Chinese wall security model for workflow management systems with dynamic security policy

Yu Cheng Hsiao, Gwan Hwan Hwang

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

Secure workflow management systems (WfMSs) are required to support major security features such as authentication, confidentiality, data integrity, and nonrepudiation. The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which an access control model is not sufficient for this if the WfMS does not keep the run-time history of data accesses and company information is mutable, and we then propose an application programming interface (API) to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This API can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this API in a WfMS.

Original languageEnglish
Pages (from-to)417-440
Number of pages24
JournalJournal of Information Science and Engineering
Volume29
Issue number3
Publication statusPublished - 2013 May 1

Fingerprint

workflow management
security policy
Application programming interfaces (API)
Access control
programming
data access
conflict of interest
workflow
Authentication
integrity
Industry
history

Keywords

  • Chinese wall security model (CWSM)
  • Computer-supported cooperative work (CSCW)
  • Role-based access control (RBAC)
  • Security
  • Workflow management system (WfMS)

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Hardware and Architecture
  • Library and Information Sciences
  • Computational Theory and Mathematics

Cite this

Chinese wall security model for workflow management systems with dynamic security policy. / Hsiao, Yu Cheng; Hwang, Gwan Hwan.

In: Journal of Information Science and Engineering, Vol. 29, No. 3, 01.05.2013, p. 417-440.

Research output: Contribution to journalArticle

@article{b80a0057d59e4ccdb8c33157afcd6a47,
title = "Chinese wall security model for workflow management systems with dynamic security policy",
abstract = "Secure workflow management systems (WfMSs) are required to support major security features such as authentication, confidentiality, data integrity, and nonrepudiation. The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which an access control model is not sufficient for this if the WfMS does not keep the run-time history of data accesses and company information is mutable, and we then propose an application programming interface (API) to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This API can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this API in a WfMS.",
keywords = "Chinese wall security model (CWSM), Computer-supported cooperative work (CSCW), Role-based access control (RBAC), Security, Workflow management system (WfMS)",
author = "Hsiao, {Yu Cheng} and Hwang, {Gwan Hwan}",
year = "2013",
month = "5",
day = "1",
language = "English",
volume = "29",
pages = "417--440",
journal = "Journal of Information Science and Engineering",
issn = "1016-2364",
publisher = "Institute of Information Science",
number = "3",

}

TY - JOUR

T1 - Chinese wall security model for workflow management systems with dynamic security policy

AU - Hsiao, Yu Cheng

AU - Hwang, Gwan Hwan

PY - 2013/5/1

Y1 - 2013/5/1

N2 - Secure workflow management systems (WfMSs) are required to support major security features such as authentication, confidentiality, data integrity, and nonrepudiation. The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which an access control model is not sufficient for this if the WfMS does not keep the run-time history of data accesses and company information is mutable, and we then propose an application programming interface (API) to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This API can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this API in a WfMS.

AB - Secure workflow management systems (WfMSs) are required to support major security features such as authentication, confidentiality, data integrity, and nonrepudiation. The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which an access control model is not sufficient for this if the WfMS does not keep the run-time history of data accesses and company information is mutable, and we then propose an application programming interface (API) to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This API can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this API in a WfMS.

KW - Chinese wall security model (CWSM)

KW - Computer-supported cooperative work (CSCW)

KW - Role-based access control (RBAC)

KW - Security

KW - Workflow management system (WfMS)

UR - http://www.scopus.com/inward/record.url?scp=84876245972&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84876245972&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84876245972

VL - 29

SP - 417

EP - 440

JO - Journal of Information Science and Engineering

JF - Journal of Information Science and Engineering

SN - 1016-2364

IS - 3

ER -