On the Modeling and Verification of Security-Aware and Process-Aware Information Systems

  • Jason Crampton
  • Michael Huth
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 100)


Many business processes are modeled as workflows, which often need to comply with business rules, legal requirements, and authorization policies. Workflow satisfiability is the problem of determining whether there exists a workflow instance that realizes the workflow specification while simultaneously complying with such constraints. Although this problem has been studied by the computer security community in the past, existing solutions are tailored for particular workflow models, so their applicability to other models or richer forms of analysis is questionable. We here investigate whether the satisfiability of formulas in an NP-complete fragment of linear-time temporal logic can serve as a more expressive and versatile tool for deciding the satisfiability of workflows. We also show that this fragment can solve this problem for a standard model from the literature.


Model Check Temporal Logic Authorized User Atomic Proposition Execution Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security 2(1), 65–104 (1999)CrossRefGoogle Scholar
  2. 2.
    Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, pp. 38–47 (2005)Google Scholar
  3. 3.
    Wang, Q., Li, N.: Satisfiability and Resiliency in Workflow Systems. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 90–105. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Vardi, M.Y., Wolper, P.: Reasoning about infinite computations. Information and Computation 115, 1–37 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Sistla, A.P., Clarke, E.M.: The complexity of propositional linear temporal logics. Journal of the ACM 32, 733–749 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    van der Aalst, W.M.P., Pesic, M., Schonenberg, H.: Declarative workflows: Balancing between flexibility and support. Computer Science - R&D 23(2), 99–113 (2009)Google Scholar
  7. 7.
    van der Aalst, W.M.P., ter Hofstede, A., Kiepuszewski, B., Barros, A.: Workflow patterns. Distributed and Parallel Databases 14(1), 5–51 (2003)CrossRefGoogle Scholar
  8. 8.
    Warner, J., Atluri, V.: Inter-instance authorization constraints for secure workflow management. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 190–199 (2006)Google Scholar
  9. 9.
    Russell, N.C.: Foundations of Process-Aware Information Systems. PhD thesis, Faculty of Information Technology, Queensland University of Technology (December 2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jason Crampton
    • 1
  • Michael Huth
    • 2
  1. 1.Information Security Group, Royal HollowayUniversity of LondonUK
  2. 2.Department of ComputingImperial College LondonUK

Personalised recommendations