Verification of Business Process Entailment Constraints Using SPIN

  • Christian Wolter
  • Philip Miseldine
  • Christoph Meinel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5429)


The verification of access controls is essential for providing secure systems. Model checking is an automated technique used for verifying finite state machines. The properties to be verified are usually expressed as formula in temporal logic. In this paper we present an approach to verify access control security properties of a security annotated business process model. To this end we utilise a security enhanced BPMN notation to define access control properties.

To enhance the usability the complex and technical details are hidden from the process modeller by using an automatic translation of the process model into a process meta language (Promela) based on Coloured Petri net (CPN) semantics.

The model checker SPIN is used for the process model verification and a trace file is written to provide visual feedback to the modeller on the abstraction level of the verified process model. As a proof of concept the described translation methodology is implemented as a plug-in for the free web-based BPMN modelling tool Oryx.


Business Processes Access Control Verification Model Checking SPIN 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Zur Muehlen, M.: Organizational Management in Workflow Applications – Issues and Perspectives. Inf. Technol. and Management 5(3-4), 271–291 (2004)CrossRefGoogle Scholar
  2. 2.
    Cao, X., Iverson, L.: Intentional Access Management: Making Access Control Usable for End-Users. In: SOUPS 2006: Proceedings of the second symposium on Usable privacy and security, vol. 2, pp. 20–31. ACM Press, New York (2006)CrossRefGoogle Scholar
  3. 3.
    Alotaiby, F.T., Chen, J.X.: A model for team-based access control (tmac 2004). In: ITCC 2004: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC 2004), Washington, DC, USA, p. 450. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  4. 4.
    Oh, S., Park, S.: Task-role-based access control model. Inf. Syst. 28(6), 533–562 (2003)CrossRefzbMATHGoogle Scholar
  5. 5.
    Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: FMSE 2004: Proceedings of the 2004 ACM workshop on Formal methods in security engineering, pp. 45–55. ACM, New York (2004)CrossRefGoogle Scholar
  6. 6.
    Thomas, R.K.: Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. pp. 166–181 (1997)Google Scholar
  7. 7.
    Schaad, A., Lotz, V., Sohr, K.: A model-checking approach to analysing organisational controls in a loan origination process. In: SACMAT 2006: ACM symposium on Access control models and technologies, pp. 139–149. ACM, New York (2006)Google Scholar
  8. 8.
    Jeager, T.: Managing access control complexity using metrics. In: SACMAT 2001: Proceedings of the sixth ACM symposium on Access control models and technologies, pp. 131–139. ACM Press, New York (2001)Google Scholar
  9. 9.
    Wolter, C., Schaad, A., Meinel, C.: Task-based entailment constraints for basic workflow patterns. In: SACMAT 2008: Proceedings of the 13th ACM symposium on Access control models and technologies, pp. 51–60. ACM, New York (2008)Google Scholar
  10. 10.
    Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. In: Proc. IEEE, vol. 63, pp. 1278–1308. IEEE Computer Society Press, Los Alamitos (1975)Google Scholar
  11. 11.
    Tan, K., Crampton, J., Gunter, C.A.: The Consistency of Task-Based Authorization Constraints in Workflow Systems. In: CSFW, p. 155- (2004)Google Scholar
  12. 12.
    Wang, Q., Li, N.: Satisfiability and Resiliency in Workflow Systems. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 90–105. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)CrossRefGoogle Scholar
  14. 14.
    Jensen, K., Kristensen, L., Wells, L.: Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems. International Journal on Software Tools for Technology Transfer (STTT) 9(3), 213–254 (2007)CrossRefGoogle Scholar
  15. 15.
    Liu, Y., Mueller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Syst. J. 46(2), 335–361 (2007)CrossRefGoogle Scholar
  16. 16.
