Abstract
The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems (WFMSs). Furthermore, existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs. To address these concerns, we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied. Based on the definition, we put forward static and dynamic conflict detection methods for authorization policies. By defining two new concepts, the precedence establishment rule and the conflict resolution policy, we provide a flexible approach to resolving conflicts.
Similar content being viewed by others
References
Atluri, V., Huang, W.K., 1996. An Authorization Model for Workflows. Proc. 5th European Symp. on Research in Computer Security, p.44–64. [doi:10.1007/3-540-61770-1]
Atluri, V., Huang, W.K., 2000. A petri net based safety analysis of workflow authorization models. J. Comput. Secur., 8(2):209–240.
Bertino, E., 2003. RBAC models-concepts and trends. Comput. & Secur., 22(6):511–514. [doi:10.1016/S0167-4048(03)00609-6]
Dunlop, N., Indulska, J., Raymond, K., 2002. Dynamic Conflict Detection in Policy-based Management Systems. Proc. 6th Int. Enterprise Distributed Object Computing Conf., p.15–26. [doi:10.1109/EDOC.2002.1137693]
Dunlop, N., Indulska, J., Raymond, K., 2003. Methods for Conflict Resolution in Policy-based Management System. 7th IEEE Int. Enterprise Distributed Object Computing Conf., p.98–109. [doi:10.1109/EDOC.2003.1233841]
Ferraiolo, D.F., Cugini, J.A., Kuhn, D.R., 1995. Role-Based Access Control (RBAC): Features and Motivations. Proc. 11th Annual Computer Security Application Conf., p.11–15.
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R., 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224–274. [doi:10.1145/501978.501980]
Georgakopoulos, D., Hornick, M., Sheth, A., 1995. An overview of workflow management: from process modelling to workflow automation infrastructure. Distrib. Parall. Databases., 3(2):119–153. [doi:10.1007/BF01277643]
He, Z.L., Tian, J.D., Zhang, Y.S., 2005. Analysis, detection and resolution of policy conflict. J. Lanzhou Univ. Technol. 31(5):83–86 (in Chinese).
Huang, W.K., Atluri, V., 1999. SecureFlow: A Secure Webenabled Workflow Management System. Proc. 4th ACM Workshop on Role-based Access Control, p.83–94. [doi:10.1145/319171.319179]
Moffett, J.D., Sloman, M.S., 1994. Policy conflict analysis in distributed system management. Ablex Publish. J. Organ. Comput., 4(1):1–22.
Oh, S., Park, S., 2003. Task-role-based access control model. Inf. Syst., 28(6):533–562. [doi:10.1016/S0306-4379(02) 00029-7]
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E., 1996. Role-based access control models. IEEE Comput., 29(2):38–47. [doi:10.1109/2.485845]
Thomas, R.K., Sandhu, R.S., 1997. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. Proc. IFIP WG11.3 Workshop on Database Security, p.11–13.
Author information
Authors and Affiliations
Corresponding author
Additional information
Project supported by the National Natural Science Foundation of China (Nos. 50705084 and 60473129) and the Science and Technology Plan of Zhejiang Province, China (No. 2007C13018)
Rights and permissions
About this article
Cite this article
Ma, Ch., Lu, Gd. & Qiu, J. Conflict detection and resolution for authorization policies in workflow systems. J. Zhejiang Univ. Sci. A 10, 1082–1092 (2009). https://doi.org/10.1631/jzus.A0820366
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/jzus.A0820366