2015

Conférence

. In Proceedings of the 13th Annual Conference on Privacy, Security and Trust (PST 2015), November 26-28 2015, Aksaray, Turkey, pages 133-138, IEEE Computer Society, 2015

The workflow satisfiability problem has been studied by researchers in the security community using various approaches. The goal is to ensure that the user/role is authorised to execute the current task and that this permission doesn't prevent the remaining tasks in the workflow instance to be achieved. A valid authorisation plan consists in affecting authorised roles and users to workflow tasks in such a way that all the authorisation constraints are satisfied. Previous works are interested in workflow satisfiability problem by considering intra-instance constraints, i.e. constraints which are applied to a single instance. However, inter-instance constraints which are specified over multiple workflow instances are also paramount to mitigate the security frauds. In this paper, we present how ECA (Event-Condition-Action) paradigm and agent technology can be exploited to control authorisation plan in order to meet dynamic constraints, namely intra-instance and inter-instance constraints. We present a specification of a set of ECA rules that aim to achieve this goal. A prototype implementation of our proposed approach is also provided in this paper.

@inproceedings{inproceedings,
author = {Jemel, Meriam and Ben Azzouna, Nadia and Ghedira, Khaled},
year = {2015},
month = {07},
pages = {133-138},
title = {ECA rules for controlling authorisation plan to satisfy dynamic constraints},
doi = {10.1109/PST.2015.7232964}
}