An Algebraic Approach to the Analysis of Constrained Workflow Systems

J. Crampton

An Algebraic Approach to the Analysis of Constrained Workflow Systems

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The enforcement of authorization constraints such as separation of duty in workflow systems is an important area of current research in computer security. We briefly summarize our model for constrained workflow systems and develop a systematic algebraic method for combining constraints and authorization information. We then show how the closure of a set of constraints and the use of linear extensions can be used to develop an algorithm for computing authorized users in a constrained workflow system. We show how this algorithm can be used as the basis for a reference monitor. We discuss the computational complexity of implementing such a reference monitor and briefly compare our methods with the best existing approach.

Original language	English
Title of host publication	Proceedings of 3rd Workshop on Foundations of Computer Security (FCS'04)
Pages	61-74
Number of pages	14
Publication status	Published - 2004

Cite this

@inproceedings{e766d42bc2b94933905ab88731f2a1ac,

title = "An Algebraic Approach to the Analysis of Constrained Workflow Systems",

abstract = "The enforcement of authorization constraints such as separation of duty in workflow systems is an important area of current research in computer security. We briefly summarize our model for constrained workflow systems and develop a systematic algebraic method for combining constraints and authorization information. We then show how the closure of a set of constraints and the use of linear extensions can be used to develop an algorithm for computing authorized users in a constrained workflow system. We show how this algorithm can be used as the basis for a reference monitor. We discuss the computational complexity of implementing such a reference monitor and briefly compare our methods with the best existing approach.",

author = "J. Crampton",

year = "2004",

language = "English",

pages = "61--74",

booktitle = "Proceedings of 3rd Workshop on Foundations of Computer Security (FCS'04)",

}

TY - GEN

T1 - An Algebraic Approach to the Analysis of Constrained Workflow Systems

AU - Crampton, J.

PY - 2004

Y1 - 2004

N2 - The enforcement of authorization constraints such as separation of duty in workflow systems is an important area of current research in computer security. We briefly summarize our model for constrained workflow systems and develop a systematic algebraic method for combining constraints and authorization information. We then show how the closure of a set of constraints and the use of linear extensions can be used to develop an algorithm for computing authorized users in a constrained workflow system. We show how this algorithm can be used as the basis for a reference monitor. We discuss the computational complexity of implementing such a reference monitor and briefly compare our methods with the best existing approach.

AB - The enforcement of authorization constraints such as separation of duty in workflow systems is an important area of current research in computer security. We briefly summarize our model for constrained workflow systems and develop a systematic algebraic method for combining constraints and authorization information. We then show how the closure of a set of constraints and the use of linear extensions can be used to develop an algorithm for computing authorized users in a constrained workflow system. We show how this algorithm can be used as the basis for a reference monitor. We discuss the computational complexity of implementing such a reference monitor and briefly compare our methods with the best existing approach.

M3 - Conference contribution

SP - 61

EP - 74

BT - Proceedings of 3rd Workshop on Foundations of Computer Security (FCS'04)

ER -