Model checking authorization requirements in business processes

Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work...

Full description

Saved in:

Bibliographic Details
Published in:	Computers & security Vol. 40; pp. 1 - 22
Main Authors:	Armando, Alessandro, Ponta, Serena Elisa
Format:	Journal Article
Language:	English
Published:	Amsterdam Elsevier Ltd 01.02.2014 Elsevier Elsevier Sequoia S.A
Subjects:	Access Access control Applied sciences Authorization Authorization requirements Authorizations Automatic security analysis Business Computer science; control theory; systems Computer systems and distributed systems. User interface Computer systems performance. Reliability Delegation Economics Exact sciences and technology Information systems. Data bases Loan originations Loans Mathematical models Memory and file management (including protection and security) Memory organisation. Data processing Model checking Organizational control Organizational effectiveness Permission Policies Requirements analysis Security-sensitive business process Software Specification Specifications Studies Time use Workflow Access control Model checking Authorization requirements Security-sensitive business process Organizational control Automatic security analysis Groupware Legislation Workflow Integrated management Delegation Program verification Role-based access control Business process Loan Duty separation Formal specification Static analysis Licence procedure Firm management Automatic analysis Computer security
ISSN:	0167-4048, 1872-6208
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

Abstract	Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work showed that model checking can be profitably used to check authorization requirements in business processes. However, building formal models that simultaneously account for both the workflow and the access control policy is a time consuming and error-prone activity. In this paper we present a new approach to model checking authorization requirements in business processes that allows for the separate specification of the workflow and of the associated access control policy while retaining the ability to carry out a fully automatic analysis of the business process. To illustrate the effectiveness of the approach we describe its application to a Loan Origination Process subject to an RBAC access control policy featuring conditional permission assignments and delegation.
AbstractList	Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work showed that model checking can be profitably used to check authorization requirements in business processes. However, building formal models that simultaneously account for both the workflow and the access control policy is a time consuming and error-prone activity. In this paper we present a new approach to model checking authorization requirements in business processes that allows for the separate specification of the workflow and of the associated access control policy while retaining the ability to carry out a fully automatic analysis of the business process. To illustrate the effectiveness of the approach we describe its application to a Loan Origination Process subject to an RBAC access control policy featuring conditional permission assignments and delegation. Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work showed that model checking can be profitably used to check authorization requirements in business processes. However, building formal models that simultaneously account for both the workflow and the access control policy is a time consuming and error-prone activity. In this paper we present a new approach to model checking authorization requirements in business processes that allows for the separate specification of the workflow and of the associated access control policy while retaining the ability to carry out a fully automatic analysis of the business process. To illustrate the effectiveness of the approach we describe its application to a Loan Origination Process subject to an RBAC access control policy featuring conditional permission assignments and delegation. [PUBLICATION ABSTRACT]
