Role-Based Access Control Models
Computer
An action language based on causal explanation: preliminary report
AAAI '98/IAAI '98 Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence
Petri Net Theory and the Modeling of Systems
Petri Net Theory and the Modeling of Systems
Planning as Satisfiability in Nondeterministic Domains
Proceedings of the Seventeenth National Conference on Artificial Intelligence and Twelfth Conference on Innovative Applications of Artificial Intelligence
Supporting conditional delegation in secure workflow management systems
Proceedings of the tenth ACM symposium on Access control models and technologies
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
LTL Model Checking for Security Protocols
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Formal Verification of Business Workflows and Role Based Access Control Systems
SECUREWARE '07 Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies
SAT-based model-checking for security protocols analysis
International Journal of Information Security
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
On the verification of security-aware E-services
Journal of Symbolic Computation
Automated analysis of infinite state workflows with access control policies
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Constraint expressions and workflow satisfiability
Proceedings of the 18th ACM symposium on Access control models and technologies
Information and Software Technology
Hi-index | 0.00 |
Security-sensitive business processes are business processes that must comply with security requirements (e.g. authorization constraints). In previous works it has been shown that model checking can be profitably used for the automatic analysis of security-sensitive business processes. But building a formal model that simultaneously accounts for both the workflow and the access control policy is a time consuming and error-prone activity. In this paper we present a new approach to model checking security-sensitive business processes that allows for the separate specification of the workflow and of the associated security policy while retaining the ability to carry out a fully automatic analysis of the process. To illustrate the effectiveness of the approach we describe its application to a version of the Loan Origination Process featuring an RBAC access control policy extended with delegation.