3,434 research outputs found
On the satisfiability of constraints in workflow systems
Separation of duty and binding of duty in workflow systems is an
important area of current research in computer security. We
introduce a formal model for constrained workflow systems that
incorporate constraints for implementing such policies. We define an
entailment constraint, which is defined on a pair of tasks in a work
flow, and show that such constraints can be used to model many
familiar authorization policies. We show that a set of entailment
constraints can be manipulated algebraically in order to compute all
possible dependencies between tasks in the workflow. The resulting
set of constraints form the basis for an analysis of the
satisfiability of a workflow. We briefly consider how this analysis
can be used to implement a reference monitor for workflow systems
A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
Purpose is crucial for privacy protection as it makes users confident that
their personal data are processed as intended. Available proposals for the
specification and enforcement of purpose-aware policies are unsatisfactory for
their ambiguous semantics of purposes and/or lack of support to the run-time
enforcement of policies.
In this paper, we propose a declarative framework based on a first-order
temporal logic that allows us to give a precise semantics to purpose-aware
policies and to reuse algorithms for the design of a run-time monitor enforcing
purpose-aware policies. We also show the complexity of the generation and use
of the monitor which, to the best of our knowledge, is the first such a result
in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International
Workshop on Security and Trust Management (STM 2015
A structured approach to VO reconfigurations through Policies
One of the strength of Virtual Organisations is their ability to dynamically
and rapidly adapt in response to changing environmental conditions. Dynamic
adaptability has been studied in other system areas as well and system
management through policies has crystallized itself as a very prominent
solution in system and network administration. However, these areas are often
concerned with very low-level technical aspects. Previous work on the APPEL
policy language has been aimed at dynamically adapting system behaviour to
satisfy end-user demands and - as part of STPOWLA - APPEL was used to adapt
workflow instances at runtime. In this paper we explore how the ideas of APPEL
and STPOWLA can be extended from workflows to the wider scope of Virtual
Organisations. We will use a Travel Booking VO as example.Comment: In Proceedings FAVO 2011, arXiv:1204.579
Supporting Compliance through Enhancing Internal Control Systems by Conceptual Business Process Security Modeling
The importance of Business Process Modeling (BPM) particularly in sensitive areas combined with the rising impact of legislative requirements on IT operations results in a need to conceptually represent security seman- tics in BPM. We define critical security semantics that need to be incorporated in BPM to aid documentation of security needs and support compliant behavior of security systems. We analyze ways to express such semantics in BPM and their possible role in designing and operating internal control systems, which ensure and document the execution of compliance-related activities. The analysis shows that there are informal, semi-formal and for- mal approaches to represent security semantics in BPM. We consider the informal approaches as best suited to express security objectives and their formal counterparts as best to specify security mechanisms to enforce the objectives. All three groups of approaches have the potential to enhance the expressiveness and informative value of an internal control system
Recommended from our members
Proceedings ICPW'07: 2nd International Conference on the Pragmatic Web, 22-23 Oct. 2007, Tilburg: NL
Proceedings ICPW'07: 2nd International Conference on the Pragmatic Web, 22-23 Oct. 2007, Tilburg: N
- …