Implementing the Chinese wall security model in workflow management systems

Yu Cheng Hsiao, Gwan Hwan Hwang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which the role-based access control model is not sufficient for this, and we then propose a security policy language to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This language can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this language in a WfMS.

Original languageEnglish
Title of host publicationProceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010
Pages574-581
Number of pages8
DOIs
Publication statusPublished - 2010 Dec 1
EventInternational Symposium on Parallel and Distributed Processing with Applications, ISPA 2010 - Taipei, Taiwan
Duration: 2010 Sep 62010 Sep 9

Publication series

NameProceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010

Other

OtherInternational Symposium on Parallel and Distributed Processing with Applications, ISPA 2010
CountryTaiwan
CityTaipei
Period10/9/610/9/9

Fingerprint

Access control
Industry

Keywords

  • Chinese wall security model (CWSM)
  • Role-based access control (RBAC)
  • Workflow management system (WfMS)

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications

Cite this

Hsiao, Y. C., & Hwang, G. H. (2010). Implementing the Chinese wall security model in workflow management systems. In Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010 (pp. 574-581). [5634383] (Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010). https://doi.org/10.1109/ISPA.2010.41

Implementing the Chinese wall security model in workflow management systems. / Hsiao, Yu Cheng; Hwang, Gwan Hwan.

Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010. 2010. p. 574-581 5634383 (Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hsiao, YC & Hwang, GH 2010, Implementing the Chinese wall security model in workflow management systems. in Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010., 5634383, Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010, pp. 574-581, International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010, Taipei, Taiwan, 10/9/6. https://doi.org/10.1109/ISPA.2010.41
Hsiao YC, Hwang GH. Implementing the Chinese wall security model in workflow management systems. In Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010. 2010. p. 574-581. 5634383. (Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010). https://doi.org/10.1109/ISPA.2010.41
Hsiao, Yu Cheng ; Hwang, Gwan Hwan. / Implementing the Chinese wall security model in workflow management systems. Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010. 2010. pp. 574-581 (Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010).
@inproceedings{f31bca8143714d2c86ee3e861a21d7e4,
title = "Implementing the Chinese wall security model in workflow management systems",
abstract = "The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which the role-based access control model is not sufficient for this, and we then propose a security policy language to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This language can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this language in a WfMS.",
keywords = "Chinese wall security model (CWSM), Role-based access control (RBAC), Workflow management system (WfMS)",
author = "Hsiao, {Yu Cheng} and Hwang, {Gwan Hwan}",
year = "2010",
month = "12",
day = "1",
doi = "10.1109/ISPA.2010.41",
language = "English",
isbn = "9780769541907",
series = "Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010",
pages = "574--581",
booktitle = "Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010",

}

TY - GEN

T1 - Implementing the Chinese wall security model in workflow management systems

AU - Hsiao, Yu Cheng

AU - Hwang, Gwan Hwan

PY - 2010/12/1

Y1 - 2010/12/1

N2 - The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which the role-based access control model is not sufficient for this, and we then propose a security policy language to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This language can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this language in a WfMS.

AB - The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which the role-based access control model is not sufficient for this, and we then propose a security policy language to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This language can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this language in a WfMS.

KW - Chinese wall security model (CWSM)

KW - Role-based access control (RBAC)

KW - Workflow management system (WfMS)

UR - http://www.scopus.com/inward/record.url?scp=79952084437&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79952084437&partnerID=8YFLogxK

U2 - 10.1109/ISPA.2010.41

DO - 10.1109/ISPA.2010.41

M3 - Conference contribution

AN - SCOPUS:79952084437

SN - 9780769541907

T3 - Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010

SP - 574

EP - 581

BT - Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010

ER -