On the satisfiability of authorization constraints in workflow systems
J. CRAMPTON. Department of Mathematics, Royal Holloway, University of
London, London, (2004)
Zusammenfassung
The enforcement of authorization constraints such as separation of
duty in workflow systems is an important area of current research
in computer security. We briefly summarize our model for constrained
workflow systems and develop a systematic algebraic method for combining
constraints and authorization information. We then show how the closure
of a set of constraints and the use of linear extensions can be used
to develop an algorithm for computing authorized users in a constrained
workflow system. We show how this algorithm can be used as the basis
for a reference monitor. We discuss the computational complexity
of implementing such a reference monitor and briefly compare our
methods with the best existing approach.
%0 Report
%1 Crampton2004
%A CRAMPTON, J.
%C London
%D 2004
%K Workflow constraints, entailment extensions, linear satisfiability specification,
%T On the satisfiability of authorization constraints in workflow systems
%X The enforcement of authorization constraints such as separation of
duty in workflow systems is an important area of current research
in computer security. We briefly summarize our model for constrained
workflow systems and develop a systematic algebraic method for combining
constraints and authorization information. We then show how the closure
of a set of constraints and the use of linear extensions can be used
to develop an algorithm for computing authorized users in a constrained
workflow system. We show how this algorithm can be used as the basis
for a reference monitor. We discuss the computational complexity
of implementing such a reference monitor and briefly compare our
methods with the best existing approach.
@techreport{Crampton2004,
abstract = {The enforcement of authorization constraints such as separation of
duty in workflow systems is an important area of current research
in computer security. We briefly summarize our model for constrained
workflow systems and develop a systematic algebraic method for combining
constraints and authorization information. We then show how the closure
of a set of constraints and the use of linear extensions can be used
to develop an algorithm for computing authorized users in a constrained
workflow system. We show how this algorithm can be used as the basis
for a reference monitor. We discuss the computational complexity
of implementing such a reference monitor and briefly compare our
methods with the best existing approach.},
added-at = {2011-08-05T23:54:50.000+0200},
address = {London},
author = {CRAMPTON, J.},
biburl = {https://www.bibsonomy.org/bibtex/205244ac4a3542508a4644c0523a4004a/lgmarujo},
file = {:PhD Files\\Process Modeling\\Crampton Algebr Constr Workflow ProcFCS-04
2004..pdf:PDF},
institution = {Department of Mathematics, Royal Holloway, University of
London},
interhash = {21041d3998840c628325fe72540aec42},
intrahash = {05244ac4a3542508a4644c0523a4004a},
keywords = {Workflow constraints, entailment extensions, linear satisfiability specification,},
owner = {Lino},
timestamp = {2011-08-05T23:54:50.000+0200},
title = {On the satisfiability of authorization constraints in workflow systems},
year = 2004
}