Tuesday, 13 September 2011

What is a secure Workflow

Source: P. C. K. Hung and K. Karlapalem, “A secure workflow model,” in Proc. of AISC on ACSW frontiers 2003 - Volume 21.    Australian Computer Society, Inc., 2003, pp. 33–41.

** all information below is quoted directly from the source paper, non of this is in my own words **

Definition 1:    A secure workflow is a computer supported business process that is capable to against security threats and further satisfies the security requirements defined by the workflow modeler.

Definition 2: A secure Workflow Management System (WFMS) is a workflow management system that can specify, manage and execute a secure workflow.

==========

In a secure workflow model, there are three layers for a secure state: Workflow, Data and Control:

Workflow:
Availability in the workflow layer is: “For every task there must be at least one agent who is able to execute the task.”

Integrity and Authorization in the work- flow layer is: “An agent can only execute the assigned task if and only if the privilege “execute” is granted. The secure workflow has to revoke the privilege from an agent if the task has completed execution.”

Data:
Integrity and Authorization in the data layer is: “An agent can only access a document with a specific privilege if and only if the document access privilege is granted to the agent and also it is needed to access the document with the privilege during the task execution. The secure workflow has to revoke the document access privilege from an agent if the document access privilege is no longer needed.”


==========

To ensure the property of authorization:
The secure workflow model assigns the task to an agent if and only if the agent can execute the task.

To ensure the properties of integrity and authorization, the secure workflow model:
- Grants the task to the assigned agent for execution if and only if the set of input events is generated, the task is not started and all the dependent tasks are completed in the relevant session.
- Revokes the task from the assigned agent if and only if the set of output events is generated and all the granted privileges for documents are revoked in the session.
- Grants the document access privilege to the agent for execution if and only if it is authorized by the task’s TAC in the session.
- Revokes the document access privilege from the agent if and only if the document access privilege or task is completed in the session.
- (an agent can) generate the event for a task if and only if it is authorized in the session.



No comments:

Post a Comment