Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12]

@

Journal of Information Science and Engineering, Vol. 29 No. 3, pp. 417-440 (May 2013)


Chinese Wall Security Model for Workflow Management Systems with Dynamic Security Policy*


YU-CHENG HSIAO AND GWAN-HWAN HWANG+
Department of Computer Science and Information Engineering
National Taiwan Normal University
Taipei, 106 Taiwan
E-mail: swanky.hsiao@gmail.com; ghhwang@csie.ntnu.edu.tw+

Secure workflow management systems (WfMSs) are required to support major security features such as authentication, confidentiality, data integrity, and nonrepudiation. The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which an access control model is not sufficient for this if the WfMS does not keep the run-time history of data accesses and company information is mutable, and we then propose an application programming interface (API) to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This API can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this API in a WfMS.

Keywords: workflow management system (WfMS), Chinese wall security model (CWSM), role-based access control (RBAC), security, computer-supported cooperative work (CSCW)

Full Text () Retrieve PDF document (201305_02.pdf)

Received March 1, 2011; revised July 22 & August 24, 2011; accepted October 4, 2011.
Communicated by Chih-Ping Chu.
* This work was supported in part by the National Science Council Taiwan under grant 98-2220-E-003-002 and 99-2220-E-003-002.
+ Corresponding author.