An extended Petri net model for supporting workflow in a multilevel secure environment
Proceedings of the tenth annual IFIP TC11/WG11.3 international conference on Database security: volume X : status and prospects: status and prospects
Modeling and Analysis of Workflows Using Petri Nets
Journal of Intelligent Information Systems - Special issue on workflow management systems
A note on the confinement problem
Communications of the ACM
Intensional specifications of security protocols
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Web services: a process algebra approach
Proceedings of the 2nd international conference on Service oriented computing
Formulating the Data-Flow Perspective for Business Process Management
Information Systems Research
Modelling work distribution mechanisms using Colored Petri Nets
International Journal on Software Tools for Technology Transfer (STTT)
Auditing Business Process Compliance
ICSOC '07 Proceedings of the 5th international conference on Service-Oriented Computing
Petri Net Transformations for Business Processes --- A Survey
Transactions on Petri Nets and Other Models of Concurrency II
Petri Net Security Checker: Structural Non-interference at Work
Formal Aspects in Security and Trust
Data-Flow Anti-patterns: Discovering Data-Flow Errors in Workflows
CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Instantaneous Soundness Checking of Industrial Business Process Models
BPM '09 Proceedings of the 7th International Conference on Business Process Management
Controlling data in the cloud: outsourcing computation without outsourcing control
Proceedings of the 2009 ACM workshop on Cloud computing security
Structural non-interference in elementary and trace nets
Mathematical Structures in Computer Science
A feature-complete Petri net semantics for WS-BPEL 2.0
WS-FM'07 Proceedings of the 4th international conference on Web services and formal methods
Dynamic enforcement of abstract separation of duty constraints
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
InDico: information flow analysis of business processes for confidentiality requirements
STM'10 Proceedings of the 6th international conference on Security and trust management
Vulnerability Analysis in SOA-Based Business Processes
IEEE Transactions on Services Computing
InDico: information flow analysis of business processes for confidentiality requirements
STM'10 Proceedings of the 6th international conference on Security and trust management
On the exploitation of process mining for security audits: the conformance checking case
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Data flow-oriented process mining to support security audits
ICSOC'11 Proceedings of the 2011 international conference on Service-Oriented Computing
Automatic information flow analysis of business process models
BPM'12 Proceedings of the 10th international conference on Business Process Management
On the exploitation of process mining for security audits: the process discovery case
Proceedings of the 28th Annual ACM Symposium on Applied Computing
| Hi-index | 0.00 |
Despite the correct deployment of access control mechanisms, information leaks can persist and undermine the compliance of workflows to regulations and policies. This paper proposes InDico, a framework for the automated detection of information leaks in workflow models based on static information flow analysis. InDico identifies leaks induced by the structure of the workflow, i.e. its control flow. To this end, it translates workflow models, e.g. in BPEL or BPMN, into Petri nets and conducts the static information flow analysis. Examples demonstrate the applicability and the kinds of information leaks InDico currently detects.