    Awad, A., Decker, G., Weske, M.: Efficient Compliance Checking Using BPMN-Q and Temporal Logic. In: Dumas, M., Reichert, M., Shan, M.-C. (eds.) BPM 2008. LNCS, vol. 5240, pp. 326–341. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Object Management Group. Business Process Modeling Notation Specification (2006),
  18. 18.
    Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley Professional, Reading (2003)Google Scholar
  19. 19.
    Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow Resource Patterns: Identification, Representation and Tool Support. In: Pastor, Ó., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 216–232. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Wohed, P., van der Aalst, W.M.P., Dumas, M., ter Hofstede, A.H.M., Russell, N.: On the Suitability of BPMN for Business Process Modelling. In: Dustdar, S., Fiadeiro, J.L., Sheth, A.P. (eds.) BPM 2006. LNCS, vol. 4102, pp. 161–176. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Botha, R.A., Eloff, J.H.P.: Separation of Duties for Access Control Enforcement in Workflow Environments. IBM System Journal 40(3), 666–682 (2001)CrossRefGoogle Scholar
  22. 22.
    Wolter, C., Schaad, A.: Modelling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64–79. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Sadiq, W.S., Governatori, G., Namiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Desel, J., Reisig, W., Rozenberg, G. (eds.): Lectures on Concurrency and Petri Nets. LNCS, vol. 3098. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  25. 25.
    Dijkman, R.M., Dumas, M., Ouyang, C.: Formal semantics and analysis of bpmn process models. Technical report, Queensland University of Technology (2007)Google Scholar
  26. 26.
    Ribeiro, O.R., Fernandes, J.M.: Translating Synchronous Petri Nets into PROMELA for Verifying Behavioural Properties. In: International Symposium on Industrial Embedded Systems, SIES 2007 (2007)Google Scholar
  27. 27.
    Ouyang, C., Verbeek, E., van der Aalst, W.M.P., Breutel, S., Dumas, M., ter Hofstede, A.H.M.: Formal semantics and analysis of control flow in ws-bpel. Sci. Comput. Program. 67(2-3), 162–198 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Yang, Y., Tan, Q., Xiao, Y., Yu, J., Liu, F.: Exploiting Hierarchical CP-Nets to Increase the Reliability of Web Services Workflow. In: SAINT 2006: Proceedings of the International Symposium on Applications on Internet, pp. 116–122. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  29. 29.
    Nakajima, Shin: Lightweight formal analysis of Web service flows. Progress in informatics: PI 2, 57–76 (2005)CrossRefGoogle Scholar
  30. 30.
    Fu, X., Bultan, T., Su, J.: Analysis of interacting BPEL web services. In: WWW 2004: Proceedings of the 13th international conference on World Wide Web, pp. 621–630. ACM Press, New York (2004)Google Scholar
  31. 31.
    Fu, X., Bultan, T., Su, J.: Model checking XML manipulating software. In: ISSTA 2004: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, pp. 252–262. ACM, New York (2004)CrossRefGoogle Scholar
  32. 32.
    Fisteus, J.A., Fernández, L.S., Kloos, C.D.: Applying model checking to BPEL4WS business collaborations. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 826–830. Springer, Heidelberg (2006)Google Scholar
  33. 33.
    Xiangpeng, Z., Cerone, A., Krishnan, P.: Verifying BPEL Workflows Under Authorisation Constraints. In: Dustdar, S., Fiadeiro, J.L., Sheth, A.P. (eds.) BPM 2006. LNCS, vol. 4102, pp. 439–444. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  34. 34.
    Masood, A., Bhatti, R., Ghafoor, A., Mathur, A.: Model-based Testing of Access Control Systems that Employ RBAC Policies. In: BPM 2006. LNCS, pp. 439–444. Springer, Heidelberg (2006)Google Scholar
  35. 35.
    Huang, W.-k., Atluri, V.: SecureFlow: A Secure Web-Enabled Workflow Management System. In: ACM Workshop on Role-Based Access Control, pp. 83–94 (1999)Google Scholar
  36. 36.
    Crampton, J.: A Reference Monitor for Workflow Systems with Constrained Task Execution. In: SACMAT 2005: Proceedings of the tenth ACM Symposium on Access Control Models and Technologies, pp. 38–47. ACM, New York (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Christian Wolter
    • 1
  • Philip Miseldine
    • 1
  • Christoph Meinel
    • 2
  1. 1.SAP ResearchKarlsruheGermany
  2. 2.Hasso-Plattner-Institute (HPI) for IT Systems EngineeringUniversity of PotsdamGermany

Personalised recommendations