skip to main content
research-article

Dynamic enforcement of abstract separation of duty constraints

Published:30 November 2012Publication History
Skip Abstract Section

Abstract

Separation of Duties (SoD) aims at preventing fraud and errors by distributing tasks and associated authorizations among multiple users. Li and Wang [2008] proposed an algebra (SoDA) for specifying SoD requirements, which is both expressive in the requirements it formalizes and abstract in that it is not bound to a workflow model. In this article, we bridge the gap between the specification of SoD constraints modeled in SoDA and their enforcement in a dynamic, service-oriented enterprise environment. We proceed by generalizing SoDA's semantics to traces, modeling workflow executions that satisfy the respective SoDA terms. We then refine the set of traces induced by a SoDA term to also account for a workflow's control-flow and role-based authorizations. Our formalization, which is based on the process algebra CSP, supports the enforcement of SoD on general workflows and handles changing role assignments during workflow execution, addressing a well-known source of fraud.

The resulting CSP model serves as blueprint for a distributed and loosely coupled architecture where SoD enforcement is provisioned as a service. This concept, which we call SoD as a Service, facilitates a separation of concerns between business experts and security professionals. As a result, integration and configuration efforts are minimized and enterprises can quickly adapt to organizational, regulatory, and technological changes. We describe an implementation of SoD as a Service, which combines commercial components such as a workflow engine with newly developed components such as an SoD enforcement monitor. To evaluate our design decisions and to demonstrate the feasibility of our approach, we present a case study of a drug dispensation workflow deployed in a hospital.

