Skip to Main Content
Using graph transformation as a formalism to specify access control has several advantages, from the intuition provided by the visual aspect to the precise semantics and the systematic verification of constraints. Graph transformations provide a uniform and precise framework for the specification of access control policies. This article presents specification formalisms for workflow access control policies using graph transformation. The authorization states are represented by graphs and state transition by graph transformation. The proposed formalization provides an intuitive description for the manipulation of graph structures as they occur in workflow access control and a precise specification of consistency conditions on graphs and graph transformations. We specifies a type graph to represents the type information in the graph transformation for workflow access control, a set of rules to build the system states and sets of positive and negative constraints to specify wanted and unwanted framework. Using formal properties of graph transformation, it is can to detect inconsistencies between a rules and a constraint and lay the foundation for their resolutions. We present an algorithm to automatically check and eliminate conflicts between rules and positive and negative constraints.