Author	Armando, Alessandro Ponta, Serena Elisa
Author_xml	– sequence: 1 givenname: Alessandro surname: Armando fullname: Armando, Alessandro email: alessandro.armando@unige.it organization: DIBRIS, Università di Genova, Viale Causa, 13, 16145 Genova, Italy – sequence: 2 givenname: Serena Elisa surname: Ponta fullname: Ponta, Serena Elisa email: serena.ponta@sap.com organization: SAP Research Sophia-Antipolis, Mougins, France
BackLink	http://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=28275163$$DView record in Pascal Francis
BookMark	eNqNkV9rFTEQxYNU8Lb6BXxaEMGXvebfJlkQRIpWoaUv9TlksxOb696kzewK-unN9taXPtQ-zTD8zhlmzjE5SjkBIa8Z3TLK1Pvd1meELadM1MGWUv6MbJjRvFWcmiOyqZBuJZXmBTlG3FHKtDJmQz5e5BGmxl-D_xnTj8Yt83Uu8Y-bY05NgdslFthDmrGJqRkWjAkQm5uSfa2AL8nz4CaEV_f1hHz_8vnq9Gt7fnn27fTTeetlp-cWlOOgGSgB2tHBBx1YGMF4EURXGxbkIIMKlGozgpAsDN2gpBq974YwBHFC3h186-bbBXC2-4gepsklyAvaep7uhZI9-z_aSSZ51_f6Caio72XMrK5vHqC7vJRUb7ZM9nVvb7So1Nt7yqF3Uygu-Yj2psS9K78tN1x3TK2cOXC-ZMQCwfo43_18Li5OllG75mp3ds3Vrrmus5prlfIH0n_uj4o-HERQM_oVoVj0EZKHscbrZzvm-Jj8L7dVvjA
CODEN	CPSEDU
CitedBy_id	crossref_primary_10_1016_j_cose_2023_103294 crossref_primary_10_1016_j_cose_2023_103621 crossref_primary_10_1007_s11704_016_6016_2 crossref_primary_10_1109_TSMC_2024_3373567 crossref_primary_10_1109_TKDE_2024_3373562 crossref_primary_10_1109_TDSC_2020_2975163 crossref_primary_10_1109_TSC_2023_3268651 crossref_primary_10_3390_computers13110274 crossref_primary_10_1108_JM2_03_2020_0077 crossref_primary_10_1155_2021_6610795 crossref_primary_10_1109_TDSC_2020_3012729 crossref_primary_10_1016_j_jsc_2016_07_008 crossref_primary_10_1109_TR_2023_3235785 crossref_primary_10_1109_TDSC_2023_3248602 crossref_primary_10_1109_TSMC_2019_2954589 crossref_primary_10_1109_TKDE_2021_3124271
Cites_doi	10.1007/11513988_27 10.3233/JCS-2008-16101 10.1007/s10922-004-0674-3 10.1109/32.588521 10.1145/300830.300837 10.1109/2.485845
ContentType	Journal Article
Copyright	2013 Elsevier Ltd 2015 INIST-CNRS Copyright Elsevier Sequoia S.A. Feb 2014
Copyright_xml	– notice: 2013 Elsevier Ltd – notice: 2015 INIST-CNRS – notice: Copyright Elsevier Sequoia S.A. Feb 2014
DBID	AAYXX CITATION IQODW 7SC 8FD JQ2 K7. L7M L~C L~D
DOI	10.1016/j.cose.2013.10.002
DatabaseName	CrossRef Pascal-Francis Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection ProQuest Criminal Justice (Alumni) Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional
DatabaseTitle	CrossRef ProQuest Criminal Justice (Alumni) Technology Research Database Computer and Information Systems Abstracts – Academic ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional
DatabaseTitleList	Computer and Information Systems Abstracts Computer and Information Systems Abstracts Computer and Information Systems Abstracts ProQuest Criminal Justice (Alumni)
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science Applied Sciences Business Economics
EISSN	1872-6208
EndPage	22
ExternalDocumentID	3207845241 28275163 10_1016_j_cose_2013_10_002 S0167404813001429
Genre	Feature
GroupedDBID	--K --M -~X .DC .~1 0R~ 1B1 1RT 1~. 1~5 29F 4.4 457 4G. 5GY 5VS 7-5 71M 8P~ 9JN AACTN AAEDT AAEDW AAIAV AAIKJ AAKOC AALRI AAOAW AAQFI AAQXK AAXUO AAYFN ABBOA ABFSI ABMAC ABXDB ABYKQ ACDAQ ACGFO ACGFS ACNNM ACRLP ACZNC ADBBV ADEZE ADHUB ADJOM ADMUD AEBSH AEKER AENEX AFFNX AFKWA AFTJW AGHFR AGUBO AGYEJ AHHHB AHZHX AIALX AIEXJ AIKHN AITUG AJBFU AJOXV ALMA_UNASSIGNED_HOLDINGS AMFUW AMRAJ AOUOD ASPBG AVWKF AXJTR AZFZN BKOJK BKOMP BLXMC CS3 DU5 E.L EBS EFJIC EFLBG EJD EO8 EO9 EP2 EP3 FDB FEDTE FGOYB FIRID FNPLU FYGXN G-2 G-Q GBLVA GBOLZ HLX HLZ HVGLF HZ~ IHE J1W KOM LG8 LG9 M41 MO0 MS~ N9A O-L O9- OAUVE OZT P-8 P-9 P2P PC. PQQKQ Q38 R2- RIG RNS ROL RPZ RXW SBC SBM SDF SDG SDP SES SEW SPC SPCBC SSV SSZ T5K TAE TN5 TWZ WH7 WUQ XJE XPP XSW YK3 ZMT ~G- 9DU AATTM AAXKI AAYWO AAYXX ABJNI ABWVN ACLOT ACRPL ACVFH ADCNI ADNMO AEIPS AEUPX AFJKZ AFPUW AGQPQ AIGII AIIUN AKBMS AKRWK AKYEP ANKPU APXCP CITATION EFKBS ~HD BNPGV IQODW SSH 7SC 8FD JQ2 K7. L7M L~C L~D
