Int. J. of Information and Computer Security   »   2011 Vol.4, No.4

 

 

Title: A logical framework for reasoning about delegation policies in workflow management systems

 

Authors: Khaled Gaaloul; H.A. Proper; Ehtesham Zahoor; François Charoy; Claude Godart

 

Addresses:
CRP Henri Tudor, L-1855 Luxembourg-Kirchberg, Luxembourg.
CRP Henri Tudor, L-1855 Luxembourg-Kirchberg, Luxembourg.
LORIA, Nancy University, UMR 7503, BP 239, F-54506 Vandoeuvre-lès-Nancy Cedex, France.
LORIA, Nancy University, UMR 7503, BP 239, F-54506 Vandoeuvre-lès-Nancy Cedex, France.
LORIA, Nancy University, UMR 7503, BP 239, F-54506 Vandoeuvre-lès-Nancy Cedex, France

 

Abstract: Task delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between workflow and access control systems. Delegation completion and authorisation enforcement are specified under specific constraints so-called events. In this article, we aim to reason about delegation events to model task delegation and to specify delegation policies using a logical framework. To that end, we propose an event-based task delegation model to control the delegation execution. We then identify relevant events responsible for the dynamic enforcement of delegation policies. Further, we define a task-oriented access control model to specify delegation constraints into authorisation policies. Finally, we propose a technique to automate the delegation policies integration. Using event calculus, we develop a reasoning tool to control the delegation execution and to increase the compliance of all delegation changes in the existing policy of the workflow.

 

Keywords: workflow management; task delegation; access control; authorisation policy; event calculus; business process security; reasoning tools.

 

DOI: 10.1504/IJICS.2011.044825

 

Int. J. of Information and Computer Security, 2011 Vol.4, No.4, pp.365 - 388

 

Available online: 08 Jan 2012

 

 

Editors Full text accessPurchase this articleComment on this article