Modularity is an important concept in the design and enact-ment of workows. However, supporting the specification and enforcement of authorization in this setting is not straightfor-ward. In this paper, we introduce a notion of component and a combination mechanism for security-sensitive workows. These are business processes in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (speci-fying which users can execute which tasks). We show how authorization constraints can also be imposed across com-ponents and demonstrate the usefulness of our notion of component by showing (i) the scalability of a technique for the synthesis of run-Time monitors for security-sensitive workows; and (ii) the design of a plug-in for the reuse of workows and related run-Time monitors inside an editor for security-sensitive workows.
Modular synthesis of enforcement mechanisms for the workflow satisfiability problem: Scalability and reusability / Dos Santos, D. R.; Ponta, S. E.; Ranise, S.. - 06-08-:(2016), pp. 89-99. (Intervento presentato al convegno 21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016 tenutosi a chn nel 2016) [10.1145/2914642.2914649].
Modular synthesis of enforcement mechanisms for the workflow satisfiability problem: Scalability and reusability
Ranise S.
2016-01-01
Abstract
Modularity is an important concept in the design and enact-ment of workows. However, supporting the specification and enforcement of authorization in this setting is not straightfor-ward. In this paper, we introduce a notion of component and a combination mechanism for security-sensitive workows. These are business processes in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (speci-fying which users can execute which tasks). We show how authorization constraints can also be imposed across com-ponents and demonstrate the usefulness of our notion of component by showing (i) the scalability of a technique for the synthesis of run-Time monitors for security-sensitive workows; and (ii) the design of a plug-in for the reuse of workows and related run-Time monitors inside an editor for security-sensitive workows.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione