2013

Conférence

In the 6th International Conference on Security of Information and Networks (SIN 2013), July 21-23 2013, Izmir, Turkey, pages 440-443, ACM, 2013.

Role-Based Access Control (RBAC) model has been developed as an alternative to traditional approaches to handle access control in workflow systems. Accordingly, authorisation constraints must be defined to enforce the legal assignment of access privileges to roles and roles to users. The authorisation planning ensures that there is at least one way to complete the workflow instance without breaching any of the authorisation constraints. Authorisation planning with considering intra-instance constraints has been discussed in the research literature. However, the inter-instance constraints also need to be considered to mitigate the security fraud. In this paper, a novel authorisation system that incorporates intra-instance and inter-instance constraints is proposed. It includes the planning phase, the execution phase, and the adjustment phase. It is in charge of generating user/role assignment plans, verifying them and eventually updating them to take into account the dynamic (intra-instance and inter-instance) constraints. Besides, grounded upon agent technology and publish-subscribe communication model, a mechanism for the consideration of dynamic constraints (intra-instance and inter-intance) to generate valid assignment plans is demonstrated.

@inproceedings{inproceedings,
author = {Jemel, Meriam and Ben Azzouna, Nadia and Ghedira, Khaled},
year = {2013},
month = {11},
pages = {440-443},
title = {Towards a dynamic authorisation planning satisfying intra-instance and inter-instance constraints},
journal = {SIN 2013 - Proceedings of the 6th International Conference on Security of Information and Networks},
doi = {10.1145/2523514.2523582}
}