ID	FETCH-LOGICAL-c457t-e6a2e71e63e7a0bcf7f1fde8c3f35fde1f4b4f6f0078de341fb5b646dcc5bfbf3
ISICitedReferencesCount	19
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000331482500002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	0167-4048
IngestDate	Wed Oct 01 12:51:29 EDT 2025 Sat Sep 27 17:17:18 EDT 2025 Sat Sep 27 18:16:12 EDT 2025 Thu Nov 20 01:15:34 EST 2025 Wed Apr 02 07:25:23 EDT 2025 Sat Nov 29 05:55:40 EST 2025 Tue Nov 18 22:43:40 EST 2025 Fri Feb 23 02:33:36 EST 2024
IsPeerReviewed	true
IsScholarly	true
Keywords	Access control Model checking Authorization requirements Security-sensitive business process Organizational control Automatic security analysis Groupware Legislation Workflow Integrated management Delegation Program verification Role-based access control Business process Loan Duty separation Formal specification Static analysis Licence procedure Firm management Automatic analysis Computer security
Language	English
License	CC BY 4.0
LinkModel	OpenURL
MergedId	FETCHMERGED-LOGICAL-c457t-e6a2e71e63e7a0bcf7f1fde8c3f35fde1f4b4f6f0078de341fb5b646dcc5bfbf3
Notes	SourceType-Scholarly Journals-1 ObjectType-Feature-1 content type line 14 ObjectType-Article-2 content type line 23 ObjectType-Article-1 ObjectType-Feature-2
PQID	1494919873
PQPubID	23500
PageCount	22
ParticipantIDs	proquest_miscellaneous_1677936491 proquest_miscellaneous_1541425997 proquest_miscellaneous_1531011181 proquest_journals_1494919873 pascalfrancis_primary_28275163 crossref_citationtrail_10_1016_j_cose_2013_10_002 crossref_primary_10_1016_j_cose_2013_10_002 elsevier_sciencedirect_doi_10_1016_j_cose_2013_10_002
PublicationCentury	2000
PublicationDate	2014-02-01
PublicationDateYYYYMMDD	2014-02-01
PublicationDate_xml	– month: 02 year: 2014 text: 2014-02-01 day: 01
PublicationDecade	2010
PublicationPlace	Amsterdam
PublicationPlace_xml	– name: Amsterdam
PublicationTitle	Computers & security
PublicationYear	2014
Publisher	Elsevier Ltd Elsevier Elsevier Sequoia S.A
Publisher_xml	– name: Elsevier Ltd – name: Elsevier – name: Elsevier Sequoia S.A
References	Knorr, Weidner (bib35) 2001 Schaad A, Sohr K, Drouineaud M, A workflow-based model-checking approach to inter- and intra-analysis of organisational controls in service-oriented business processes. J Inform Assur Secur; 2(1):55–67. Biere (bib14) 2009; vol. 185 Armando, Ponta (bib3) 2010; vol. 5983 Frau, Gorrieri, Ferigato (bib23) 2008; vol. 5491 Giunchiglia, Lifschitz (bib25) 1998 OMG (bib37) 2009 Scholer S, Zink O, Galileo Press; 2009. URL Guelev, Ryan, Schobbens (bib26) 2004; vol. 3225 Keen, Bahy, Croson, Garratt, Karchner, Lehmann (bib33) 2007 Jensen, Kristensen (bib32) 2009 Armando, Basin, Boichut, Chevalier, Compagna, Cuellar (bib4) 2005 Heilig, Karch (bib28) 2004 Heilig L, Karch S, Bottcher O, Mutzig C, Weber J, Pfennig R, Galileo Press; 2008. URL Armando, Carbone, Compagna (bib5) 2007 Armando, Compagna (bib2) 2007 Bertino, Ferrari, Atluri (bib11) 1999; 2 SAP (bib41) 2011 Crampton (bib19) 2005 Kesten, Pnueli, Raviv (bib34) 1998 Yi, Yong, Weinong (bib46) 2004; 12 Cerone, Xiangpeng, Krishnan (bib15) June 2006 Atluri, Warner (bib9) 2005 Giorgini, Massacci, Mylopoulos, Zannone (bib24) 2005 Heilig (bib27) 2010 OASIS (bib36) April 2007 Peterson (bib38) 1981 Schaad, Lotz, Sohr (bib42) 2006 Basin, Burri, Karjoth (bib10) 2009; vol. 5789 Hewett, Kijsanayothin, Thipse (bib30) 2008 Crampton, Khambhammettu (bib18) 2006 Arsac, Compagna, Pellegrino, Ponta (bib8) 2011; vol. 6542 Zhang, Ryan, Guelev (bib47) 2008; 16 Armando, Arsac, Avanesov, Barletta, Calvi, Cappai (bib7) 2012 de Moura, Owre, Rueß, Rushby, Shankar, Sorea (bib20) 2004; vol. 3114 Clark, Wilson (bib17) 1987 . Holzmann (bib31) 1997; 23 Armando, Carbone, Compagna, Cuéllar, Tobarra (bib6) 2008 Dury, Boroday, Petrenko, Lotz (bib21) 2007 Biere, Cimatti, Clarke, Zhu (bib13) 1999; vol. 1579 Rakkay, Boucheneb (bib39) 2009; 5430 Sandhu, Coyne, Feinstein, Youman (bib40) 1996; 29 Cimatti, Clarke, Giunchiglia, Giunchiglia, Pistore, Roveri (bib16) 2002; vol. 2404 Wolter, Miseldine, Meinel (bib45) 2009 Armando, Compagna (bib1) 2004; vol. 3229 Ferraris, Giunchiglia (bib22) 2000 Bertino, Crampton, Paci (bib12) 2006 Armando (10.1016/j.cose.2013.10.002_bib6) 2008 10.1016/j.cose.2013.10.002_bib29 Sandhu (10.1016/j.cose.2013.10.002_bib40) 1996; 29 Biere (10.1016/j.cose.2013.10.002_bib13) 1999; vol. 1579 Holzmann (10.1016/j.cose.2013.10.002_bib31) 1997; 23 Bertino (10.1016/j.cose.2013.10.002_bib11) 1999; 2 Hewett (10.1016/j.cose.2013.10.002_bib30) 2008 Armando (10.1016/j.cose.2013.10.002_bib3) 2010; vol. 5983 Cerone (10.1016/j.cose.2013.10.002_bib15) 2006 Clark (10.1016/j.cose.2013.10.002_bib17) 1987 Basin (10.1016/j.cose.2013.10.002_bib10) 2009; vol. 5789 Heilig (10.1016/j.cose.2013.10.002_bib28) 2004 Keen (10.1016/j.cose.2013.10.002_bib33) 2007 Armando (10.1016/j.cose.2013.10.002_bib2) 2007 Arsac (10.1016/j.cose.2013.10.002_bib8) 2011; vol. 6542 Biere (10.1016/j.cose.2013.10.002_bib14) 2009; vol. 185 OASIS (10.1016/j.cose.2013.10.002_bib36) 2007 Peterson (10.1016/j.cose.2013.10.002_bib38) 1981 Rakkay (10.1016/j.cose.2013.10.002_bib39) 2009; 5430 SAP (10.1016/j.cose.2013.10.002_bib41) 2011 Armando (10.1016/j.cose.2013.10.002_bib4) 2005 Crampton (10.1016/j.cose.2013.10.002_bib19) 2005 Giunchiglia (10.1016/j.cose.2013.10.002_bib25) 1998 Wolter (10.1016/j.cose.2013.10.002_bib45) 2009 Atluri (10.1016/j.cose.2013.10.002_bib9) 2005 Kesten (10.1016/j.cose.2013.10.002_bib34) 1998 Ferraris (10.1016/j.cose.2013.10.002_bib22) 2000 Giorgini (10.1016/j.cose.2013.10.002_bib24) 2005 Schaad (10.1016/j.cose.2013.10.002_bib42) 2006 Cimatti (10.1016/j.cose.2013.10.002_bib16) 2002; vol. 2404 Yi (10.1016/j.cose.2013.10.002_bib46) 2004; 12 Knorr (10.1016/j.cose.2013.10.002_bib35) 2001 Armando (10.1016/j.cose.2013.10.002_bib1) 2004; vol. 3229 Armando (10.1016/j.cose.2013.10.002_bib5) 2007 Zhang (10.1016/j.cose.2013.10.002_bib47) 2008; 16 Frau (10.1016/j.cose.2013.10.002_bib23) 2008; vol. 5491 Crampton (10.1016/j.cose.2013.10.002_bib18) 2006 de Moura (10.1016/j.cose.2013.10.002_bib20) 2004; vol. 3114 Heilig (10.1016/j.cose.2013.10.002_bib27) 2010 Armando (10.1016/j.cose.2013.10.002_bib7) 2012 Dury (10.1016/j.cose.2013.10.002_bib21) 2007 Jensen (10.1016/j.cose.2013.10.002_bib32) 2009 10.1016/j.cose.2013.10.002_bib44 Bertino (10.1016/j.cose.2013.10.002_bib12) 2006 10.1016/j.cose.2013.10.002_bib43 OMG (10.1016/j.cose.2013.10.002_bib37) 2009 Guelev (10.1016/j.cose.2013.10.002_bib26) 2004; vol. 3225
References_xml	– volume: vol. 6542 start-page: 29 year: 2011 end-page: 42 ident: bib8 article-title: Security validation of business processes via model-checking publication-title: ESSoS – volume: vol. 5491 start-page: 210 year: 2008 end-page: 225 ident: bib23 article-title: Petri net security checker: structural non-interference at work publication-title: Formal aspects in security and trust – start-page: 1 year: 2009 end-page: 15 ident: bib45 article-title: Verification of business process entailment constraints using SPIN publication-title: ESSoS – start-page: 623 year: 1998 end-page: 630 ident: bib25 article-title: An action language based on causal explanation: preliminary report publication-title: Proc. AAAI-98 – volume: vol. 185 start-page: 457 year: 2009 end-page: 481 ident: bib14 article-title: Bounded model checking publication-title: Handbook of satisfiability – year: June 2006 ident: bib15 article-title: Modelling and resource allocation