Page 283 - DCAP103_Principle of operating system
P. 283
Principles of Operating Systems
Notes requires identifying the user’s job functions, determining the minimum set of privileges required
to perform those functions, and restricting the user to a domain with those privileges and nothing
more. In less precisely controlled systems, least privilege is often difficult or costly to achieve
because it is difficult to tailor access based on various attributes or constraints. Role hierarchies
can be established to provide for the natural structure of an enterprise. A role hierarchy defines
the roles that have unique attributes and that may contain other roles; that is, one role may
implicitly include the operations that are associated with another role.
8.3.7 Temporal Constraints
Temporal constraints are formal statements of access policies that involve time-based restrictions
on access to resources; they are required in several application scenarios. In some applications,
temporal constraints may be required to limit resource use. In other types of applications, they
may be required for controlling time-sensitive activities. It is the time-based constraints (in
addition to other constraints like workflow precedence relationships) that must be evaluated for
generating dynamic authorizations during workflow execution time. Temporal constraints may
also be required in non-workflow environments as well. For example, in a commercial banking
enterprise, an employee should be able to assume the role of a teller (to perform transactions
on customer accounts) only during designated banking hours (such as 9 a.m. to 2 p.m., Monday
through Friday, and 9 a.m. to 12 p.m. on Saturday). To meet this requirement, it is necessary to
specify temporal constraints that limit role availability and activation capability only to those
designated banking hours.
Popular access control policies related to temporal constraints are the history-based access control
policies, which are not supported by any standard access control mechanism but have practical
application in many business operations such as task transactions and separation of conflicts-
of-interests. History-based access control is defined in terms of subjects and events where the
events of the system are specified as the object access operations associated with activity at a
particular security level. This assures that the security policy is defined in terms of the sequence
of events over time, and that the security policy decides which events of the system are permitted
to ensure that information does not “flow” in an unauthorized manner. Popular history-based
access control policies are Workflow and Chinese Wall, which are described below.
8.3.8 Workflow
Based on the definition provided by the Workflow Management Coalition (WFMC), an
international organization of workflow vendors, users, and research groups, a workflow is a
representation of an organizational or business process in which “documents, information, or
tasks are passed from one participant to another in such a way that is governed by rules or
procedures.” A workflow separates the various activities of a given organizational process into
a set of well-defined tasks. Hence, typically, a workflow (often synonymous with a process) is
specified as a set of tasks and a set of dependencies among the tasks, and the sequencing of
these tasks is important. The various tasks in a workflow are usually carried out by several users
in accordance with organizational rules relevant to the process represented by the workflow.
The representation of a business process using a workflow involves a number of organizational
rules or policies. An important class of organization policies is the organization’s security policies.
Within the realm of security policies, access control policies play a key role, and hence defining
and enforcing access control requirements becomes a key function of a Workflow Management
System (WFMS).
Figure 8.2 presents a schematic diagram of the overall architecture of a WFMS, which consists
of two main components—design-time and run-time. The design-time component consists of
a set of tools (called the process definition tools) that are used for defining and modeling the
276 LOVELY PROFESSIONAL UNIVERSITY