ECAI '92 Proceedings of the 10th European conference on Artificial intelligence
Role-Based Access Control Models
Computer
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Logic based modeling and analysis of workflows
PODS '98 Proceedings of the seventeenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
An action language based on causal explanation: preliminary report
AAAI '98/IAAI '98 Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence
Petri Net Theory and the Modeling of Systems
Petri Net Theory and the Modeling of Systems
Extending and implementing the stable model semantics
Artificial Intelligence
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Knowledge Representation, Reasoning, and Declarative Problem Solving
Knowledge Representation, Reasoning, and Declarative Problem Solving
Analyzing Separation of Duties in Petri Net Workflows
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
NUSMV: A New Symbolic Model Verifier
CAV '99 Proceedings of the 11th International Conference on Computer Aided Verification
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
A logic programming approach to knowledge-state planning, II: the DLVk system
Artificial Intelligence
SAT-based planning in complex domains: concurrency, constraints and nondeterminism
Artificial Intelligence - special issue on planning with uncertainty and incomplete information
A logic programming approach to knowledge-state planning: Semantics and complexity
ACM Transactions on Computational Logic (TOCL)
Artificial Intelligence - Special issue on logical formalizations and commonsense reasoning
Representing the zoo world and the traffic world in the language of the causal calculator
Artificial Intelligence - Special issue on logical formalizations and commonsense reasoning
Supporting conditional delegation in secure workflow management systems
Proceedings of the tenth ACM symposium on Access control models and technologies
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
The DLV system for knowledge representation and reasoning
ACM Transactions on Computational Logic (TOCL)
Comparing action descriptions based on semantic preferences
Annals of Mathematics and Artificial Intelligence
Formal Verification of Business Workflows and Role Based Access Control Systems
SECUREWARE '07 Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies
Synthesising verified access control systems through model checking
Journal of Computer Security
Security Analysis of Role-based Separation of Duty with Workflows
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
ICLP '08 Proceedings of the 24th International Conference on Logic Programming
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools
Transactions on Computational Science IV
Petri Net Security Checker: Structural Non-interference at Work
Formal Aspects in Security and Trust
A modular action description language
AAAI'06 Proceedings of the 21st national conference on Artificial intelligence - Volume 1
Bridging the Gap between High-Level Reasoning and Low-Level Control
LPNMR '09 Proceedings of the 10th International Conference on Logic Programming and Nonmonotonic Reasoning
Modeling Multi-agent Domains in an Action Languages: An Empirical Study Using $\mathcal{C}$
LPNMR '09 Proceedings of the 10th International Conference on Logic Programming and Nonmonotonic Reasoning
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Describing additive fluents in action language C+
IJCAI'03 Proceedings of the 18th international joint conference on Artificial intelligence
Updating action domain descriptions
IJCAI'05 Proceedings of the 19th international joint conference on Artificial intelligence
Rule-based policy representations and reasoning
Semantic techniques for the web
Causal theories of action and change
AAAI'97/IAAI'97 Proceedings of the fourteenth national conference on artificial intelligence and ninth conference on Innovative applications of artificial intelligence
Security validation of business processes via model-checking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Representing action domains with numeric-valued fluents
JELIA'06 Proceedings of the 10th European conference on Logics in Artificial Intelligence
Delegation in role-based access control
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Rule-based policy representation and reasoning for the semantic web
RW'07 Proceedings of the Third international summer school conference on Reasoning Web
Hi-index | 0.00 |
Business processes under authorization control are sets of coordinated activities subject to a security policy stating which agent can access which resource. Their behavior is difficult to predict due to the complex and unexpected interleaving of different execution flows within the process. Serious flaws may thus go undetected and manifest themselves only after deployment. For this reason, business processes are being considered a new, promising application domain for formal methods and model checking techniques in particular. In this paper we show that action-based languages provide a rich and natural framework for the formal specification of and automated reasoning about business processes under authorization constraints. We do this by discussing the application of the action language C to the specification of a business process from the banking domain that is representative of an important class of business processes of practical relevance. Furthermore we show that a number of reasoning tasks that arise in this context (namely checking whether the control flow together with the security policy meets the expected security properties, building a security policy for the given business process under given security requirements, and finding an allocation of tasks to agents that guarantees the completion of the business process) can be carried out automatically using the Causal Calculator CCalc. We also compare C with the prominent specification language used in model-checking.