Historically, businesses have protected assets by mandating prescribed processes and individual responsibilities. Today, vital assets are stored and managed via information systems. Work flow technology, combined with an underlying role-based access control (RBAC) mechanism, is a promising solution for automatically controlling business processes and information assets. Under this Phase 1 effort, we propose to extend RBAC to support workflow constraints. The RBAC model framework that we will start from has been developed on the DARPA Information Assurance Program here at Secure Computing. This innovative RBAC model includes an object-oriented approach to describing the permissions granted to roles. The model has an additional feature of enforcing complex conditions to be satisfied before access can be granted. It is by extending this feature of conditional access that we hope to enforce workflow policies. Our objective is to present a solution that fits existing business practice and is easy to use. In addition to the enhanced RBAC model, we will produce a prototype graphical user interface (GUI) for specifying the workflow security policy by extending the RBAC prototype produced on the Information Assurance Program. The model and the tool will be demonstrated by specifying a sample workflow policy. COMMERCIAL APPLICATIONS: Secure Computing provides a wide family of high security products, including firewalls, web filtering software and authentication servers. One of the primary focuses is to provide centralized management of security components throughout the enterprise. Specifying and enforcing workflow policies accurately and easily is critical to enforcing complex business policies at several different locations. Secure Computing intends to incorporate the workflow technology developed under this program into its suite of network security products
