Abstract
Separation of Duties (SoD) aims at preventing fraud and errors by distributing tasks and associated authorizations among multiple users. Li and Wang [2008] proposed an algebra (SoDA) for specifying SoD requirements, which is both expressive in the requirements it formalizes and abstract in that it is not bound to a workflow model. In this article, we bridge the gap between the specification of SoD constraints modeled in SoDA and their enforcement in a dynamic, service-oriented enterprise environment. We proceed by generalizing SoDA's semantics to traces, modeling workflow executions that satisfy the respective SoDA terms. We then refine the set of traces induced by a SoDA term to also account for a workflow's control-flow and role-based authorizations. Our formalization, which is based on the process algebra CSP, supports the enforcement of SoD on general workflows and handles changing role assignments during workflow execution, addressing a well-known source of fraud.
The resulting CSP model serves as blueprint for a distributed and loosely coupled architecture where SoD enforcement is provisioned as a service. This concept, which we call SoD as a Service, facilitates a separation of concerns between business experts and security professionals. As a result, integration and configuration efforts are minimized and enterprises can quickly adapt to organizational, regulatory, and technological changes. We describe an implementation of SoD as a Service, which combines commercial components such as a workflow engine with newly developed components such as an SoD enforcement monitor. To evaluate our design decisions and to demonstrate the feasibility of our approach, we present a case study of a drug dispensation workflow deployed in a hospital.
- Agrawal, A., Amend, M., Das, M., et al. 2007. WS-BPEL extension for people (BPEL4People), v. 1.0. http://download.boulder.ibm.com/ibmdl/pub/software/dru/specs/ws-bpel4people/BPEL4people_v1.pdf.Google Scholar
- Alves, A., Arkin, A., Askary, S., Bloch, B., Curbera, F., et al. 2007. Web services business process execution language (BPEL), v. 2.0. OASIS Standard. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html.Google Scholar
- Anderson, A. 2005. Hierarchical resource profile of XACML, v.2.0. OASIS Standard. http://docs.oasis-open. org/xacml/2.0/access_control-xacml-2.0-hier-profile-spec-os.pdf.Google Scholar
- Apache. 2009. Apache Axis2, v. 1.5.1. The Apache Software Foundation (ASF), Forest Hill, MD.Google Scholar
- Basin, D., Burri, S. J., and Karjoth, G. 2009. Dynamic enforcement of abstract separation of duty constraints. In Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS'09). M. Backes and P. Ning, Eds., Lecture Notes in Computer Science, vol. 5789, Springer, 250--267. Google Scholar
Digital Library
- Basin, D., Burri, S. J., and Karjoth, G. 2011a. Separation of duties as a service. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS'07). B. S. N. Cheung, L. C. K. Hui, R. S. Sandhu, and D. S. Wong, Eds., ACM Press, New York, 423-429. Google Scholar
Digital Library
- Basin, D., Burri, S. J., and Karjoth, G. 2011b. Obstruction-Free authorization enforcement: Aligning security with business objectives. In Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF'11). IEEE Computer Society Press, 99-113. Google Scholar
Digital Library
- Basin, D., Burri, S. J., and Karjoth, G. 2011c. Dynamic enforcement of abstract separation of duty constraints. Tech. rep. RZ 3812. IBM Research-Zurich.Google Scholar
- Basin, D., Burri, S. J., and Karjoth, G. 2012. Optimal workflow-aware authorizations. In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (SACMAT'12). ACM Press, New York. Google Scholar
Digital Library
- Basin, D., Doser, J., and Lodderstedt, T. 2006. Model driven security: From uml models to access control infrastructures. ACM Trans. Softw. Engin. Meth. 15, 1, 39--91. Google Scholar
Digital Library
- Basin, D., Doser, J., and Lodderstedt, T. 2003. Model driven security for process-oriented systems. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT'03). ACM Press, New York, 100--109. Google Scholar
Digital Library
- Basin, D., Olderog, E.-R., and Sevinc, P. E. 2007. Specifying and analyzing security automata using csp-oz. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS'07). F. Bao and S. Miller, Eds., ACM Press, New York, 70--81. Google Scholar
Digital Library
- Bertino, E., Ferrari, E., and Atluri, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2, 1, 65--104. Google Scholar
Digital Library
- Camara, J., Canal, C., Cubo, J., and Vallecillo, A. 2006. Formalizing WSBPEL business processes using process algebra. Electron. Not. Theor. Comput. Sci. 154, 1, 159--173. Google Scholar
Digital Library
- Crampton, J. 2005. A reference monitor for workflow systems with constrained task execution. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05),. E. Ferrari and G. J. Ahn, Eds., ACM Press, New York, 38--47. Google Scholar
Digital Library
- The Economist. 2001. Enron, see you in court. The Economist (11/15/01).Google Scholar
- Ernest and Young. 2009. European fraud survey 2009 -- Is integrity a casualty of the downturn? Tech. rep., Ernest & Young.Google Scholar
- Farraiolo, D. F., Sandhu, R. S., Gavrila, S. I., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4, 3, 224--274. Google Scholar
Digital Library
- Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of the 19th IEEE Symposium on Security and Privacy (S&P'98). IEEE Computer Society Press, 172--183.Google Scholar
- IBM. 2011a. Insurance application architecture (IAA). IBM Corporation, Armonk, NY.Google Scholar
- IBM. 2011b. Tivoli directory server (TDS), v. 6. IBM Corporation, Armonk, NY.Google Scholar
- IBM. 2011c. WebSphere application server (WAS), v. 6.1. IBM Corporation, Armonk, NY.Google Scholar
- IBM. 2011d. WebSphere process server (WPS), v. 6.2. IBM Corporation, Armonk, NY.Google Scholar
- Knorr, K. and Stormer, H. 2002. Modeling and analyzing separation of duties in workflow environments. Int. Fed. Inf. Process. 65, 199--212.Google Scholar
- Li, N. and Wang, Q. 2008. Beyond separation of duty: An algebra for specifying high-level security policies. J. ACM 55, 3. Google Scholar
Digital Library
- Marino, D., Potral, J. J., Hall, M., Rodriguez, C. B., Rodriguez, P. S., Sobota, J., Jiri, M., and Asnar, Y. D. W. 2009. D1.2.1: Master scenarios. Deliverable of FP7 EU Project MASTER.Google Scholar
- Marinovic, S., Craven, R., Ma, J., and Dulay, N. 2011. Rumpole: A flexible break-glass access control model. In Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT'11). R. Breu, J. Crampton, and J. Lobo, Eds., ACM Press, New York, 73--82. Google Scholar
Digital Library
- Nash, M. J. and Poland, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'90). IEEE Computer Society Press, 201--207.Google Scholar
- OMG. 2011. Business process model and notation (BPMN), v. 2.0. OMG Standard.Google Scholar
- Paci, F., Bertino, E., and Crampton, J. 2008. An access-control framework for WS-BPEL. Int. J. Web Serv. Res. 5, 3, 20--43.Google Scholar
Cross Ref
- Roscoe, A. W. 1997. The Theory and Practice of Concurrency. Prentice Hall, Upper Saddle River, NJ. Google Scholar
Digital Library
- Saltzer, J. and Schroeder, M. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.Google Scholar
Cross Ref
- Sandhu, R. S. 1988. Transaction control expressions for separation of duties. In Proceedings of the 4th IEEE Aerospace Computer Security Applications Conference. IEEE Computer Society Press, 282--286.Google Scholar
Cross Ref
- Schaad, A., Lotz, V., and Sohr, K. 2006. A model-checking approach to analysing organisational controls in a loan origination process. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT'06). D. F. Ferraiolo and I. Ray, Eds., ACM Press, New York, 139--149. Google Scholar
Digital Library
- Schneider, F. B. 2000. Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 1, 30--50. Google Scholar
Digital Library
- Simon, R. and Zurko, M. E. 1997. Separation of duty in role-based environments. In Proceedings of the 10th IEEE Workshop on Computer Security Foundations (CSFW'97). IEEE Computer Society Press, 183--194. Google Scholar
Digital Library
- SOX. 2002. Sarbanes-Oxley act of 2002. United States Government Printing Office.Google Scholar
- Syropoulos, A. 2000. Mathematics of multisets. In Proceedings of the Workshop on Multiset Processing (WMP'00). C. S. Calude, G. Paun, G. Rozenberg, and A. Salomaa, Eds., Lecture Notes in Computer Science, vol. 2235., Springer, 347--358. Google Scholar
Digital Library
- Thomas, J., Paci, F., Bertino, E., and Eugster, P. 2007. User tasks and access control over web services. In Proceedings of the IEEE International Conference on Web Services (ICWS'07). IEEE Computer Society Press, 60--69.Google Scholar
- Turner, M., Budgen, D., and Brereton, P. 2003. Turning software into a service. Comput. 36, 38--44. Google Scholar
Digital Library
- Wang, Q. and Li, N. 2007. Direct static enforcement of high-level security policies. In Proceedings of the 2nd ACM Symposium on Information Computer and Communications Security (ASIACCS'07). F. Bao and S. Miller, Eds., ACM Press, New York, 214--225. Google Scholar
Digital Library
- Wong, P. Y. H. and Gibbons, J. 2008. A A process semantics for bpmn. In Proceedings of the 10th International Conference on Formal Engineering Methods (ICFEM'08), S. Liu, T. Maibaum, and K. Araki, Eds., Lecture Notes in Computer Science, vol. 5256, Springer, 355--374. Google Scholar
Digital Library
Index Terms
Dynamic enforcement of abstract separation of duty constraints
Recommendations
Dynamic Enforcement of Separation-of-Duty Policies
MINES '09: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 02Separation-of-duty (SoD) policy is widely considered to be a fundamental security principle for prevention of fraud and errors in computer security. A static SoD (SSoD) policy states that in order to have all permissions necessary to complete a ...
Design and implementation of fast access control that supports the separation of duty
Inscrypt'06: Proceedings of the Second SKLOIS conference on Information Security and CryptologyThe importance of security-enhancing mechanisms at the kernel level, such as an access control, has been increasingly emphasized as the weaknesses and limitation of mechanisms at the user level have been revealed. Among many access controls available, ...
Practical Role-Based Access Control
This article presents access control from a general and a role-based perspective. The article's focus is role based Access Control from a practical vice a theoretical perspective. The article starts with some access control definitions and two secure ...






Comments