Analyzing Separation of Duties Constraints with a Probabilistic Model Checker

  • Tamara Mendt
  • Carsten Sinz
  • Olga Tveretina
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 97)


Separation of Duties (SoD) is the concept that conflicting activities cannot be assigned to the same individual. A goal of SoD is to separate roles and responsibilities to reduce the risk of fraud or error. We consider the problem of verifying SoD constraints in the presence of uncertain information. We demonsrate the feasibility of implementing probabilistic model checking in a business process design with a case study. Modeling and verification is done with the probabilistic model checker PRISM.


Business Process Model Check Access Control Policy Business Process Modeling Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Knorr, K., Weidner, H.: Analyzing separation of duties in petri net workflows. In: MMM-ACNS, pp. 102–114 (2001)Google Scholar
  2. 2.
    Lawrence, L.G.: The role of roles. Computers and Security 12(1), 15–21 (1993)CrossRefGoogle Scholar
  3. 3.
    Mendt, T., Sinz, C., Tveretina, O.: Probabilistic Model Checking of Constraints in a Supply Chain Business Process. In: Abramowicz, W. (ed.) BIS 2011. LNBIP, vol. 87, pp. 1–12. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    Wynn, M.T., Verbeek, H.M.W., Aalst, W.M.P., Ter Hofstede, A.H.M., Edmond, D.: Business process verification - finally a reality! Business Process Management Journal 15(1), 74–92 (2007)CrossRefGoogle Scholar
  5. 5.
    Janssen, W., Mateescu, R., Mauw, S., Springintveld, J.: Verifying business processes using spin. In: Proceedings of the 4th International SPIN Workshop, pp. 21–36 (1998)Google Scholar
  6. 6.
    Janssen, W., Mateescu, R., Mauw, S., Fennema, P., van der Stappen, P.: Model Checking for Managers. In: Dams, D.R., Gerth, R., Leue, S., Massink, M. (eds.) SPIN 1999. LNCS, vol. 1680, pp. 92–107. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    El Kharbili, M., de Medeiros, A.K.A., Stein, S., van der Aalst, W.M.P.: Business process compliance checking: Current state and future challenges. In: Modellierung Betrieblicher Informationssysteme (MobIS 2008). LNI, vol. 141, pp. 107–113 (2008)Google Scholar
  8. 8.
    Lu, R., Sadiq, S., Governatori, G., Yang, X.: Defining Adaptation Constraints for Business Process Variants. In: Abramowicz, W. (ed.) Business Information Systems. LNBIP, vol. 21, pp. 145–156. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Ly, L.T., Göser, K., Rinderle-Ma, S., Dadam, P.: Compliance of semantic constraints - a requirements analysis for process management systems. In: 1st Int’l Workshop on Governance, Risk and Compliance - Applications in Information Systems, Montpellier, France (2008)Google Scholar
  10. 10.
    Schaad, A., Lotz, V., Sohr, K.: A model-checking approach to analysing organisational controls in a loan origination process. In: SACMAT 2006: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 139–149. ACM, New York (2006)CrossRefGoogle Scholar
  11. 11.
    Armando, A., Ponta, S.: Model checking of security-sensitive business processes (2010)Google Scholar
  12. 12.
    Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2), 244–263 (1986)CrossRefGoogle Scholar
  13. 13.
    Kwiatkowska, M., Norman, G., Parker, D.: Stochastic Model Checking. In: Bernardo, M., Hillston, J. (eds.) SFM 2007. LNCS, vol. 4486, pp. 220–270. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    PRISM website (2010),
  15. 15.
    Baier, C., Katoen, J.-P.: Principles of model checking. MIT Press (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Tamara Mendt
    • 1
    • 2
    • 3
  • Carsten Sinz
    • 1
  • Olga Tveretina
    • 1
  1. 1.Institute for Theoretical Computer ScienceKarlsruhe Institute of TechnologyGermany
  2. 2.SAP Research CenterKarlsruheGermany
  3. 3.Universidad Simón BolívarVenezuela

Personalised recommendations