A Flexible Access Control Model for Dynamic Workflow Using Extended WAM and RBAC

摘要

Security issues pertaining to workflow systems are becoming increasingly important for the cross-enterprises interoperability in insecure environments. Among them, access control for information confidentiality and integrity has attracted widespread attention. However, in the context of the contemporary dynamic business environment, the traditional workflow authorization model (WAM) faces limitations in handling the consequences of dynamic workflow changes and exceptions, since it focuses primarily on the synchronization of authorization flow by using authorization templates (ATs). In this paper, we propose a flexible access control with dynamic checking features for handling workflow changes and exceptions. Extended temporal role-based access control and flexible workflow authorization template are adopted in order to further enhance the traditional AT, thereby ensuring information confidentiality and integrity. Additionally, a case study applying the proposed model to uEngine, an open source workflow management system, is presented.