planning of BPEL workflows under security constraints – year: 2009 ident: bib37 article-title: Business process modeling notation (BPMN) – volume: vol. 2404 start-page: 359 year: 2002 end-page: 364 ident: bib16 article-title: NuSMV 2: an opensource tool for symbolic model checking publication-title: 14th international conference on computer aided verification (CAV 2002) – volume: 29 start-page: 38 year: 1996 end-page: 47 ident: bib40 article-title: Role-based access control models publication-title: Computer – volume: vol. 3229 start-page: 730 year: 2004 end-page: 733 ident: bib1 article-title: SATMC: a SAT-based model checker for security protocols publication-title: JELIA'04 – start-page: 1 year: 2008 end-page: 10 ident: bib6 article-title: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps publication-title: Proceedings of the 6th ACM workshop on formal methods in security engineering, FMSE 2008, Alexandria, VA, USA, October 27, 2008 – start-page: 267 year: 2012 end-page: 282 ident: bib7 article-title: The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures publication-title: Proceedings of the 18th international conference on tools and algorithms for the construction and analysis of systems (TACAS) – start-page: 275 year: 2006 end-page: 284 ident: bib12 article-title: Access control and authorization constraints for WS-BPEL publication-title: ICWS – start-page: 102 year: 2001 end-page: 114 ident: bib35 article-title: Analyzing separation of duties in Petri net workflows publication-title: MMM-ACNS '01: proceedings of the international workshop on information assurance in computer networks – start-page: 38 year: 2005 end-page: 47 ident: bib19 article-title: A reference monitor for workflow systems with constrained task execution publication-title: SACMAT 2005, 10th ACM symposium on access control models and technologies, Stockholm, Sweden, June 1–3, 2005, Proceedings – start-page: 748 year: 2000 end-page: 753 ident: bib22 article-title: Planning as satisfiability in nondeterministic domains publication-title: Proc. of the seventeenth national conference on artificial intelligence and twelfth conference on innovative applications of artificial intelligence – year: 2007 ident: bib2 article-title: SAT-based model-checking for security protocols analysis publication-title: International Journal of Information Security – reference: Schaad A, Sohr K, Drouineaud M, A workflow-based model-checking approach to inter- and intra-analysis of organisational controls in service-oriented business processes. J Inform Assur Secur; 2(1):55–67. – volume: vol. 5983 start-page: 66 year: 2010 end-page: 80 ident: bib3 article-title: Model checking of security-sensitive business processes publication-title: Formal aspects in security and trust, 6th international workshop, FAST09 – start-page: 174 year: 2006 end-page: 191 ident: bib18 article-title: Delegation in role-based access control publication-title: ESORICS'06 – reference: Heilig L, Karch S, Bottcher O, Mutzig C, Weber J, Pfennig R, Galileo Press; 2008. URL: – volume: vol. 5789 start-page: 250 year: 2009 end-page: 267 ident: bib10 article-title: Dynamic enforcement of abstract separation of duty constraints publication-title: Computer security – ESORICS 2009, 14th European symposium on research in computer security, Saint-Malo, France, September 21–23, 2009. Proceedings – year: April 2007 ident: bib36 article-title: Web services business process execution language version 2.0 – volume: 5430 start-page: 149 year: 2009 end-page: 176 ident: bib39 article-title: Security analysis of role based access control models using colored Petri nets and CPNtools publication-title: Trans Comput Sci – volume: vol. 3114 start-page: 496 year: 2004 end-page: 500 ident: bib20 article-title: Sal 2 publication-title: Proc. of 16th international conference on computer aided verification (CAV 