Title :
Specifying application-level security in workflow systems
Author :
Olivier, Martin S. ; De Riet, Reind P van ; Gudes, Ehud
Author_Institution :
Dept. of Comput. Sci., Rand Afrikaans Univ., Johannesburg, South Africa
Abstract :
A workflow process involves the execution of a set of related activities over time to perform a specific task. Security requires that such activities may only be performed by authorised subjects. In order to enforce such requirements, access to the underlying data objects has to be controlled. We refer to such access control as level 1 access control. In addition, when an individual is authorised to perform an activity, access should be limited to the time that the activity is being performed: Access to activity information before an activity commences or after it has terminated may be undesirable. This we will refer to as level 2 security. Finally, applications often specify application-oriented (level 3) security requirements. This paper considers security restrictions in the latter category and proposes a rigorous approach that may be used to specify such policies. Enforcement (implementation) of such policies is also considered. The paper assumes that level 1 and level 2 mechanisms are in place and builds level 3 security mechanisms on these underlying levels
Keywords :
authorisation; formal specification; application-level security specification; authorised subjects; level 1 access control; level 2 security; workflow systems; Africa; Authorization; Computer science; Data security; Databases; Electrical capacitance tomography; Formal specifications; Information security; Mathematics; Workflow management software;
Conference_Titel :
Database and Expert Systems Applications, 1998. Proceedings. Ninth International Workshop on
Conference_Location :
Vienna
Print_ISBN :
0-8186-8353-8
DOI :
10.1109/DEXA.1998.707423
