Role-Task Based Access Control For Workflow System

A workflow is the computerized automation of a business process of an organization, in whole or in part. Increasing use of electronic means leads to significant increases in processing performance and efficiency. These advantages, however, come at a cost. One such cost is an increased information security risk.This paper focuses on the access control service that is one part of security mechanism in workflow systems. First, static features and dynamic features of workflow systems are pointed out. Based on these features, special access control requirements of workflow systems, such as Strict Least Privilege, Separation of Duty (SoD) and Order of Events, are analyzed.Then, RBAC model is discussed. Through an example, the documents run workflow in the Government Official Automation System , workflow technology is introduced. Based on above issues, this paper explains why DAC and MAC as access control models are not suitable for workflows. At the same time, drawbacks of RBAC and TBAC applying for workflows are pointed out. The requirements imposed by workflows call for suitable access control mechanism that is more flexible and fine-grained.Based on above analysis, a model ,RTBAC (Role-Task Based Access Control for Workflow System) ,is proposed to solve access control problems of the workflow system. RTBAC is built on the well-known RBAC96 model.The concept of task is introduced to RTBAC to extend dynamic characteristics of RBAC. Tasks represent the smallest unit of work in the workflow. In RTBAC, users execute permissions to access fixed data and tasks to access flowing and varying data such as documents being approving. RTBAC can renew authorization in time according to the flowing and use of data in workflow systems. A formal description and an analysis of RTBAC are given.The time feature of the task helps the enforcement of Strict Least Privilege. The concepts of time and the sequence of time are put forward to describe order of tasks in the paper. To satisfy SoD requirements, this paper proposes concepts of conflicting permissions, conflicting users, conflicting tasks and conflicting roles, to describe the interrelation of elements of RTBAC. At last, constraints on associations between conflicting entities are discussed, among which the essence is that conflicting permissions are not be executed by the same user.