Communicating sequential processes
Communicating sequential processes
Model checking
Proving security protocols with model checkers by data independence techniques
Journal of Computer Security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Distributed Algorithms
Modeling Reactive Systems with Statecharts: The Statemate Approach
Modeling Reactive Systems with Statecharts: The Statemate Approach
From Business Process Model to Consistent Implementation: A Case for Formal Verification Methods
EDOC '02 Proceedings of the 6th International Enterprise Distributed Object Computing Conference
Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Cryptographically Sound and Machine-Assisted Verification of Security Protocols
STACS '03 Proceedings of the 20th Annual Symposium on Theoretical Aspects of Computer Science
Computational Probabilistic Non-interference
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
Secure Intrusion-tolerant Replication on the Internet
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
PVS: A Prototype Verification System
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
Modelling and verifying key-exchange protocols using CSP and FDR
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Polynomial Fairness and Liveness
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Collaborative business and data privacy: toward a cyber-control?
Computers in Industry - Special issue: The digital factory: an instrument of the present and the future
Collaborative business and data privacy: Toward a cyber-control?
Computers in Industry - Special issue: The digital factory: an instrument of the present and the future
Towards CIM to PIM transformation: from secure business processes defined in BPMN to use-cases
BPM'07 Proceedings of the 5th international conference on Business process management
Information and Software Technology
Secure business process model specification through a UML 2.0 activity diagram profile
Decision Support Systems
Capturing security requirements in business processes through a UML 2.0 activity diagrams profile
CoMoGIS'06 Proceedings of the 2006 international conference on Advances in Conceptual Modeling: theory and practice
Towards a UML 2.0 extension for the modeling of security requirements in business processes
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Analysis-level classes from secure business processes through model transformations
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Information and Software Technology
Hi-index | 0.01 |
We present a general methodology for integrating arbitrary security requirements in the development of business processes in a both elegant and rigorous way. We show how trust relationships between different parties and their respective security goals can be reflected in a specification, which results in a realistic modeling of business processes in the presence of malicious adversaries. Special attention is given to the incorporation of cryptography in the development process with the main goal of achieving specifications that are sufficiently simple to be suited for formal verification, yet allow for a provably secure cryptographic implementation.