Logics of time and computation
Logics of time and computation
Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Protection in operating systems
Communications of the ACM
A rule-based framework for role based delegation
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
A Framework for Organisational Control Principles
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Proceedings of the 17th IEEE international conference on Automated software engineering
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Role-Based Access Control
Proceedings of the 2004 ACM symposium on Applied computing
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
Facilitating cross-organisational workflows with a workflow view approach
Data & Knowledge Engineering - Special issue: Contract-driven coordination and collaboration in the internet context
XacT: a bridge between resource management and access control in multi-layered applications
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Articulating and enforcing authorisation policies with UML and OCL
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Revocation of obligation and authorisation policy objects
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
Enforcing security properties in task-based systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
Stale-safe security properties for group-based secure information sharing
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Security views for outsourced business processes
Proceedings of the 2008 ACM workshop on Secure web services
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
From Formal Access Control Policies to Runtime Enforcement Aspects
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Toward practical analysis for trust management policy
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Specification and Enforcement of Static Separation-of-Duty Policies in Usage Control
ISC '09 Proceedings of the 12th International Conference on Information Security
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
The OPL Access Control Policy Language
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
A transformation approach for security enhanced business processes
SE '08 Proceedings of the IASTED International Conference on Software Engineering
A transformation-driven approach to the verification of security policies in web designs
ICWE'07 Proceedings of the 7th international conference on Web engineering
Deriving XACML policies from business process models
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Proceedings of the 15th ACM symposium on Access control models and technologies
An XACML extension for business process-centric access control policies
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Dynamic enforcement of abstract separation of duty constraints
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Security validation of business processes via model-checking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Efficient symbolic automated analysis of administrative attribute-based RBAC-policies
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Journal of Computer and System Sciences
Model checking of security-sensitive business processes
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Refinement-based design of a group-centric secure information sharing model
Proceedings of the second ACM conference on Data and Application Security and Privacy
On the verification of security-aware E-services
Journal of Symbolic Computation
Automated analysis of infinite state workflows with access control policies
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Dynamic enforcement of abstract separation of duty constraints
ACM Transactions on Information and System Security (TISSEC)
Automated extraction of security policies from natural-language software documents
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Business process regulatory compliance management solution frameworks: a comparative evaluation
APCCM '12 Proceedings of the Eighth Asia-Pacific Conference on Conceptual Modelling - Volume 130
Information and Software Technology
Verification and enforcement of access control policies
Formal Methods in System Design
Formal verification of security properties in trust management policy
Journal of Computer Security
| Hi-index | 0.01 |
Demonstrating the safety of a system (ie. avoiding the undesired propagation of access rights or indirect access through some other granted resource) is one of the goals of access control research, e.g. [1-4]. However, the flexibility required from enterprise resource management (ERP) systems may require the implementation of seemingly contradictory requirements (e.g. tight access control but at the same time support for discretionary delegation of workflow tasks and rights).To aid in the analysis of safety problems in workflow-based ERP system, this paper presents a model-checking based approach for automated analysis of delegation and revocation functionalities. This is done in the context of a real-world banking workflow requiring static and dynamic separation of duty properties.We derived information about the workflow from BPEL specifications and ERP business object repositories. This was captured in a SMV specification together with a definition of possible delegation and revocation scenarios. The required separation properties were translated into a set of LTL-based constraints. In particular, we analyse the interaction between delegation and revocation activities in the context of dynamic separation of duty policies.