Security validation of business processes via model-checking

Authors:
Wihem Arsac;Luca Compagna;Giancarlo Pellegrino;Serena Elisa Ponta
Affiliations:
SAP Research Sophia-Antipolis, Mougins, France;SAP Research Sophia-Antipolis, Mougins, France;SAP Research Sophia-Antipolis, Mougins, France;SAP Research Sophia-Antipolis, Mougins, France and U. of Genova, Genova, Italy
Venue:
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Year:
2011

Citing 9
Cited 5

Role-Based Access Control Models

Computer
Workflow analyzed for security and privacy in using databases

Journal of Computer Security - IFIP 2000
Modeling Security Requirements Through Ownership, Permission and Delegation

RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
A model-checking approach to analysing organisational controls in a loan origination process

Proceedings of the eleventh ACM symposium on Access control models and technologies
Rubacon: automated support for model-based compliance engineering

Proceedings of the 30th international conference on Software engineering
Verification of Business Process Entailment Constraints Using SPIN

ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools

Transactions on Computational Science IV
Specification, Verification and Explanation of Violation for Data Aware Compliance Rules

ICSOC-ServiceWave '09 Proceedings of the 7th International Joint Conference on Service-Oriented Computing
Evaluating access control policies through model checking

ISC'05 Proceedings of the 8th international conference on Information Security

Security validation tool for business processes

Proceedings of the 16th ACM symposium on Access control models and technologies
An action-based approach to the formal specification and automatic analysis of business processes under authorization constraints

Journal of Computer and System Sciences
The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures

TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
SecureBPMN: modeling and enforcing access control requirements in business processes

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Business process regulatory compliance management solution frameworks: a comparative evaluation

APCCM '12 Proceedings of the Eighth Asia-Pacific Conference on Conceptual Modelling - Volume 130

Quantified Score

Hi-index	0.00

Visualization

Abstract

More and more industrial activities are captured through Business Processes (BPs). To evaluate whether a BP under-design enjoys certain security desiderata is hardly manageable by business analysts without tool support, as the BP runtime environment is highly dynamic (e.g., task delegation). Automated reasoning techniques such as model checking can provide the required level of assurance but suffer of well-known obstacles for the adoption in industrial systems, e.g. they require a strong logical and mathematical background. In this paper, we present a novel security validation approach for BPs that employs state-of-theart model checking techniques for evaluating security-relevant aspects of BPs in dynamic environments and offers accessible user interfaces and apprehensive feedback for business analysts so to be suitable for industry.