Article

Dynamic authorisation policies for event-based task delegation

Authors:

Khaled Gaaloul,

Ehtesham Zahoor,

François Charoy,

Claude GodartAuthors Info & Claims

CAiSE'10: Proceedings of the 22nd international conference on Advanced information systems engineering

Pages 135 - 149

Published: 07 June 2010 Publication History

Abstract

Task delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between both workflow and access control systems. There are two important issues relating to delegation, namely allowing task delegation to complete, and having a secure delegation within a workflow. Delegation completion and authorisation enforcement are specified under specific constraints. Constraints are defined from the delegation context implying the presence of a fixed set of delegation events to control the delegation execution. In this paper, we aim to reason about delegation events to specify delegation policies dynamically. To that end, we present an event-based task delegation model to monitor the delegation process. We then identify relevant events for authorisation enforcement to specify delegation policies. Moreover, we propose a technique that automates delegation policies using event calculus to control the delegation execution and increase the compliance of all delegation changes in the global policy.

References

[1]

Venter, K., Olivier, M.S.: The delegation authorization model: A model for the dynamic delegation of authorization rights in a secure workflow management system. In: CCITT Recommendation X.420, Blue Book (2002)

Google Scholar

[2]

Vijayalakshmi, A., Janice, W.: Supporting conditional delegation in secure work-flow management systems. In: SACMAT 2005: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 49-58. ACM, New York (2005)

Digital Library

Google Scholar

[3]

Gaaloul, K., Charoy, F.: Task delegation based access control models for work-flow systems. In: I3E 2009: Proceedings of Software Services for e-Business and e-Society, 9th IFIP WG 6.1 Conference on e-Business, e-Services and e-Society, Nancy, France, September 23-25. IFIP, vol. 305. Springer, Heidelberg (2009)

Google Scholar

[4]

Gaaloul, K., Miseldine, P., Charoy, F.: Towards proactive policies supporting event-based task delegation. In: The International Conference on Emerging Security Information, Systems, and Technologies, pp. 99-104 (2009)

Digital Library

Google Scholar

[5]

Atluri, V., Huang, W., Bertino, E.: An execution model for multilevel seccure workflows. In: Proceedings of the IFIP WG11.3 Eleventh International Conference on Database Security, pp. 151-165. Chapman & Hall, Ltd., London (1998)

Digital Library

Google Scholar

[6]

Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and enforcing access control policies for xml document sources. World Wide Web 3(3), 139-151 (2000)

Digital Library

Google Scholar

[7]

Crampton, J., Khambhammettu, H.: Delegation in role-based access control. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 174-191. Springer, Heidelberg (2006)

Digital Library

Google Scholar

[8]

Kowalski, R.A., Sergot, M.J.: A logic-based calculus of events. New Generation Comput. 4(1), 67-95 (1986)

Digital Library

Google Scholar

[9]

Zahoor, E., Perrin, O., Godart, C.: A declarative approach to timed-properties aware Web services composition, INRIA internal report 00455405 (February 2010)

Google Scholar

[10]

Mueller, E.T.: Commonsense Reasoning. Morgan Kaufmann Publishers Inc., USA (2006)

Digital Library

Google Scholar

[11]

Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38-47 (1996)

Digital Library

Google Scholar

[12]

Barka, E., Sandhu, R.: Framework for role-based delegation models. In: ACSAC 2000: Proceedings of the 16th Annual Computer Security Applications Conference, Washington, DC, USA, p. 168. IEEE Computer Society, Los Alamitos (2000)

Digital Library

Google Scholar

[13]

Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: SACMAT 2003: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 149-157. ACM Press, New York (2003)

Digital Library

Google Scholar

[14]

Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B., Mulmo, O.: Policy administration control and delegation using xacml and delegent. In: Proceedings of 6th IEEE/ACM International Conference on Grid Computing (GRID 2005), Seattle, Washington, USA, November 13-14, pp. 49-54 (2005)

Digital Library

Google Scholar

Cited By

View all

Gaaloul KProper HZahoor ECharoy FGodart C(2011)A logical framework for reasoning about delegation policies in workflow management systemsInternational Journal of Information and Computer Security10.1504/IJICS.2011.0448254:4(365-388)Online publication date: 1-Jan-2011
https://dl.acm.org/doi/10.1504/IJICS.2011.044825

Index Terms

Dynamic authorisation policies for event-based task delegation
1. Applied computing
  1. Enterprise computing
    1. Business process management

Index terms have been assigned to the content through auto-classification.

Recommendations

Towards Proactive Policies Supporting Event-Based Task Delegation
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies

Delegation mechanisms are receiving increasing interest from the research community. Task delegation is a mechanism that supports organisational flexibility in the human-centric workflow systems, and ensures delegation of authority in access control ...
Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
A rule-based framework for role-based delegation and revocation

Delegation is the process whereby an active entity in a distributed environment authorizes another entity to access resources. In today's distributed systems, a user often needs to act on another user's behalf with some subset of his/her rights. Most ...

Comments

Information & Contributors

Information

Published In

CAiSE'10: Proceedings of the 22nd international conference on Advanced information systems engineering

June 2010

547 pages

ISBN:3642130933

Editor:
Barbara Pernici
Politecnico di Milano, Dipartimento di Elettronica e Informazione, Milano, Italy

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 07 June 2010

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Gaaloul KProper HZahoor ECharoy FGodart C(2011)A logical framework for reasoning about delegation policies in workflow management systemsInternational Journal of Information and Computer Security10.1504/IJICS.2011.0448254:4(365-388)Online publication date: 1-Jan-2011
https://dl.acm.org/doi/10.1504/IJICS.2011.044825

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Towards Proactive Policies Supporting Event-Based Task Delegation

Delegation in role-based access control

A rule-based framework for role-based delegation and revocation

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations