Security Validation of Business Processes via Model-Checking
More and more industrial activities are captured through Business Processes (BPs). To evaluate whether a BP under-design enjoys certain security desiderata is hardly manageable by business analysts without tool support, as the BP runtime environment is highly dynamic (e.g., task delegation). Automated reasoning techniques such as model checking can provide the required level of assurance but suffer of well-known obstacles for the adoption in industrial systems, e.g. they require a strong logical and mathematical background. In this paper, we present a novel security validation approach for BPs that employs state-of-the-art model checking techniques for evaluating security-relevant aspects of BPs in dynamic environments and offers accessible user interfaces and apprehensive feedback for business analysts so to be suitable for industry.
KeywordsBusiness Process Model Check Business Process Management Horn Clause Access Control Policy
Unable to display preview. Download preview PDF.
- 1.Clarke, E.M., Grumberg, O., Peled, D.: Model checking (2000)Google Scholar
- 2.Karch, S., Heilig, L.: SAP NetWeaver, 1. aufl edn. Galileo Press, Bonn (2004)Google Scholar
- 4.Giorgini, P., Massacci, F., Mylopoulos, J.: Modeling security requirements through ownership, permission and delegation. In: RE, pp. 167–176. IEEE Press, Los Alamitos (2005)Google Scholar
- 5.AVANTSSAR: Deliverable 2.1: Requirements for modelling and ASLan v.1 (2008), http://www.avantssar.eu
- 6.Armando, A., Carbone, R., Compagna, L.: LTL Model Checking for Security Protocols. In: JANCL, Special Issue on Logic and Information Security (2009)Google Scholar
- 9.Rakkay, H., Boucheneb, H.: Security analysis of role based access control models using colored petri nets and cpntools, pp. 149–176 (2009)Google Scholar
- 12.Awad, A., Weidlich, M., Weske, M.: Specification, verification and explanation of violation for data aware compliance rules. In: ICSOC-Service Wave (2009)Google Scholar
- 14.Höhn, S., Jürjens, J.: Rubacon: automated support for model-based compliance engineering. In: ICSE, pp. 875–878 (2008)Google Scholar