Download:
Abstract: It is well-known that aligning security policies with
business objectives is a difficult task. To address this, we present a new
approach to analyze work-flow instances for obstructions due to static and
dynamic authorization policies. We give a new algorithm that allows
organizations to properly assign users to tasks without the policies causing
obstructions (e.g. deadlocks). Our work is novel since we consider loops,
conditions and parallelism in workflows, through a new concept called ``release"
events. We illustrate our approach on some real-world workflows in healthcare
and financial industries..
Acknowledgment: Work funded in part by the National Center for the Protection of Financial Infrastructure at Dakota State University.