Authorization Model for Strongly Distributed Information Systems

The title of the thesis contains words "strongly distributedsystems". This means information systems able to process tasksthat may be distributed not only in space, but also in time. Whatwe are going to discuss are problems related to processing taskswith long time durability those processing is performed inmultiple information systems with their own administration. Moreand more often we can hear about "Workflow management systems"that are used to automate business activities. Thoseinformation systems are typical systems with the above mentionedproperties and the thesis uses both terms as synonyms.Today, WfMS represent an important, inter-disciplinary area whichis commercially significant. The widespread use of workflowapplications has lead to increased awareness of data securityissues. This dissertation identifies levels of access control andauthorization requirements. Specifies "discretionary" and"mandatory" access controls for the workflow systems andproposes suitable security model. The thesis proposes a formal framework, based on process algebra - Calculus of Communicating Systems (CCS), for modeling and analyzing ofsecurity properties of WfMS. The specific contributions of thethesis are as follows:1. Active authorization model (AAM) is proposed. The modelprovides basic features necessary for synchronization ofauthorization flow with workflow, separation ofduties, event-based authorization and abstraction ofaccess rights necessary for heterogeneous environments.2. The extension of CCS is defined that allows specification ofsecurity properties of processes.The extension of CCS is constructed in such a way thatbisimulations may still be used for process equivalence decisions.3. Mechanism for process consistency testing is featured todecide feasibility of the process execution.