Access Controlled Temporal Networks

Carlo Combi, Roberto Posenato, Luca Viganò, Matteo Zavatteri

Abstract

We define Access-Controlled Temporal Networks (ACTNs) as an extension of Conditional Simple Temporal Networks with Uncertainty (CSTNUs). CSTNUs are able to handle features such as contingent durations and conditional constraints, and have thus been used to model the temporal constraints of workflows underlying business processes. However, CSTNUs are unable to model users and authorization constraints, and thus cannot model “who can do what, when”. ACTNs solve this problem by adding users and authorization constraints that must be considered together with temporal constraints. Dynamic controllability (DC) of ACTNs ensures the existence of an execution strategy, able to assign tasks to authorized users dynamically, satisfying all the relevant authorization constraints no matter what contingent durations turn out to be or what conditional constraints have to be considered. We show that the DC checking can be done via Timed Game Automata and provide experimental results using UPPAAL-TIGA on a concrete real-world case study.

References

  1. Barletta, M., Ranise, S., and Viganò, L. (2011). A declarative two-level framework to specify and verify workflow and authorization policies in service-oriented architectures. SOCA, 5(2):105-137, http://dx.doi.org/10.1007/s11761-010-0073-4.
  2. Barth, A., Mitchell, J., Datta, A., and Sundaram, S. (2007). Privacy and utility in business processes. In CSF 7807, pages 279-294. http://dx.doi.org/10.1109/CSF.2007.26.
  3. Behrmann, G., Cougnard, A., David, A., Fleury, E., Larsen, K. G., and Lime, D. (2007). Uppaal-tiga: Time for playing games! In Damm, W. and Hermanns, H., editors, CAV 2007, LNCS, pages 121-125. http://dx.doi.org/10.1007/978-3-540-73368-3 14.
  4. Bertino, E., Bonatti, P. A., and Ferrari, E. (2001). TRBAC: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur., 4(3).
  5. Cimatti, A., Hunsberger, L., Micheli, A., Posenato, R., and Roveri, M. (2016). Dynamic controllability via timed game automata. Acta Informatica, 53(6-8):681-722, http://dx.doi.org/10.1007/s00236-016-0257-2.
  6. Combi, C., Gambini, M., Migliorini, S., and Posenato, R. (2014a). Representing business processes through a temporal data-centric workflow modeling language: An application to the management of clinical pathways. IEEE Trans. Syst., Man, Cybern., Syst., 44(9):1182-1203, http://dx.doi.org/10.1109/TSMC.2014.2300055.
  7. Combi, C., Hunsberger, L., and Posenato, R. (2013). An algorithm for checking the dynamic controllability of a conditional simple temporal network with uncertainty. In ICAART 2013, volume 2, pages 144-156. http://dx.doi.org/10.5220/0004256101440156.
  8. Combi, C., Hunsberger, L., and Posenato, R. (2014b). An algorithm for checking the dynamic controllability of a conditional simple temporal network with uncertainty - revisited. In Agents and Artificial Intelligence, volume 449 of CCIS, pages 314-331. http://dx.doi.org/10.1007/978-3-662-44440-5 19.
  9. Combi, C., Viganò, L., and Zavatteri, M. (2016). Security constraints in temporal role-based access-controlled workflows. In CODASPY. http://dx.doi.org/10.1145/2857705.2857716.
  10. Crampton, J., Huth, M., and Kuo, J. H.-P. (2014). Authorized workflow schemas: deciding realizability through LTL model checking. Int J Softw Tools Technol Transfer, 16(1):31-48, http://dx.doi.org/10.1007/s10009-012-0269-3.
  11. Hunsberger, L., Posenato, R., and Combi, C. (2012). The Dynamic Controllability of Conditional STNs with Uncertainty. In PlanEx at ICAPS 2012, pages 1-8. http://arxiv.org/abs/1212.2005.
  12. Hunsberger, L., Posenato, R., and Combi, C. (2015). A sound-and-complete propagation-based algorithm for checking the dynamic consistency of conditional simple temporal networks. In TIME 2015, pages 4-18. http://dx.doi.org/10.1109/TIME.2015.26.
  13. R. and Reichert, M. (2007). It support for healthcare processes - premises, challenges, perspectives. Data Knowl. Eng., 61(1):39-58, http://dx.doi.org/10.1016/j.datak.2006.04.007.
  14. Morris, P. H., Muscettola, N., and Vidal, T. (2001). Dynamic control of plans with temporal uncertainty. In IJCAI 2001, pages 494-502.
  15. Wang, Q. and Li, N. (2010). Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inf. Syst. Secur., 13(4).
Download


Paper Citation


in Harvard Style

Combi C., Posenato R., Viganò L. and Zavatteri M. (2017). Access Controlled Temporal Networks . In Proceedings of the 9th International Conference on Agents and Artificial Intelligence - Volume 2: ICAART, ISBN 978-989-758-220-2, pages 118-131. DOI: 10.5220/0006185701180131


in Bibtex Style

@conference{icaart17,
author={Carlo Combi and Roberto Posenato and Luca Viganò and Matteo Zavatteri},
title={Access Controlled Temporal Networks},
booktitle={Proceedings of the 9th International Conference on Agents and Artificial Intelligence - Volume 2: ICAART,},
year={2017},
pages={118-131},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006185701180131},
isbn={978-989-758-220-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 9th International Conference on Agents and Artificial Intelligence - Volume 2: ICAART,
TI - Access Controlled Temporal Networks
SN - 978-989-758-220-2
AU - Combi C.
AU - Posenato R.
AU - Viganò L.
AU - Zavatteri M.
PY - 2017
SP - 118
EP - 131
DO - 10.5220/0006185701180131