Skip to main content
SpringerLink
Log in

Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context

  • Conference paper
Book cover On the Move to Meaningful Internet Systems: OTM 2010 (OTM 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6426))

Abstract

In this paper, we present generic algorithms to ensure the consistency of mutual-exclusion and binding constraints in a business process context. We repeatedly identified the need for such generic algorithms in our real-world projects. Thus, the algorithms are a result of the experiences we gained in analyzing, designing, and implementing a number of corresponding software systems and tools. In particular, these algorithms check corresponding consistency requirements to prevent constraint conflicts and to ensure the design-time and runtime compliance of a process-related role-based access control (RBAC) model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ahn, G., Sandhu, R.: Role-based Authorization Constraints Specification. ACM Transactions on Information and System Security (TISSEC) 3(4) (November 2000)

    Google Scholar 

  2. Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security (TISSEC) 2(1) (February 1999)

    Google Scholar 

  3. Botha, R., Eloff, J.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3) (2001)

    Google Scholar 

  4. Casati, F., Castano, S., Fugini, M.: Managing Workflow Authorization Constraints through Active Database Technology. Information Systems Frontiers 3(3) (September 2001)

    Google Scholar 

  5. Ferraiolo, D., Barkley, J., Kuhn, D.: A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information and System Security (TISSEC) 2(1) (February 1999)

    Google Scholar 

  6. Kunz, S., Evdokimov, S., Fabian, B., Stieger, B., Strembeck, M.: Role-Based Access Control for Information Federations in the Industrial Service Sector. In: Proc. of the 18th European Conference on Information Systems (ECIS) (June 2010)

    Google Scholar 

  7. Li, N., Tripunitara, M., Bizri, Z.: On Mutually Exclusive Roles and Separation-of-Duty. ACM Transactions on Information and System Security (TISSEC) 10(2) (May 2007)

    Google Scholar 

  8. Li, N., Wang, Q.: Beyond separation of duty: An algebra for specifying high-level security policies. Journal of the ACM (JACM) 55(3) (July 2008)

    Google Scholar 

  9. Mendling, J., Ploesser, K., Strembeck, M.: Specifying Separation of Duty Constraints in BPEL4 People Processes. In: Proc. of the 11th International Conference on Business Information Systems (BIS). LNBIP, vol. 7, Springer, Heidelberg (2008)

    Google Scholar 

  10. Neumann, G., Strembeck, M.: Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language. In: Proc. of the 8th ACM Conference on Computer and Communications Security (CCS) (November 2001)

    Google Scholar 

  11. Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow Resource Patterns: Identification, Representation and Tool Support. In: Pastor, Ó., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 216–232. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2) (February 1996)

    Google Scholar 

  13. Strembeck, M.: Conflict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences. In: Proc. of the Conference on Software Engineering, SE 2004 (February 2004)

    Google Scholar 

  14. Strembeck, M.: A Role Engineering Tool for Role-Based Access Control. In: Proc. of the 3rd Symposium on Requirements Engineering for Information Security (SREIS) (August 2005)

    Google Scholar 

  15. Strembeck, M.: Scenario-Driven Role Engineering. IEEE Security & Privacy 8(1) (January/February 2010)

    Google Scholar 

  16. Strembeck, M., Neumann, G.: An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ACM Transactions on Information and System Security (TISSEC) 7(3) (August 2004)

    Google Scholar 

  17. Tan, K., Crampton, J., Gunter, C.: The Consistency of Task-Based Authorization Constraints in Workflow Systems. In: Proc. of the 17th IEEE Workshop on Computer Security Foundations (CSFW) (June 2004)

    Google Scholar 

  18. Wainer, J., Barthelmes, P., Kumar, A.: W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems (IJCIS) 12(4) (December 2003)

    Google Scholar 

  19. Warner, J., Atluri, V.: Inter-Instance Authorization Constraints for Secure Workflow Management. In: Proc. of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT) (June 2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Vienna University of Economics and Business (WU Vienna), Austria

    Mark Strembeck

  2. Humboldt-Universität zu Berlin, Germany

    Jan Mendling

Authors
  1. Mark Strembeck
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Mendling
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STAR Lab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. Curtin University of Technology, DEBII - CBS, De Laeter Way, Bentley, 6102, WA, Australia

    Tharam Dillon

  3. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain

    Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Strembeck, M., Mendling, J. (2010). Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16934-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16934-2_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16933-5

  • Online ISBN: 978-3-642-16934-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation