© The Institution of Engineering and Technology
Task-based access control (TBAC) is a flexible security mechanism, which has been widely implemented in workflow management systems. In TBAC, permissions are assigned to tasks and users can only obtain the permissions during the execution of tasks. The authors aim at developing a method for formalising and analysing security properties of workflow systems under TBAC policy. To achieve this goal, the authors first present WFPI, workflow π-calculus. By adding task execution and submission primitives, and tagging each agent with its executing and distributing tasks, WFPI can flexibly represent the concepts and elements in workflow systems. Then, based on WFPI, a type system is proposed to ensure that the well-typed workflow systems can abide by the TBAC policy at run time, by avoiding run-time access violations. To the best of one's knowledge, the present research is the first attempt to study workflow access control by process calculus and types.
References
-
-
1)
-
J. Parrow ,
J.A. Bergstra ,
A. Ponse ,
S.A. Smolka
.
(2001)
An introduction to the Pi calculus, Handbook of process algebra.
-
2)
-
S.L. Wu ,
A. Sheth ,
J. Miller ,
Z.W. Luo
.
Authorization and access control of application data in workflow systems.
J. Intell. Inf. Syst.
,
1 ,
71 -
94
-
3)
-
Knorr, K.: `Dynamic access control through Petri net workflows', Proc. 16th Annual Computer Security Applications Conf., December 2000, New Orleans, p. 159–167.
-
4)
-
W. Sadiq ,
M.E. Orlowska
.
Analyzing process models using graph reduction techniques.
Inf. Syst.
,
2 ,
117 -
134
-
5)
-
W.M.P.V.D. Aalst
.
The application of Petri nets to workflow management.
J. Circuits Syst. Comput.
,
1 ,
21 -
26
-
6)
-
V. Atluri ,
W.K. Huang
.
A Petri net based safety analysis of workflow authorization models.
J. Comput. Secur.
,
1 -
13
-
7)
-
M. Hennessy ,
J. Riely
.
Resource access control in systems of mobile agents.
Inf. Comput.
,
1 ,
82 -
120
-
8)
-
Atluri, V., Huang, W.K.: `An authorization model for workflows', Proc. 5th European Symp. on Research in Computer Security, September 1996, Rome, Italy, p. 44–64.
-
9)
-
R. Milner ,
J. Parrow ,
D. Walker
.
A calculus of mobile processes.
J. Inf. Comput.
,
1 ,
1 -
77
-
10)
-
D. Sangiorgi ,
D. Walker
.
(2001)
The Pi-Calculus: a theory of mobile processes.
-
11)
-
Puhlmann, F., Weske, M.: `Using the Pi-Calculus for formalizing workflow patterns', 3rdInt. Conf. Business Process Management, September 2005, Nancy, p. 153–168.
-
12)
-
`Workflow security considerations-white paper', WF-TC-1019:, February 1998.
-
13)
-
M. Hennessy ,
J. Riely
.
Information flow vs. resource access in the asynchronous Pi-Calculus.
ACM Trans. Program. Lang. Syst.
,
5 ,
566 -
591
-
14)
-
`Workflow management coalition: the workflow reference model', WF-TC00-1003:, January 1995.
-
15)
-
Cardelli, L., Ghelli, G., Gordon, A.D.: `Secrecy and group creation', Proc. 11th Int. Conf. Concurrency Theory, August 2000, PA, USA, p. 365–379.
-
16)
-
H. Bi ,
J.L. Zhao
.
Applying propositional logic to workflow verification.
Inf. Technol. Manag.
,
293 -
318
-
17)
-
C. Braghin ,
D. Gorla ,
V. Sassone
.
A distributed calculus for role-based access control.
J. Comput. Secur.
,
2 ,
113 -
155
-
18)
-
S. Oh ,
S. Park
.
Task role based access control models.
Inf. Syst.
,
6 ,
533 -
562
-
19)
-
Y. Dong ,
S.S. Zhang
.
Approach for workflow modeling using Pi-Calculus.
J. Zhejiang Univ. Sci.
,
6 ,
643 -
650
-
20)
-
Thomas, R.K., Sandhu, R.S.: `Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management', Proc. IFIP WG11.3 Workshop on Database Security, August 1997, Vancouver, Canada, p. 166–181.
-
21)
-
Bugliesi, M., Colazzo, D., Crafa, S.: `Type based discretionary access control', Proc. 15th Int. Conf. Concurrency Theory, September 2004, London, UK, p. 225–239.
-
22)
-
`Web Services Business Process Execution Language (WS-BPEL)', Version 2.0, January 2007.
-
23)
-
Padget, J.A., Bradford, R.J.: `A Pi-Calculus model of a Spanish fish market – preliminary report', 1stInt. Workshop on Agent Mediated Electronic Trading, May 1998, Minneapolis, USA, p. 166–188.
-
24)
-
B.C. Pierce
.
(2002)
Types and programming languages.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-sen_20070098
Related content
content/journals/10.1049/iet-sen_20070098
pub_keyword,iet_inspecKeyword,pub_concept
6
6