Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
A Chinese wall security model for decentralized workflow systems
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Classification of Security Properties (Part I: Information Flow)
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Verifying Enterprise 's Mandatory Access Control Policies with Coloured Petri Nets
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Security Analysis of Electronic Business Processes
Electronic Commerce Research
A Role-Based Access Control Policy Verification Framework for Real-Time Systems
WORDS '05 Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
Verification of Strict Integrity Policy via Petri Nets
ICSNC '06 Proceedings of the International Conference on Systems and Networks Communication
Secured Information Flow for Asynchronous Sequential Processes
Electronic Notes in Theoretical Computer Science (ENTCS)
Petri Net Transformations for Business Processes --- A Survey
Transactions on Petri Nets and Other Models of Concurrency II
Petri Net Security Checker: Structural Non-interference at Work
Formal Aspects in Security and Trust
Verifying Information Flow Control over Unbounded Processes
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Towards a Usage Control Policy Specification with Petri Nets
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Structural non-interference in elementary and trace nets
Mathematical Structures in Computer Science
Generating Petri net state spaces
ICATPN'07 Proceedings of the 28th international conference on Applications and theory of Petri nets and other models of concurrency
How to implement a theory of correctness in the area of business processes and services
BPM'10 Proceedings of the 8th international conference on Business process management
Strong non-leak guarantees for workflow models
Proceedings of the 2011 ACM Symposium on Applied Computing
Analysis on demand: Instantaneous soundness checking of industrial business process models
Data & Knowledge Engineering
Towards Forensic Data Flow Analysis of Business Process Logs
IMF '11 Proceedings of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics
On intransitive non-interference in some models of concurrency
Foundations of security analysis and design VI
InDico: information flow analysis of business processes for confidentiality requirements
STM'10 Proceedings of the 6th international conference on Security and trust management
Vulnerability Analysis in SOA-Based Business Processes
IEEE Transactions on Services Computing
Formal Specification and Verification of Modular Security Policy Based on Colored Petri Nets
IEEE Transactions on Dependable and Secure Computing
SWAT: A Security Workflow Analysis Toolkit for Reliably Secure Process-aware Information Systems
ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
Runtime enforcement of information flow security in tree manipulating processes
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Automated analysis of infinite state workflows with access control policies
STM'11 Proceedings of the 7th international conference on Security and Trust Management
On the exploitation of process mining for security audits: the process discovery case
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Relational abstract interpretation for the verification of 2-hypersafety properties
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
We present an automated and efficient approach for the verification of information flow control for business process models. Building on the concept of Place-based Non-Interference, the novelty is that Petri net reachability is employed to detect places in which information leaks occur. We show that the approach is sound and complete, and present its implementation, the Anica tool. Anica employs state of the art model-checking algorithms to test reachability. An extensive evaluation comprising over 550 industrial process models is carried out and shows that information flow analysis of process models can be done in milliseconds.