2004) – volume: 2 start-page: 65 year: 1999 end-page: 104 ident: bib11 article-title: The specification and enforcement of authorization constraints in workflow management systems publication-title: ACM Trans Inf Syst Secur – year: 2010 ident: bib27 article-title: Understanding SAP Netweaver identity management – volume: vol. 1579 start-page: 193 year: 1999 end-page: 207 ident: bib13 article-title: Symbolic model checking without BDDs publication-title: Proceedings of TACAS'99 – year: 2005 ident: bib4 article-title: The AVISPA tool for the automated validation of Internet security protocols and applications publication-title: CAV'05 – year: 2004 ident: bib28 article-title: SAP Netweaver – start-page: 139 year: 2006 end-page: 149 ident: bib42 article-title: A model-checking approach to analysing organisational controls in a loan origination process publication-title: SACMAT 2006,11th ACM symposium on access control models and technologies, Lake Tahoe, California, USA, June 7–9, 2006, Proceedings – start-page: 201 year: 2007 end-page: 210 ident: bib21 article-title: Formal verification of business workflows and role based access control systems publication-title: SECUREWARE '07 – start-page: 167 year: 2005 end-page: 176 ident: bib24 article-title: Modeling security requirements through ownership, permission and delegation publication-title: Requirements engineering, 2005. Proceedings. 13th IEEE international conference on – start-page: 1 year: 1998 end-page: 16 ident: bib34 article-title: Algorithmic verification of linear temporal logic specifications publication-title: ICALP – year: 1981 ident: bib38 article-title: Petri net theory and the modeling of systems – start-page: 49 year: 2005 end-page: 58 ident: bib9 article-title: Supporting conditional delegation in secure workflow management systems publication-title: SACMAT '05 – volume: vol. 3225 start-page: 219 year: 2004 end-page: 230 ident: bib26 article-title: Model-checking access control policies publication-title: ISC – year: 2011 ident: bib41 article-title: SAP Netweaver business process management – year: 1987 ident: bib17 article-title: A comparison of commercial and military security policies publication-title: Proc. IEEE symp. on security and privacy, Washington DC – reference: . – volume: 23 start-page: 279 year: 1997 end-page: 295 ident: bib31 article-title: The model checker SPIN publication-title: Softw Eng – volume: 16 start-page: 1 year: 2008 end-page: 61 ident: bib47 article-title: Synthesising verified access control systems through model checking publication-title: J Comput Secur – start-page: 765 year: 2008 end-page: 770 ident: bib30 article-title: Security analysis of role-based separation of duty with workflows publication-title: Proceedings of the third international conference on availability, reliability and security (ARES 2008) – reference: Scholer S, Zink O, Galileo Press; 2009. URL: – volume: 12 start-page: 507 year: 2004 end-page: 535 ident: bib46 article-title: Modeling and analyzing of workflow authorization management publication-title: J Netw Syst Manage – year: 2007 ident: bib33 article-title: Human-centric business process management with WebSphere Process Server V6 – start-page: 385 year: 2007 end-page: 396 ident: bib5 article-title: LTL model checking for security protocols publication-title: CSF-20 – year: 2009 ident: bib32 article-title: Coloured Petri Nets: modeling and validation of concurrent system – volume: vol. 3229 start-page: 730 year: 2004 ident: 10.1016/j.cose.2013.10.002_bib1 article-title: SATMC: a SAT-based model checker for security protocols – year: 2004 ident: 10.1016/j.cose.2013.10.002_bib28 – year: 2007 ident: 10.1016/j.cose.2013.10.002_bib36 – start-page: 623 year: 1998 ident: 10.1016/j.cose.2013.10.002_bib25 article-title: An action language based on causal explanation: preliminary report – year: 2009 ident: 