Return to search

A model for the dynamic delegation of authorization rights in a secure workflow management system.

Businesses are continually striving to become more efficient. In an effort to achieve optimal efficiency, many companies have been forced to re-evaluate the efficiency of their business processes. Consequently, the term “business process re-engineering” (BPR) has been given to the activity of restructuring organizational policies and methods for conducting business. The refinement of business processes is the primary motivation behind the development of automated work- flow systems that ensure the secure and efficient flow of information between activities and participants that constitute the business process. A workflow is an automated business process that comprises a number of related tasks. When these tasks are executed in a systematic way, they contribute to the fulfilment of some goal. The order in which workflow tasks execute is of great significance because these tasks are typically dependent on each other. A workflow management system (WFMS) is responsible for scheduling the systematic execution of workflow tasks whilst considering the dependencies that exist between them. Businesses are realizing the necessity of information management in the functioning and general management of a company. They are recognizing the important role that information security has to play in ensuring that accurate information that is relevant is gathered, applied and maintained to enhance the company’s service to its customers. In a workflow context, information security primarily involves the implementation of access control security mechanisms. These mechanisms help ensure that task dependencies are coordinated and that tasks are performed by authorized subjects only. In doing so, they also assist in the maintenance of object integrity. TheWorkflow Authorization Model (WAM) was developed by Atluri and Huang [AH96b, HA99] with the specific intention of addressing the security requirements of workflow environments. It primarily addresses the granting and revoking of authorizations in a WFMS. TheWAM satisfies most criteria that are required of an optimal access control model. These criteria are the enforcement of separation of duties, the handling of temporal constraints, a role-based application and the synchronization of workflow with authorization flow. Some of these conditions cannot be met through pure role-based access control (RBAC) mechanisms. This dissertation addresses the delegation of task authorizations within a work- flow process by subject roles in the organizational structure. In doing this, a role may have the authority to delegate responsibility for task execution to another individual in a role set. This individual may potentially belong to a role other than the role explicitly authorized to perform the task in question. The proposed model will work within the constraints that are enforced by the WAM. Therefore, the WAM will play a part in determining whether delegation may be approved. This implies that the delegation model may not override any dynamically defined security constraints. The Delegation Authorization Model (DAM) proposed assists in distributing workloads amongst subject roles within an organization, by allowing subjects to delegate task responsibilities to other subjects according to restrictions imposed by security policies. As yet, this area of research has not received much attention. / Prof. M.S. Olivier

Identiferoai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:uj/uj:8807
Date04 June 2008
CreatorsVenter, Karin
Source SetsSouth African National ETD Portal
Detected LanguageEnglish
TypeThesis

Page generated in 0.0026 seconds