DocumentCode
1996847
Title
ECA rules for controlling authorisation plan to satisfy dynamic constraints
Author
Jemel, Meriam ; Ben Azzouna, Nadia ; Ghedira, Khaled
Author_Institution
SOIE Lab., Univ. of Tunis, Tunis, Tunisia
fYear
2015
fDate
21-23 July 2015
Firstpage
133
Lastpage
138
Abstract
The workflow satisfiability problem has been studied by researchers in the security community using various approaches. The goal is to ensure that the user/role is authorised to execute the current task and that this permission doesn´t prevent the remaining tasks in the workflow instance to be achieved. A valid authorisation plan consists in affecting authorised roles and users to workflow tasks in such a way that all the authorisation constraints are satisfied. Previous works are interested in workflow satisfiability problem by considering intra-instance constraints, i.e. constraints which are applied to a single instance. However, inter-instance constraints which are specified over multiple workflow instances are also paramount to mitigate the security frauds. In this paper, we present how ECA (Event-Condition-Action) paradigm and agent technology can be exploited to control authorisation plan in order to meet dynamic constraints, namely intra-instance and inter-instance constraints. We present a specification of a set of ECA rules that aim to achieve this goal. A prototype implementation of our proposed approach is also provided in this paper.
Keywords
authorisation; software agents; ECA rules; agent technology; authorisation constraints; authorisation plan control; dynamic constraints; event-condition-action paradigm; interinstance constraints; intrainstance constraints; security community; security frauds; workflow satisfiability problem; Authorization; Complexity theory; Context; Engines; Planning; Receivers;
fLanguage
English
Publisher
ieee
Conference_Titel
Privacy, Security and Trust (PST), 2015 13th Annual Conference on
Conference_Location
Izmir
Type
conf
DOI
10.1109/PST.2015.7232964
Filename
7232964
Link To Document