Reinhardt A. Botha

Separation of duties for access control enforcement in workflow environments

Separation of duty, as a security principle, has as its primary objective the prevention of fraud and errors. This objective is achieved by disseminating the tasks and associated privileges for a specific business process among multiple users. This principle is demonstrated in the traditional example of separation of duty found in the requirement of two signatures on a check. Previous work on separation of duty requirements often explored implementations based on role-based access control (RBAC) principles. These implementations are concerned with constraining the associations between RBAC components, namely users, roles, and permissions. Enforcement of the separation of duty requirements, although an integrity requirement, thus relies on an access control service that is sensitive to the separation of duty requirements. A distinction between separation of duty requirements that can be enforced in administrative environments, namely static separation of duty, and requirements that can only be enforced in a run-time environment, namely dynamic separation of duty, is required. It is argued that RBAC does not support the complex work processes often associated with separation of duty requirements, particularly with dynamic separation of duty. The workflow environment, being primarily concerned with the facilitation of complex work processes, provides a context in which the specification of separation of duty requirements can be studied. This paper presents the conflicting entities administration paradigm for the specification of static and dynamic separation of duty requirements in the workflow environment.

Refereed Papers: Access Control in Document-centric Workflow Systems - An Agent-based Approach

Workflow Systems are increasingly being used to streamline organizations business processes. During the execution of business processes, information often traverses organizations networks as documents. With the proliferation of the Internet, documents travel across open networks. These documents can, however, contain potentially sensitive information. The documents used in Workflow Systems must therefore be protected from unauthorized access. This paper enumerates three access control requirements of workflow environments, including the well-known principle of separation of duty. Thereafter the CSAC (Context-sensitive Access Control) model is presented to address the requirements. In conclusion it is demonstrated how this model can be implemented in an agent-based architecture.

A Context-Sensitive Access Control Model and Prototype Implementation

Role-based access control associates roles with privileges and users with roles. Changes to these associations are infrequent and explicit. This may not reflect business requirements. Access to an object should not only be based on the identity of the object and the user, but also on the actual task that must be performed, i.e. the context of the work to be done. Context-sensitive access control considers the actual task when deciding whether an access should be granted or not. Workflow technology provides an appropriate environment for establishing the context of work. This paper discusses the implementation of a context-sensitive access control mechanism within a workflow environment. Although the prototype represents scaled-down workflow functionality, it illustrates the concept of context-sensitive access control.

Designing role hierarchies for access control in workflow systems

Due to the correspondence between the role abstraction in Role-based Access Control (RBAC) and the notion of organizational positions, it seems easy to construct role hierarchies. This is, however, a misconception. This paper argues that, in order to reflect the functional requirements, a role hierarchy becomes very complex. In a bid to simplify the design of role hierarchies suitable for the expression of access control requirements in workflow systems, the paper proposes a typed role hierarchy. In a typed role hierarchy a role is of a specific type. The associations between different types of roles are limited by rules that govern the construction of a role hierarchy. This paper proposes a methodology to systematically construct a typed role hierarchy. Since the typed nature of the role hierarchy is only relevant during the construction of the role hierarchy, it can seamlessly be integrated into existing RBAC schemes that support the concept of role hierarchies.

A framework for access control in workflow systems

Workflow systems are often associated with business process re‐engineering (BPR). This paper argues that the functional access control requirements in workflow systems are rooted in the scope of a BPR project. A framework for access control in workflow systems is developed. The framework suggests that existing role‐based access control mechanisms can be used as a foundation in workflow systems. The framework separates the administration‐time and the run‐time aspects. Key areas that must be investigated to meet the functional requirements imposed by workflow systems on access control services are identified.

Towards Semantic Integrity in Rational Databases

The usefulness of data largely depends on its correctness, which is determined by the extent to which the data reflects the real-world and universe of discourse. Since the real world is constantly changing, it follows that data must constantly be changed. Since an integrity violation could occur when information is wrongfully changed, changes should only be entrusted to trustworthy users. The changes must, furthermore, occur according to business rules. This type of control falls within the domain of an access control service. This paper investigates activities involved to enforce semantic integrity in relational database environments, particularly those where access is controlled according to a role-based paradigm.