Implementing the Chinese Wall Security Model in Workflow Management Systems

Author

Hsiao, Yu-Cheng ; Hwang, Gwan-Hwan

Author_Institution

Dept. of Comput. Sci. & Inf. Eng., Nat. Taiwan Normal Univ., Taipei, Taiwan

fYear

2010

fDate

6-9 Sept. 2010

Firstpage

574

Lastpage

581

Abstract

The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which the role-based access control model is not sufficient for this, and we then propose a security policy language to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This language can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this language in a WfMS.

Keywords

authorisation; security of data; workflow management software; CWSM; Chinese wall security model; commercial organizations; role based access control model; workflow management systems; Access control; Companies; Engines; History; Petroleum; Process control; Chinese wall security model (CWSM); Role-based access control (RBAC); Workflow management system (WfMS);

fLanguage

English

Publisher

ieee

Conference_Titel

Parallel and Distributed Processing with Applications (ISPA), 2010 International Symposium on

Conference_Location

Taipei

Print_ISBN

978-1-4244-8095-1

Electronic_ISBN

978-0-7695-4190-7

Type

conf

DOI

10.1109/ISPA.2010.41

Filename

5634383