The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
SecureFlow: a secure Web-enabled workflow management system
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Managing access control complexity using metrices
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Task-role-based access control model
Information Systems
A Model for Team-based Access Control (TMAC 2004)
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Analysis of interacting BPEL web services
Proceedings of the 13th international conference on World Wide Web
Organizational Management in Workflow Applications – Issues and Perspectives
Information Technology and Management
Model checking XML manipulating software
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
Applying model checking to BPEL4WS business collaborations
Proceedings of the 2005 ACM symposium on Applied computing
Exploiting Hierarchical CP-Nets to Increase the Reliability of Web Services Workflow
SAINT '06 Proceedings of the International Symposium on Applications on Internet
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Intentional access management: making access control usable for end-users
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems
International Journal on Software Tools for Technology Transfer (STTT)
Formal semantics and analysis of control flow in WS-BPEL
Science of Computer Programming
A static compliance-checking framework for business process models
IBM Systems Journal
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
Spin model checker, the: primer and reference manual
Spin model checker, the: primer and reference manual
Efficient Compliance Checking Using BPMN-Q and Temporal Logic
BPM '08 Proceedings of the 6th International Conference on Business Process Management
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Modeling control objectives for business process compliance
BPM'07 Proceedings of the 5th international conference on Business process management
On the suitability of BPMN for business process modelling
BPM'06 Proceedings of the 4th international conference on Business Process Management
Verifying BPEL workflows under authorisation constraints
BPM'06 Proceedings of the 4th international conference on Business Process Management
Workflow resource patterns: identification, representation and tool support
CAiSE'05 Proceedings of the 17th international conference on Advanced Information Systems Engineering
Satisfiability and resiliency in workflow systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Security validation of business processes via model-checking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Journal of Computer and System Sciences
Model checking of security-sensitive business processes
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Runtime enforcement of information flow security in tree manipulating processes
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Enriching process models for business process compliance checking in ERP environments
DESRIST'13 Proceedings of the 8th international conference on Design Science at the Intersection of Physical and Virtual Design
| Hi-index | 0.00 |
The verification of access controls is essential for providing secure systems. Model checking is an automated technique used for verifying finite state machines. The properties to be verified are usually expressed as formula in temporal logic. In this paper we present an approach to verify access control security properties of a security annotated business process model. To this end we utilise a security enhanced BPMN notation to define access control properties. To enhance the usability the complex and technical details are hidden from the process modeller by using an automatic translation of the process model into a process meta language (Promela) based on Coloured Petri net (CPN) semantics. The model checker SPIN is used for the process model verification and a trace file is written to provide visual feedback to the modeller on the abstraction level of the verified process model. As a proof of concept the described translation methodology is implemented as a plug-in for the free web-based BPMN modelling tool Oryx.