Browser unable to execute script; please use the site map to navigate the site.

Specifying Application-level Security in Workflow Systems

Olivier, van de Riet, and Gudes


(Citation)Citation information

M. S. Olivier, R. P. van de Riet, and E. Gudes. “Specifying Application-level Security in Workflow Systems”. In: Proceedings of the Ninth International Workshop on Security of Data Intensive Applications (DEXA 98). Ed. by R Wagner. IEEE, 1998, pp. 346–351


A workflow process involves the execution of a set of related activities over time to perform a specific task. Security requires that such activities may only be performed by authorised subjects. In order to enforce such requirements, access to the underlying data objects has to be controlled. We refer to such access control as level 1 access control. In addition, when an individual is authorised to perform an activity, access should be limited to the time that the activity is being performed: Access to activity information before an activity commences or after it has terminated may be undesirable. This we will refer to as level 2 security. Finally, applications often specify application-oriented (level 3) security requirements. This paper considers security restrictions in the latter category and proposes a rigorous approach that may be used to specify such policies. Enforcement (implementation) of such policies is also considered. The paper assumes that level 1 and level 2 mechanisms are in place and builds level 3 security mechanisms on these underlying levels.

(Full text; password required)Full text

A pre- or postprint of the publication is available at
Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

(Authoritative version on publisher's site)Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1109/DEXA.1998.707423

(BibTeX record)BibTeX reference

author={Martin S Olivier and van de Riet, Reind P and Ehud Gudes},
title={Specifying Application-level Security in Workflow Systems},
editor={R Wagner},
booktitle={Proceedings of the Ninth International Workshop on Security of Data Intensive Applications (DEXA 98)},
year={1998} )