A logical framework for reasoning about delegation policies in workflow management systems

Khaled Gaaloul 1, 2, * Erik Proper 2 Ehtesham Zahoor 1 François Charoy 1 Claude Godart 1
* Corresponding author
1 SCORE - Services and Cooperation
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
2 CRP Henri Tudor
CRP Henri Tudor - Centre de Recherche Public Henri Tudor [Headquarters]
Abstract : Task delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between workflow and access control systems. Delegation completion and authorisation enforcement are specified under specific constraints so-called events. In this article, we aim to reason about delegation events to model task delegation and to specify delegation policies using a logical framework. To that end, we propose an event-based task delegation model to control the delegation execution. We then identify relevant events responsible for the dynamic enforcement of delegation policies. Further, we define a task-oriented access control model to specify delegation constraints into authorisation policies. Finally, we propose a technique to automate the delegation policies integration. Using event calculus, we develop a reasoning tool to control the delegation execution and to increase the compliance of all delegation changes in the existing policy of the workflow.
Document type :
Journal articles
Complete list of metadatas

Cited literature [26 references]  Display  Hide  Download

https://hal.inria.fr/hal-00677854
Contributor : François Charoy <>
Submitted on : Thursday, September 13, 2012 - 7:00:03 AM
Last modification on : Tuesday, December 18, 2018 - 4:26:02 PM
Long-term archiving on : Friday, December 14, 2012 - 2:25:10 AM

File

IJICS040405_GAALOUL.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Khaled Gaaloul, Erik Proper, Ehtesham Zahoor, François Charoy, Claude Godart. A logical framework for reasoning about delegation policies in workflow management systems. International Journal of Information and Computer Security, Inderscience, 2011, 4 (4), pp.365-388. ⟨10.1504/IJICS.2011.044825⟩. ⟨hal-00677854⟩

Share

Metrics

Record views

404

Files downloads

379