Context-sensitive constraints for access control of business processes

Milosavljević, Gordana; Sladić, Goran; Milosavljević, Branko; Zarić, Miroslav; Gostojić, Stevan; Slivka, Jelena

doi:10.2298/csis160628037m

Cited by 6 publications

(10 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Context has been applied to different areas, such as the Internet of Things [18], vehicles [19], mobile computing [20], and healthcare social networks [21]. Furthermore, using context to improve the security of different applications has become an important task for researchers [22,23,[25][26][27][28][29][30][31][32].…”

Section: Contextmentioning

confidence: 99%

Extended Role-Based Access Control with Context-Based Role Filtering

2020

KSII TIIS

View full text Add to dashboard Cite

Activating appropriate roles for a session in the role-based access control (RBAC) model has become challenging because of the so-called role explosion. In this paper, factors and issues related to user-driven role management are analysed, and a session role activation (SRA) problem based on reasonable assumptions is proposed to describe the problem of such role management. To solve the SRA problem, we propose an extended RBAC model with context-based role filtering. When a session is created, context conditions are used to filter roles that do not need to be activated for the session. This significantly reduces the candidate roles that need to be reviewed by the user, and aids the user in rapidly activating the appropriate roles. Simulations are carried out, and the results show that the extended RBAC model is effective in filtering the roles that are unnecessary for a session by using predefined context conditions. The extended RBAC model is also implemented in the Apache Shiro framework, and the modifications to Shiro are described in detail.A preliminary version of this paper appeared in the 3rd International Conference on Information and Network Technologies, 24-26 th of May 2018, Osaka, Japan. This version includes a concrete analysis and definition of the problem of activating roles, along with an implementation of our model.

show abstract

Section: Contextmentioning

confidence: 99%

Extended Role-Based Access Control with Context-Based Role Filtering

2020

KSII TIIS

View full text Add to dashboard Cite

show abstract

“…While considering interaction and process points the question of access control mechanisms arises. In order to ensure that the tasks of a business process are executed by authorized users, proper authorization mechanisms must be applied [22]. In the proposed model, user access is largely defined by the existing access control mechanisms of the legacy applications as they execute the actions of the process.…”

Section: Remarks Conclusion and Additional Commentsmentioning

confidence: 99%

“…In the proposed model, user access is largely defined by the existing access control mechanisms of the legacy applications as they execute the actions of the process. Studied legacy applications are based on the standard RBAC (Role-based Access Control) model (explained in [22] and [23]), with a dynamic SoD (Separation of Duty) concept (described in [22]). User roles defined in the legacy applications contain the authorizations to execute tasks and access resources.…”

Section: Remarks Conclusion and Additional Commentsmentioning

confidence: 99%

Section: Remarks Conclusion and Additional Commentsmentioning

confidence: 99%

“…In case of a BP where context aware access control privileges (privileges depending on current context conditions) are needed, the model would require a Context-sensitive access control model for business processes (COBAC) [22]. The advantage of COBAC is that it extends the RBAC model with business processes, activities, context and resource categories [22,23]. It enables the definition of access control policies on process instance and process context level, assignment of activities to roles and definition of resource access permissions for the activities [22,23].…”

Section: Remarks Conclusion and Additional Commentsmentioning

confidence: 99%

See 2 more Smart Citations

Building a BPM application in an SOA-based legacy environment

Matejaš

Fertalj

2019

COMSIS J

View full text Add to dashboard Cite

Modern organizations need to understand and constantly improve their business processes (BPs) in order to make successful business decisions. This paper describes an integration model for building a Business Process Management Application (BPMA) and connecting the BPMA with legacy systems based on Service-Oriented Architecture (SOA). A BPMA is an application developed to support a BP performed by legacy application/s. A combination of multiple BPMAs provides support for multiple BPs and forms a BPM solution. The presented model is characterized by a simple co-dependence of the BPMA and the existing systems, minimal changes to the legacy applications and a maximal utilization of the existing functionalities. It enables the existing applications to function independently from the BPMA and simplifies the business data used in the BPMA. An extensive evaluation of the model was undertaken by experts from the BPM area. Its feasibility is demonstrated on a real-life business use case scenario.

show abstract

Resource Controllability of Business Processes Under Conditional Uncertainty

2021

View full text Add to dashboard Cite

A current research problem in the area of business process management deals with the specification and checking of constraints on resources (e.g., users, agents, autonomous systems, etc.) allowed to be committed for the execution of specific tasks. Indeed, in many real-world situations, role assignments are not enough to assign tasks to the suitable resources. It could be the case that further requirements need to be specified and satisfied. As an example, one would like to avoid that employees that are relatives are assigned to a set of critical tasks in the same process in order to prevent fraud. The formal specification of a business process and its related access control constraints is obtained through a decoration of a classic business process with roles, users, and constraints on their commitment. As a result, such a process specifies a set of tasks that need to be executed by authorized users with respect to some partial order in a way that all authorization constraints are satisfied. Controllability refers in this case to the capability of executing the process satisfying all these constraints, even when some process components, e.g., gateway conditions, can only be observed, but not decided, by the process engine responsible of the execution. In this paper, we propose conditional constraint networks with decisions (CCNDs) as a model to encode business processes that involve access control and conditional branches that may be both controllable and uncontrollable. We define weak, strong, and dynamic controllability of CCNDs as two-player games, classify their computational complexity, and discuss strategy synthesis algorithms. We provide an encoding from the business processes we consider here into CCNDs to exploit off-the-shelf their strategy synthesis algorithms. We introduce $$\textsc {Zeta}$$ Z E T A , a tool for checking controllability of CCNDs, synthesizing execution strategies, and executing controllable CCNDs, by also supporting user interactivity. We use $$\textsc {Zeta}$$ Z E T A to compare with the previous research, provide a new experimental evaluation for CCNDs, and discuss limitations.

show abstract

Context-sensitive constraints for access control of business processes

Cited by 6 publications

References 30 publications

Extended Role-Based Access Control with Context-Based Role Filtering

Extended Role-Based Access Control with Context-Based Role Filtering

Building a BPM application in an SOA-based legacy environment

Resource Controllability of Business Processes Under Conditional Uncertainty

Contact Info

Product

Resources

About