References

  1. Agrawal, A., Amend, M., Das, M., et al. 2007. WS-BPEL extension for people (BPEL4People), v. 1.0. http://download.boulder.ibm.com/ibmdl/pub/software/dru/specs/ws-bpel4people/BPEL4people_v1.pdf.Google ScholarGoogle Scholar
  2. Alves, A., Arkin, A., Askary, S., Bloch, B., Curbera, F., et al. 2007. Web services business process execution language (BPEL), v. 2.0. OASIS Standard. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html.Google ScholarGoogle Scholar
  3. Anderson, A. 2005. Hierarchical resource profile of XACML, v.2.0. OASIS Standard. http://docs.oasis-open. org/xacml/2.0/access_control-xacml-2.0-hier-profile-spec-os.pdf.Google ScholarGoogle Scholar
  4. Apache. 2009. Apache Axis2, v. 1.5.1. The Apache Software Foundation (ASF), Forest Hill, MD.Google ScholarGoogle Scholar
  5. Basin, D., Burri, S. J., and Karjoth, G. 2009. Dynamic enforcement of abstract separation of duty constraints. In Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS'09). M. Backes and P. Ning, Eds., Lecture Notes in Computer Science, vol. 5789, Springer, 250--267. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Basin, D., Burri, S. J., and Karjoth, G. 2011a. Separation of duties as a service. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS'07). B. S. N. Cheung, L. C. K. Hui, R. S. Sandhu, and D. S. Wong, Eds., ACM Press, New York, 423-429. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Basin, D., Burri, S. J., and Karjoth, G. 2011b. Obstruction-Free authorization enforcement: Aligning security with business objectives. In Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF'11). IEEE Computer Society Press, 99-113. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Basin, D., Burri, S. J., and Karjoth, G. 2011c. Dynamic enforcement of abstract separation of duty constraints. Tech. rep. RZ 3812. IBM Research-Zurich.Google ScholarGoogle Scholar
  9. Basin, D., Burri, S. J., and Karjoth, G. 2012. Optimal workflow-aware authorizations. In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (SACMAT'12). ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Basin, D., Doser, J., and Lodderstedt, T. 2006. Model driven security: From uml models to access control infrastructures. ACM Trans. Softw. Engin. Meth. 15, 1, 39--91. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Basin, D., Doser, J., and Lodderstedt, T. 2003. Model driven security for process-oriented systems. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT'03). ACM Press, New York, 100--109. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Basin, D., Olderog, E.-R., and Sevinc, P. E. 2007. Specifying and analyzing security automata using csp-oz. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS'07). F. Bao and S. Miller, Eds., ACM Press, New York, 70--81. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Bertino, E., Ferrari, E., and Atluri, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2, 1, 65--104. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Camara, J., Canal, C., Cubo, J., and Vallecillo, A. 2006. Formalizing WSBPEL business processes using process algebra. Electron. Not. Theor. Comput. Sci. 154, 1, 159--173. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Crampton, J. 2005. A reference monitor for workflow systems with constrained task execution. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05),. E. Ferrari and G. J. Ahn, Eds., ACM Press, New York, 38--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. The Economist. 2001. Enron, see you in court. The Economist (11/15/01).Google ScholarGoogle Scholar
  17. Ernest and Young. 2009. European fraud survey 2009 -- Is integrity a casualty of the downturn? Tech. rep., Ernest & Young.Google ScholarGoogle Scholar
  18. Farraiolo, D. F., Sandhu, R. S., Gavrila, S. I., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4, 3, 224--274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of the 19th IEEE Symposium on Security and Privacy (S&P'98). IEEE Computer Society Press, 172--183.Google ScholarGoogle Scholar
  20. IBM. 2011a. Insurance application architecture (IAA). IBM Corporation, Armonk, NY.Google ScholarGoogle Scholar
  21. IBM. 2011b. Tivoli directory server (TDS), v. 6. IBM Corporation, Armonk, NY.Google ScholarGoogle Scholar
  22. IBM. 2011c. WebSphere application server (WAS), v. 6.1. IBM Corporation, Armonk, NY.Google ScholarGoogle Scholar
  23. IBM. 2011d. WebSphere process server (WPS), v. 6.2. IBM Corporation, Armonk, NY.Google ScholarGoogle Scholar
  24. Knorr, K. and Stormer, H. 2002. Modeling and analyzing separation of duties in workflow environments. Int. Fed. Inf. Process. 65, 199--212.Google ScholarGoogle Scholar
  25. Li, N. and Wang, Q. 2008. Beyond separation of duty: An algebra for specifying high-level security policies. J. ACM 55, 3. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Marino, D., Potral, J. J., Hall, M., Rodriguez, C. B., Rodriguez, P. S., Sobota, J., Jiri, M., and Asnar, Y. D. W. 2009. D1.2.1: Master scenarios. Deliverable of FP7 EU Project MASTER.Google ScholarGoogle Scholar
  27. Marinovic, S., Craven, R., Ma, J., and Dulay, N. 2011. Rumpole: A flexible break-glass access control model. In Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT'11). R. Breu, J. Crampton, and J. Lobo, Eds., ACM Press, New York, 73--82. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Nash, M. J. and Poland, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'90). IEEE Computer Society Press, 201--207.Google ScholarGoogle Scholar
  29. OMG. 2011. Business process model and notation (BPMN), v. 2.0. OMG Standard.Google ScholarGoogle Scholar
  30. Paci, F., Bertino, E., and Crampton, J. 2008. An access-control framework for WS-BPEL. Int. J. Web Serv. Res. 5, 3, 20--43.Google ScholarGoogle ScholarCross RefCross Ref
  31. Roscoe, A. W. 1997. The Theory and Practice of Concurrency. Prentice Hall, Upper Saddle River, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Saltzer, J. and Schroeder, M. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.Google ScholarGoogle ScholarCross RefCross Ref
  33. Sandhu, R. S. 1988. Transaction control expressions for separation of duties. In Proceedings of the 4th IEEE Aerospace Computer Security Applications Conference. IEEE Computer Society Press, 282--286.Google ScholarGoogle ScholarCross RefCross Ref
  34. Schaad, A., Lotz, V., and Sohr, K. 2006. A model-checking approach to analysing organisational controls in a loan origination process. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT'06). D. F. Ferraiolo and I. Ray, Eds., ACM Press, New York, 139--149. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Schneider, F. B. 2000. Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 1, 30--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Simon, R. and Zurko, M. E. 1997. Separation of duty in role-based environments. In Proceedings of the 10th IEEE Workshop on Computer Security Foundations (CSFW'97). IEEE Computer Society Press, 183--194. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. SOX. 2002. Sarbanes-Oxley act of 2002. United States Government Printing Office.Google ScholarGoogle Scholar
  38. Syropoulos, A. 2000. Mathematics of multisets. In Proceedings of the Workshop on Multiset Processing (WMP'00). C. S. Calude, G. Paun, G. Rozenberg, and A. Salomaa, Eds., Lecture Notes in Computer Science, vol. 2235., Springer, 347--358. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Thomas, J., Paci, F., Bertino, E., and Eugster, P. 2007. User tasks and access control over web services. In Proceedings of the IEEE International Conference on Web Services (ICWS'07). IEEE Computer Society Press, 60--69.Google ScholarGoogle Scholar
  40. Turner, M., Budgen, D., and Brereton, P. 2003. Turning software into a service. Comput. 36, 38--44. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Wang, Q. and Li, N. 2007. Direct static enforcement of high-level security policies. In Proceedings of the 2nd ACM Symposium on Information Computer and Communications Security (ASIACCS'07). F. Bao and S. Miller, Eds., ACM Press, New York, 214--225. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Wong, P. Y. H. and Gibbons, J. 2008. A A process semantics for bpmn. In Proceedings of the 10th International Conference on Formal Engineering Methods (ICFEM'08), S. Liu, T. Maibaum, and K. Araki, Eds., Lecture Notes in Computer Science, vol. 5256, Springer, 355--374. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Dynamic enforcement of abstract separation of duty constraints

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!