10.1016/j.cose.2013.10.002_bib37 – start-page: 1 year: 2009 ident: 10.1016/j.cose.2013.10.002_bib45 article-title: Verification of business process entailment constraints using SPIN – start-page: 174 year: 2006 ident: 10.1016/j.cose.2013.10.002_bib18 article-title: Delegation in role-based access control – start-page: 139 year: 2006 ident: 10.1016/j.cose.2013.10.002_bib42 article-title: A model-checking approach to analysing organisational controls in a loan origination process – volume: vol. 6542 start-page: 29 year: 2011 ident: 10.1016/j.cose.2013.10.002_bib8 article-title: Security validation of business processes via model-checking – start-page: 765 year: 2008 ident: 10.1016/j.cose.2013.10.002_bib30 article-title: Security analysis of role-based separation of duty with workflows doi: 10.1007/11513988_27 – start-page: 385 year: 2007 ident: 10.1016/j.cose.2013.10.002_bib5 article-title: LTL model checking for security protocols – start-page: 38 year: 2005 ident: 10.1016/j.cose.2013.10.002_bib19 article-title: A reference monitor for workflow systems with constrained task execution – start-page: 267 year: 2012 ident: 10.1016/j.cose.2013.10.002_bib7 article-title: The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures – year: 2006 ident: 10.1016/j.cose.2013.10.002_bib15 – year: 2010 ident: 10.1016/j.cose.2013.10.002_bib27 – start-page: 748 year: 2000 ident: 10.1016/j.cose.2013.10.002_bib22 article-title: Planning as satisfiability in nondeterministic domains – volume: 16 start-page: 1 issue: 1 year: 2008 ident: 10.1016/j.cose.2013.10.002_bib47 article-title: Synthesising verified access control systems through model checking publication-title: J Comput Secur doi: 10.3233/JCS-2008-16101 – year: 2007 ident: 10.1016/j.cose.2013.10.002_bib2 article-title: SAT-based model-checking for security protocols analysis – volume: vol. 2404 start-page: 359 year: 2002 ident: 10.1016/j.cose.2013.10.002_bib16 article-title: NuSMV 2: an opensource tool for symbolic model checking – year: 2007 ident: 10.1016/j.cose.2013.10.002_bib33 – start-page: 167 year: 2005 ident: 10.1016/j.cose.2013.10.002_bib24 article-title: Modeling security requirements through ownership, permission and delegation – start-page: 1 year: 1998 ident: 10.1016/j.cose.2013.10.002_bib34 article-title: Algorithmic verification of linear temporal logic specifications – start-page: 1 year: 2008 ident: 10.1016/j.cose.2013.10.002_bib6 article-title: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps – ident: 10.1016/j.cose.2013.10.002_bib43 – start-page: 102 year: 2001 ident: 10.1016/j.cose.2013.10.002_bib35 article-title: Analyzing separation of duties in Petri net workflows – volume: 12 start-page: 507 issue: 4 year: 2004 ident: 10.1016/j.cose.2013.10.002_bib46 article-title: Modeling and analyzing of workflow authorization management publication-title: J Netw Syst Manage doi: 10.1007/s10922-004-0674-3 – volume: vol. 3225 start-page: 219 year: 2004 ident: 10.1016/j.cose.2013.10.002_bib26 article-title: Model-checking access control policies – volume: 23 start-page: 279 issue: 5 year: 1997 ident: 10.1016/j.cose.2013.10.002_bib31 article-title: The model checker SPIN publication-title: Softw Eng doi: 10.1109/32.588521 – volume: vol. 185 start-page: 457 year: 2009 ident: 10.1016/j.cose.2013.10.002_bib14 article-title: Bounded model checking – year: 2011 ident: 10.1016/j.cose.2013.10.002_bib41 – start-page: 49 year: 2005 ident: 10.1016/j.cose.2013.10.002_bib9 article-title: Supporting conditional delegation in secure workflow management systems – year: 1987 ident: 10.1016/j.cose.2013.10.002_bib17 article-title: A comparison of commercial and military security policies – volume: vol. 5491 start-page: 210 year: 2008 ident: 10.1016/j.cose.2013.10.002_bib23 article-title: Petri net security checker: structural non-interference at work – volume: 2 start-page: 65 issue: 1 