A Context-sensitive Access Control Model for Workflow Environment

The access control is one of the key technologies to protect information systems from malicious and misusing attackers inside or outside the enterprise. Task-role-based Access Control (T-RBAC) model is proposed for enterprise environment through integration of Role-based Access Control (RBAC) model and Task-based Authorization Control (TBAC) model. The user is related with permission through role and task, and it supports task level access control and supervision role hierarchy. Although it has the advantages of RBAC and TBAC, it only considers a part of context information, such as task order and mutually exclusive tasks in workflow environment. This paper presents a dynamic context-sensitive access control model that extends the T RBAC model while retaining its advantages and dynamically grants and adapts permissions to users according to current context information of user and task. Issues of the least privilege and separation of duty are also discussed in the model.