Preventing information leakage within workflows that execute among competing organizations

This paper proposes a model for access control within workflows. It is based on access control lists (ACLs) and is named WfACL (ACL-based access control model for workflows). WfACL prevents information leakage within workflows that may execute among competing organizations. Its objective is threefold. First, it prevents an organization that executes a workflow from leaking its information to other organizations. Second, it prevents information leakage among competing organizations. Third, it prevents information leakage within an organization. In addition to achieving the objective, WfACL offers the following features: (a) managing dynamic role association change, (b) managing dynamic role change, (c) avoiding indirect information leakage, (d) detailing the control granularity to roles, and (e) controlling both read and write access. We embedded WfACL in a rule-based workflow language WfACLL and implemented a prototype environment WfACLE. We evaluated WfACL using WfACLL and WfACLE. The evaluation result is also shown in this paper.