TY - GEN
T1 - Implementing the Chinese wall security model in workflow management systems
AU - Hsiao, Yu Cheng
AU - Hwang, Gwan Hwan
PY - 2010
Y1 - 2010
N2 - The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which the role-based access control model is not sufficient for this, and we then propose a security policy language to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This language can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this language in a WfMS.
AB - The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which the role-based access control model is not sufficient for this, and we then propose a security policy language to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This language can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this language in a WfMS.
KW - Chinese wall security model (CWSM)
KW - Role-based access control (RBAC)
KW - Workflow management system (WfMS)
UR - http://www.scopus.com/inward/record.url?scp=79952084437&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79952084437&partnerID=8YFLogxK
U2 - 10.1109/ISPA.2010.41
DO - 10.1109/ISPA.2010.41
M3 - Conference contribution
AN - SCOPUS:79952084437
SN - 9780769541907
T3 - Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010
SP - 574
EP - 581
BT - Proceedings - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010
T2 - International Symposium on Parallel and Distributed Processing with Applications, ISPA 2010
Y2 - 6 September 2010 through 9 September 2010
ER -