Role-based authorizations for workflow systems in support of task-based separation of duty

Duen-Ren Liu; Mei Yu Wu; Shu Teng Lee

doi:10.1016/S0164-1212(03)00175-4

Role-based authorizations for workflow systems in support of task-based separation of duty

Duen-Ren Liu^*, Mei Yu Wu, Shu Teng Lee

^*Corresponding author for this work

Institute of Information Management

Research output: Contribution to journal › Article › peer-review

26 Scopus citations

Abstract

Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work analyzes and defines several duty-conflict relationships among tasks, and designs authorization rules to enforce SoD constraints based on the analysis. A novel authorization model that incorporates authorization rules is then proposed to support the planning of assigning tasks to roles/users, and the run-time activation of tasks. Different from existing work, the proposed authorization model considers the AND/XOR split structures of workflows and execution dependency among tasks to enforce separation of duties in assigning tasks to roles/users. A prototype system is developed to realize the effectiveness of the proposed authorization model.

Original language	English
Pages (from-to)	375-387
Number of pages	13
Journal	Journal of Systems and Software
Volume	73
Issue number	3
DOIs	https://doi.org/10.1016/S0164-1212(03)00175-4
State	Published - Nov 2004

Keywords

Authorization management
Role-based access control
Separation of duty
Workflow system

Access to Document

10.1016/S0164-1212(03)00175-4

Cite this

@article{1de6e4e2b23542f693f74a2366c95eba,

title = "Role-based authorizations for workflow systems in support of task-based separation of duty",

abstract = "Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work analyzes and defines several duty-conflict relationships among tasks, and designs authorization rules to enforce SoD constraints based on the analysis. A novel authorization model that incorporates authorization rules is then proposed to support the planning of assigning tasks to roles/users, and the run-time activation of tasks. Different from existing work, the proposed authorization model considers the AND/XOR split structures of workflows and execution dependency among tasks to enforce separation of duties in assigning tasks to roles/users. A prototype system is developed to realize the effectiveness of the proposed authorization model.",

keywords = "Authorization management, Role-based access control, Separation of duty, Workflow system",

author = "Duen-Ren Liu and Wu, {Mei Yu} and Lee, {Shu Teng}",

year = "2004",

month = nov,

doi = "10.1016/S0164-1212(03)00175-4",

language = "English",

volume = "73",

pages = "375--387",

journal = "Journal of Systems and Software",

issn = "0164-1212",

publisher = "Elsevier Inc.",

number = "3",

}

TY - JOUR

T1 - Role-based authorizations for workflow systems in support of task-based separation of duty

AU - Liu, Duen-Ren

AU - Wu, Mei Yu

AU - Lee, Shu Teng

PY - 2004/11

Y1 - 2004/11

N2 - Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work analyzes and defines several duty-conflict relationships among tasks, and designs authorization rules to enforce SoD constraints based on the analysis. A novel authorization model that incorporates authorization rules is then proposed to support the planning of assigning tasks to roles/users, and the run-time activation of tasks. Different from existing work, the proposed authorization model considers the AND/XOR split structures of workflows and execution dependency among tasks to enforce separation of duties in assigning tasks to roles/users. A prototype system is developed to realize the effectiveness of the proposed authorization model.

AB - Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work analyzes and defines several duty-conflict relationships among tasks, and designs authorization rules to enforce SoD constraints based on the analysis. A novel authorization model that incorporates authorization rules is then proposed to support the planning of assigning tasks to roles/users, and the run-time activation of tasks. Different from existing work, the proposed authorization model considers the AND/XOR split structures of workflows and execution dependency among tasks to enforce separation of duties in assigning tasks to roles/users. A prototype system is developed to realize the effectiveness of the proposed authorization model.

KW - Authorization management

KW - Role-based access control

KW - Separation of duty

KW - Workflow system

UR - http://www.scopus.com/inward/record.url?scp=4444319368&partnerID=8YFLogxK

U2 - 10.1016/S0164-1212(03)00175-4

DO - 10.1016/S0164-1212(03)00175-4

M3 - Article

AN - SCOPUS:4444319368

SN - 0164-1212

VL - 73

SP - 375

EP - 387

JO - Journal of Systems and Software

JF - Journal of Systems and Software

IS - 3

ER -

Role-based authorizations for workflow systems in support of task-based separation of duty

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this