Modular synthesis of enforcement mechanisms for the workflow satisfiability problem: Scalability and reusability

IRIS

Modularity is an important concept in the design and enact-ment of workows. However, supporting the specification and enforcement of authorization in this setting is not straightfor-ward. In this paper, we introduce a notion of component and a combination mechanism for security-sensitive workows. These are business processes in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (speci-fying which users can execute which tasks). We show how authorization constraints can also be imposed across com-ponents and demonstrate the usefulness of our notion of component by showing (i) the scalability of a technique for the synthesis of run-Time monitors for security-sensitive workows; and (ii) the design of a plug-in for the reuse of workows and related run-Time monitors inside an editor for security-sensitive workows.

Modular synthesis of enforcement mechanisms for the workflow satisfiability problem: Scalability and reusability / Dos Santos, D. R.; Ponta, S. E.; Ranise, S.. - 06-08-:(2016), pp. 89-99. (Intervento presentato al convegno 21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016 tenutosi a chn nel 2016) [10.1145/2914642.2914649].

Modular synthesis of enforcement mechanisms for the workflow satisfiability problem: Scalability and reusability

Dos Santos D. R.;Ponta S. E.;Ranise S.

2016-01-01

Abstract

Modularity is an important concept in the design and enact-ment of workows. However, supporting the specification and enforcement of authorization in this setting is not straightfor-ward. In this paper, we introduce a notion of component and a combination mechanism for security-sensitive workows. These are business processes in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (speci-fying which users can execute which tasks). We show how authorization constraints can also be imposed across com-ponents and demonstrate the usefulness of our notion of component by showing (i) the scalability of a technique for the synthesis of run-Time monitors for security-sensitive workows; and (ii) the design of a plug-in for the reuse of workows and related run-Time monitors inside an editor for security-sensitive workows.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
			2016
		
	Titolo del volume (Proceedings title)
	
			Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
		
	Luogo di edizione (Place of publication)
	
			United States
		
	Casa editrice (Publisher)
	
			Association for Computing Machinery
		
	ISBN
	
			9781450338028
		
	Codice Scopus (Scopus Identifier)
	
			2-s2.0-84977110886
		
	Tutti gli autori
	
			Dos Santos, D. R.; Ponta, S. E.; Ranise, S.
		
	Citazione
	
			Modular synthesis of enforcement mechanisms for the workflow satisfiability problem: Scalability and reusability / Dos Santos, D. R.; Ponta, S. E.; Ranise, S.. - 06-08-:(2016), pp. 89-99. (Intervento presentato al  convegno 21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016 tenutosi a chn nel 2016) [10.1145/2914642.2914649].
		
	Appare nelle tipologie:
	
			04.1 Saggio in atti di convegno (Paper in Proceedings)

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333078

Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni

ND

6

ND

social impact