for Information Security (SREIS) (August 2005)
Strembeck, M.: Scenario-Driven Role Engineering. IEEE Security & Privacy 8(1) (January/February 2010)
Strembeck, M., Neumann, G.: An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ACM Transactions on Information and System Security (TISSEC) 7(3) (August 2004)
Tan, K., Crampton, J., Gunter, C.: The Consistency of Task-Based Authorization Constraints in Workflow Systems. In: Proc. of the 17th IEEE Workshop on Computer Security Foundations (CSFW) (June 2004)
Wainer, J., Barthelmes, P., Kumar, A.: W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems (IJCIS) 12(4) (December 2003)
Warner, J., Atluri, V.: Inter-Instance Authorization Constraints for Secure Workflow Management. In: Proc. of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT) (June 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Strembeck, M., Mendling, J. (2010). Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16934-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-16934-2_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16933-5
Online ISBN: 978-3-642-16934-2
eBook Packages: Computer ScienceComputer Science (R0)