Specifying Application-level Security in Workflow Systems
Olivier, van de Riet, and Gudes
1998
Citation information
M. S. Olivier, R. P. van de Riet, and E. Gudes. “Specifying Application-level Security in Workflow Systems”. In: Proceedings of the Ninth International Workshop on Security of Data Intensive Applications (DEXA 98). Ed. by R Wagner. IEEE, 1998, pp. 346–351Abstract
A workflow process involves the execution of a set of related activities over time to perform a specific task. Security requires that such activities may only be performed by authorised subjects. In order to enforce such requirements, access to the underlying data objects has to be controlled. We refer to such access control as level 1 access control. In addition, when an individual is authorised to perform an activity, access should be limited to the time that the activity is being performed: Access to activity information before an activity commences or after it has terminated may be undesirable. This we will refer to as level 2 security. Finally, applications often specify application-oriented (level 3) security requirements. This paper considers security restrictions in the latter category and proposes a rigorous approach that may be used to specify such policies. Enforcement (implementation) of such policies is also considered. The paper assumes that level 1 and level 2 mechanisms are in place and builds level 3 security mechanisms on these underlying levels.
Full text
A pre- or postprint of the publication is available at https://mo.co.za/ask/appwf.pdf.Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.
Definitive version
The definitive version of the paper is available from the publisher.DOI: 10.1109/DEXA.1998.707423
BibTeX reference
@inproceedings(appwf,author={Martin S Olivier and van de Riet, Reind P and Ehud Gudes},
title={Specifying Application-level Security in Workflow Systems},
editor={R Wagner},
booktitle={Proceedings of the Ninth International Workshop on Security of Data Intensive Applications (DEXA 98)},
pages={346--351},
publisher={IEEE},
year={1998} )