A secure public sector workflow management system

Crosta, Stefano;Montagut, Frédéric;Pazzaglia, Jean-Christophe;Reznichenko, Yevgen;Rit,Maarten;Schaad, Andreas
ACSAC 2005, 21st Annual Computer Security Applications Conference, December 5-9, 2005, Tucson, USA

In this paper we analyze secure access control and rights management concerns in a typical public sector Workflow Management System which orchestrates the control flow of an inter-European judicial process. We have classified a set of topics, that have not been adequately addressed so far, in our opinion, in three different categories: i) deriving consistent access control policies for workflow tasks, ii) the temporal (short-term) provisioning of access rights with certificates, and iii) enforcing access control on workflow tasks, with a focus on inter-organizational workflows. We will analyze these different concerns in this paper, and propose specific solutions where appropriate. We have validated our work in a case study, closely related to the scenarios developed within the eJustice project, concerning an inter-organizational workflow regarding the issuing of rogatory letters and arrest warrants for the improvement of inter-European investigations and prosecutions


Type:
Poster / Demo
City:
Tucson
Date:
2005-12-04
Department:
Sécurité numérique
Eurecom Ref:
1898

PERMALINK : https://www.eurecom.fr/publication/1898