Sciweavers

IFIP
2009
Springer

Model Checking of Security-Sensitive Business Processes

13 years 10 months ago
Model Checking of Security-Sensitive Business Processes
Security-sensitive business processes are business processes that must comply with security requirements (e.g. authorization constraints). In previous works it has been shown that model checking can be profitably used for the automatic analysis of security-sensitive business processes. But building a formal model that simultaneously accounts for both the workflow and the access control policy is a time consuming and error-prone activity. In this paper we present a new approach to model checking security-sensitive business processes that allows for the separate specification of the workflow and of the associated security policy while retaining the ability to carry out a fully automatic analysis of the process. To illustrate the effectiveness of the approach we describe its application to a version of the Loan Origination Process featuring an RBAC access control policy extended with delegation.
Alessandro Armando, Serena Elisa Ponta
Added 19 Feb 2011
Updated 19 Feb 2011
Type Journal
Year 2009
Where IFIP
Authors Alessandro Armando, Serena Elisa Ponta
Comments (0)