Automated Analysis of Infinite State Workflows with Access Control Policies
Business processes are usually specified by workflows extended with access control policies. In previous works, automated techniques have been developed for the analysis of authorization constraints of workflows. One of main drawback of available approaches is that only a bounded number of workflow instances is considered and analyses are limited to consider intra-instance authorization constraints. Instead, in applications, several workflow instances execute concurrently, may synchronize, and be required to ensure inter-instance constraints. Performing an analysis by considering a finite but arbitrary number of workflow instances can give designers a higher confidence about the quality of their business process. In this paper, we propose an automated technique for the analysis of both intra- and inter-instance authorization constraints in workflow systems. We reduce the analysis problem to a model checking problem, parametric in the number of workflow instances, and identify a sub-class of workflow systems with a decidable analysis problem.
KeywordsAccess Control Business Process Access Control Policy Access Control Model Reachability Problem
Unable to display preview. Download preview PDF.
- 3.Alberti, F., Armando, A., Ranise, S.: Efficient Symbolic Automated Analysis of Administrative Role Based Access Control Policies. In: 6th ACM Symp. on Information, Computer, and Communications Security, ASIACCS (2011)Google Scholar
- 7.Cerone, A., Xiangpeng, Z., Krishnan, P.: Modelling and resource allocation planning of BPEL workflows under security constraints. Technical Report 336, UNU-IIST (2006)Google Scholar
- 8.Comon, H., Jurski, Y.: Multiple counters automata, safety analysis and presburger arithmetic. Technical Report LSV-98-1, LSV ENS Cachan (1998)Google Scholar
- 9.Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: 10th ACM SACMAT, pp. 38–47. ACM (2005)Google Scholar
- 10.Dury, A., Boroday, S., Petrenko, A., Lotz, V.: Formal verification of business workflows and role based access control systems. In: SECURWARE, pp. 201–2010 (2007)Google Scholar
- 13.Ghilardi, S., Ranise, S.: Backward reachability of array-based systems by smt solving: Termination and invariant synthesis. In: LMCS, vol. 6(4) (2010)Google Scholar
- 15.Warner, J., Atluri, V.: Inter-Instance Authorization Constraints for Secure Workflow Managment. In: SACMAT, pp. 190–199. ACM (2006)Google Scholar
- 18.Monakova, G., Kopp, O., Leymann, F.: Improving Control Flow Verification in a Business Process using an Extended Petri Net. In: 1st Central-European Workshop on Services and their Composition, ZEUS (2009)Google Scholar
- 21.Schaad, A., Lotz, V., Sohr, K.: A model-checking approach to analysing organisational controls in a loan origination process. In: SACMAT, pp. 139–149. ACM (2006)Google Scholar
- 22.Tripunitara, M.V., Li, N.: The Foundational work of Harrison-Ruzzo-Ullman Revisited. Technical Report CERIAS TR 2006-33, CERIAS and Department of Computer Science. Purdue University (2006)Google Scholar
- 23.Wang, Q., Li, N.: Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inf. Syst. Secur. 13, 40:1–40:35 (2010)Google Scholar