Abstract
The enforcement of authorization constraints such as separation of
duty in workflow systems is an important area of current research
in computer security. We briefly summarize our model for constrained
workflow systems and develop a systematic algebraic method for combining
constraints and authorization information. We then show how the closure
of a set of constraints and the use of linear extensions can be used
to develop an algorithm for computing authorized users in a constrained
workflow system. We show how this algorithm can be used as the basis
for a reference monitor. We discuss the computational complexity
of implementing such a reference monitor and briefly compare our
methods with the best existing approach.
Users
Please
log in to take part in the discussion (add own reviews or comments).