Least privilege security in CapBasED-AMS

Workflow systems are becoming very popular and are being used to support many of the day to day activities in large organizations. One of the major problems with workflow systems is that they often use heterogeneous and distributed hardware and software systems to execute a given activity. This gives rise to decentralized security policies and mechanisms, which, in order to enable activity execution, give too many privileges (for accessing resources like documents) to the agents (humans or systems) for executing the work. We develop the concept of least privilege, wherein the set of agents are given just enough privileges to complete the given activities. We develop our concepts in the context of CapBasED-AMS (Capability-based and Event-driven Activity Management System). The CapBasED-AMS deals with the management and execution of activities. An activity consists of multiple inter-dependent tasks (atomic activities, each executed by a single agent) that need to be coordinated, scheduled and executed by a set of agents. We formalize the concept of least privilege security and present algorithms to statically assign least privilege assignment to the agents. Further, we develop the concept of dynamic least privilege enforcement, wherein an agent is given its privileges only during the duration of the task for which those privileges were assigned. We also develop the concept of dynamic evolution of least privileges by taking into consideration the changes in the way resources are accessed by the agents in executing their tasks. Finally, we address the trade-off between resilience to agent failure and least privilege