**On the satisfiability of authorization constraints in workflow systems.** / Crampton, J.

Research output: Working paper

Unpublished

**On the satisfiability of authorization constraints in workflow systems.** / Crampton, J.

Research output: Working paper

@techreport{8aae8022eddc42cea45454ec3bccfbb8,

title = "On the satisfiability of authorization constraints in workflow systems",

abstract = "The specification and enforcement of authorization policies such as separation of duty and binding of duty in workflow systems is an important area of current research in computer security. We introduce a formal model for constrained workflow systems that incorporate constraints for implementing such policies. We define an entailment constraint, which is defined on a pair of tasks in a workflow, and show that such constraints can be used to model many familiar authorization policies. We show that a set of entailment constraints can be manipulated algebraically in order to compute all possible dependencies between tasks in the workflow. The resulting set of constraints form the basis for an analysis of the satisfiability of a workflow. We briefly consider how this analysis can be used to implement a reference monitor for workflow systems.",

author = "J. Crampton",

year = "2004",

language = "English",

type = "WorkingPaper",

}

TY - UNPB

T1 - On the satisfiability of authorization constraints in workflow systems

AU - Crampton, J.

PY - 2004

Y1 - 2004

N2 - The specification and enforcement of authorization policies such as separation of duty and binding of duty in workflow systems is an important area of current research in computer security. We introduce a formal model for constrained workflow systems that incorporate constraints for implementing such policies. We define an entailment constraint, which is defined on a pair of tasks in a workflow, and show that such constraints can be used to model many familiar authorization policies. We show that a set of entailment constraints can be manipulated algebraically in order to compute all possible dependencies between tasks in the workflow. The resulting set of constraints form the basis for an analysis of the satisfiability of a workflow. We briefly consider how this analysis can be used to implement a reference monitor for workflow systems.

AB - The specification and enforcement of authorization policies such as separation of duty and binding of duty in workflow systems is an important area of current research in computer security. We introduce a formal model for constrained workflow systems that incorporate constraints for implementing such policies. We define an entailment constraint, which is defined on a pair of tasks in a workflow, and show that such constraints can be used to model many familiar authorization policies. We show that a set of entailment constraints can be manipulated algebraically in order to compute all possible dependencies between tasks in the workflow. The resulting set of constraints form the basis for an analysis of the satisfiability of a workflow. We briefly consider how this analysis can be used to implement a reference monitor for workflow systems.

M3 - Working paper

BT - On the satisfiability of authorization constraints in workflow systems

ER -