Specifying application-level security in workflow systems

A workflow process involves the execution of a set of related activities over time to perform a specific task. Security requires that such activities may only be performed by authorised subjects. In order to enforce such requirements, access to the underlying data objects has to be controlled. We refer to such access control as level 1 access control. In addition, when an individual is authorised to perform an activity, access should be limited to the time that the activity is being performed: Access to activity information before an activity commences or after it has terminated may be undesirable. This we will refer to as level 2 security Finally, applications often specify application-oriented (level 3) security requirements. This paper considers security restrictions in the latter category and proposes a rigorous approach that may be used to specify such policies. Enforcement (implementation) of such policies is also considered. The paper assumes that level 1 and level 2 mechanisms are in place and builds level 3 security mechanisms on these underlying levels.