Business Process Access Control - Workflow-based authorisation for complex organisations
Derrick Newton :: Tuesday 20th January 2009
Venue: Room 245 @ 1200
Abstract. Workflow-based business process management represents a major organisational component of large corporate and governmental bodies. Such a prescriptive approach to management and financial control has been mandated globally by tighter regulatory frameworks for corporate and national governance in response to high profile financial irregularities, compromises to data security and privacy concerns. A natural extension to business process management is to integrate systems of access control, extending access control beyond role-based, mandatory or discretionary models. There have been developments in respect of workflow-based access control systems and policy languages but to our knowledge there has been little attempt to provide a formal modelling environment that enables workflow-based access control policies to be verified and checked prior to their real-world implementation. We propose an approach to modelling access control policies using process algebra, specifically, applied pi-calculus, that enables manual and automated verification of access control policies.