Injecting RBAC to secure a Web-based workflow system
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Verifying Workflow Processes against Organization Security Policies
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Analysis of interacting BPEL web services
Proceedings of the 13th international conference on World Wide Web
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Transforming BPEL to petri nets
BPM'05 Proceedings of the 3rd international conference on Business Process Management
Authorization and User Failure Resiliency for WS-BPEL Business Processes
ICSOC '08 Proceedings of the 6th International Conference on Service-Oriented Computing
A policy-based authorization model for workflow-enabled dynamic process management
Journal of Network and Computer Applications
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Reinforcement learning based resource allocation in business process management
Data & Knowledge Engineering
Integrating constraints to support legally flexible business processes
Information Systems Frontiers
| Hi-index | 0.00 |
Business Process Execution Language (BPEL), or Web Services BPEL (WS-BPEL), is the standard for specifying workflow process definition using web services. Research on formal modelling and verification of BPEL has largely concentrated on control flow and data flow, while security related properties have received little attention. In this work, we present a formal framework that integrates Role Based Access Control (RBAC) into BPEL and allows us to express authorisation constraints using temporal logic. Using this framework, we show how model-checking can be applied to verify that a given BPEL process satisfies the security constraints.