Title: A logical framework for reasoning about delegation policies in workflow management systems

Authors: Khaled Gaaloul; H.A. Proper; Ehtesham Zahoor; François Charoy; Claude Godart

Addresses: CRP Henri Tudor, L-1855 Luxembourg-Kirchberg, Luxembourg. ' CRP Henri Tudor, L-1855 Luxembourg-Kirchberg, Luxembourg. ' LORIA, Nancy University, UMR 7503, BP 239, F-54506 Vandoeuvre-lès-Nancy Cedex, France. ' LORIA, Nancy University, UMR 7503, BP 239, F-54506 Vandoeuvre-lès-Nancy Cedex, France. ' LORIA, Nancy University, UMR 7503, BP 239, F-54506 Vandoeuvre-lès-Nancy Cedex, France

Abstract: Task delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between workflow and access control systems. Delegation completion and authorisation enforcement are specified under specific constraints so-called events. In this article, we aim to reason about delegation events to model task delegation and to specify delegation policies using a logical framework. To that end, we propose an event-based task delegation model to control the delegation execution. We then identify relevant events responsible for the dynamic enforcement of delegation policies. Further, we define a task-oriented access control model to specify delegation constraints into authorisation policies. Finally, we propose a technique to automate the delegation policies integration. Using event calculus, we develop a reasoning tool to control the delegation execution and to increase the compliance of all delegation changes in the existing policy of the workflow.

Keywords: workflow management; task delegation; access control; authorisation policy; event calculus; business process security; reasoning tools.

DOI: 10.1504/IJICS.2011.044825

International Journal of Information and Computer Security, 2011 Vol.4 No.4, pp.365 - 388

Available online: 08 Jan 2012

Full-text access for editors Access for subscribers Purchase this article Comment on this article