Information flow based security control beyond RBAC

Más información sobre el libro

Role-based access control (RBAC) is a prevalent technology for managing information and control flows in compliance with security policies, aiming to prevent unauthorized access or disclosure of information. However, RBAC's binary approach of granting or denying access limits its ability to provide fine-grained control, such as conditional access based on information flow restrictions. This limitation is particularly evident in business processes that involve multiple organizations and are defined using business process execution language (BPEL), where RBAC alone may hinder useful information flows that adhere to security policies. The text presents refined methods for information flow control that allow access to resources while considering the context of information flow in business processes. These methods are designed to be easy to implement and have been demonstrated to be largely machine-executable through a prototype. Furthermore, they are adaptable to BPEL-defined workflows utilizing Grid or Cloud services. The content is relevant for IT Security Specialists, Chief Information Officers (CIOs), Chief Security Officers (CSOs), Security Policy and Quality Assurance Officers, Business Process Designers, Developers, Operational Managers, and students interested in Security Management.