Workflows represent processes in manufacturing and office environments that typically consist of several well-defined activities (known as tasks). To ensure that these tasks are executed by authorized users or processes (subjects), proper authorizationmechanisms must be in place. Moreover, to make sure that authorized subjects gain access on the required objects only during the execution of the specific task, granting and revoking of privileges need to be synchronized with the progression of the workflow. A predefined specification of the privileges often allows access for more than the time required, thus, though a subject completes the task or have not yet begun the task, it may still prossess privileges to access the objects, resulting in compromising security. In this paper, we propose a Workflow Authorization Model (WAM) that is capable of specifying authorizations in such a way that subjects gain access to requierd objects only during the execution of the task, thus synchronizing the authorization flow with the workflow. To achieve this synchronization, we associate an Authorization Template (AT) with each task, which allows appropriate authorizations to be granted only when the task starts and to revoke them when the task finishes. In this paperm we also present a model of implementation based on Petri nets and show how this synchronization can be implemented. Because the theoretical aspects of Petri nets have been extensively studied and due to their strong mathematical foundation, a Petri net representation of an authorization model serves as a good tool for conducting safety analysis since the safety problem in the authorization model is equivalent to the reachability problem in Petri nets.
展开▼