Abstract
The Role Based Access Control (RBAC) model contains a structural representation of the enterprise organization, facilities for the administration of access control, and is extremely flexible. The traditional RBAC model can be applied to WorkFlow Management System (WFMS) well, but applying it causes some issues. Since the senior roles inherit all the permissions of the junior roles and all the permissions are accumulated for the top senior role, applying the traditional RBAC to WFMS does not meet the access control requirements: least privilege principle, Separation of Duty (SoD). This can cause problems with the misuse of rights and the opportunity to commit fraud. It can make it difficult to guarantee the integrity of the system. In order to solve these problems, we propose applying Restricted Permission Inheritance RBAC, called RPI-RBAC, to WFMS authorization. We evaluate the advantages and benefits of applying the RPI-RBAC model to WFMS authorization in design time and runtime.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Moffett, J.D.: Control principles and role hierarchies. In: Proceedings of the third ACM workshop on Role-based access control, October 1998, pp. 63–69 (1998)
Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role- Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Simon, R., Zurko, M.E.: Separation of Duty in Role-based Environments. In: 10th Computer Security Foundations Workshop (CSFW 1997), June 10-12, pp. 183–194 (1997)
Moffett, J.D., Lupu, E.C.: The uses of role hierarchies in access control. In: Proceedings of the fourth ACM workshop on Role-based access control, pp. 153–160 (1999)
Ferraiolo, D.F., Richard Kuhn, D., Chandramouli, R.: Role-Based Access Control. Artech House Publishers, ISBN 1-58053-370-1
Yi, Y., Kim, M., Lee, Y., Lee, H., Noh, B.: Applying RBAC Providing Restricted Permission Inheritance to a Corporate Web Environment. In: Zhou, X., Zhang, Y., Orlowska, M.E. (eds.) APWeb 2003. LNCS, vol. 2642, pp. 287–292. Springer, Heidelberg (2003)
Barkely, J., Darneston, M.: Workflow Management employing Role-Based Access Control, United States Patent, Patent Number: 6,088,679, Date of Patent: July 11 (2000)
Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40 (March 2001)
Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security 2(1), 65–104 (1999)
Kandala, S., Sandhu, R.: Extending the BFA Workflow Authorization Model to Ex-press Weighted Voting. In: Database Security XIII: Status and Prospects, Kluwer, Dordrecht (2000)
Ahn, G.-J., Sandhu, R., Kang, M., Park, J.: Injecting RBAC to Secure a Web-based Workflow System. In: ACM RBAC 2000 (2000)
Kern, A., Kuhlmann, M., Schaad, A., Moffett, J.: Observations on the Role Life-Cycle in the Context of Enterprise Security Management. In: SACMAT 2002 (2002)
Kuhlmann, M., Shohat, D., Schimpf, G.: Role Mining - Revealing Business Roles for Security Administration using Data Mining Technology. In: SACMAT 2003 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, H., Lee, S., Noh, B. (2004). A New Role-Based Authorization Model in a Corporate Workflow Systems*. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_82
Download citation
DOI: https://doi.org/10.1007/978-3-540-24707-4_82
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22054-1
Online ISBN: 978-3-540-24707-4
eBook Packages: Springer Book Archive