year: 1999 ident: 10.1016/j.cose.2013.10.002_bib11 article-title: The specification and enforcement of authorization constraints in workflow management systems publication-title: ACM Trans Inf Syst Secur doi: 10.1145/300830.300837 – volume: vol. 1579 start-page: 193 year: 1999 ident: 10.1016/j.cose.2013.10.002_bib13 article-title: Symbolic model checking without BDDs – volume: 5430 start-page: 149 issue: 4 year: 2009 ident: 10.1016/j.cose.2013.10.002_bib39 article-title: Security analysis of role based access control models using colored Petri nets and CPNtools publication-title: Trans Comput Sci – start-page: 201 year: 2007 ident: 10.1016/j.cose.2013.10.002_bib21 article-title: Formal verification of business workflows and role based access control systems – year: 1981 ident: 10.1016/j.cose.2013.10.002_bib38 – volume: 29 start-page: 38 issue: 2 year: 1996 ident: 10.1016/j.cose.2013.10.002_bib40 article-title: Role-based access control models publication-title: Computer doi: 10.1109/2.485845 – start-page: 275 year: 2006 ident: 10.1016/j.cose.2013.10.002_bib12 article-title: Access control and authorization constraints for WS-BPEL – volume: vol. 3114 start-page: 496 year: 2004 ident: 10.1016/j.cose.2013.10.002_bib20 article-title: Sal 2 – volume: vol. 5789 start-page: 250 year: 2009 ident: 10.1016/j.cose.2013.10.002_bib10 article-title: Dynamic enforcement of abstract separation of duty constraints – ident: 10.1016/j.cose.2013.10.002_bib29 – ident: 10.1016/j.cose.2013.10.002_bib44 – year: 2005 ident: 10.1016/j.cose.2013.10.002_bib4 article-title: The AVISPA tool for the automated validation of Internet security protocols and applications – year: 2009 ident: 10.1016/j.cose.2013.10.002_bib32 – volume: vol. 5983 start-page: 66 year: 2010 ident: 10.1016/j.cose.2013.10.002_bib3 article-title: Model checking of security-sensitive business processes
SSID	ssj0017688
Score	2.1339898
Snippet	Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements...
SourceID	proquest pascalfrancis crossref elsevier
SourceType	Aggregation Database Index Database Enrichment Source Publisher
StartPage	1
SubjectTerms	Access Access control Applied sciences Authorization Authorization requirements Authorizations Automatic security analysis Business Computer science; control theory; systems Computer systems and distributed systems. User interface Computer systems performance. Reliability Delegation Economics Exact sciences and technology Information systems. Data bases Loan originations Loans Mathematical models Memory and file management (including protection and security) Memory organisation. Data processing Model checking Organizational control Organizational effectiveness Permission Policies Requirements analysis Security-sensitive business process Software Specification Specifications Studies Time use Workflow
Title	Model checking authorization requirements in business processes
URI	https://dx.doi.org/10.1016/j.cose.2013.10.002 https://www.proquest.com/docview/1494919873 https://www.proquest.com/docview/1531011181 https://www.proquest.com/docview/1541425997 https://www.proquest.com/docview/1677936491
Volume	40
WOSCitedRecordID	wos000331482500002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals 2021 customDbUrl: eissn: 1872-6208 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017688 issn: 0167-4048 databaseCode: AIEXJ dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3Nb9MwFLegQ4CE-CggCmMKEjtVnZrEie0TmqAVoKpw6KTeotixtY7JDXWL9ufzHNtpx0Q1DlyiyHHiyL_n92G_D4TeJ5kgmRR8UEmwTXCFgQ9WhNjMiGmME05F2VQtmZDplM7n7LuvTGeacgJEa3p1xer_CjW0Adg2dPYf4G4_Cg1wD6DDFWCH662At9XNLvuAhfjRBCBu1ufLlY-27K-k9fyVLq5toUMNStOvXcCA9ygMqQt8yQfTEIjxpe52aKTUVQiTMaa0uQ9aVrvUTi-1jsS6tO5jptzdYohx8Ere7jra5OhDlxIzsE2XZcnzvXhHgLo44xus2e0SXJxYP3zrUpeeNF51yVYQhcP36bdifDaZFLPRfHacjuufA1skzB6mH6efHGB30UFCMkY76OD0y2j-tT04AuuJtunc4Y99nJRz6ftz6L_pIo_q0sAKUa60yQ0p3ages6fosbcZolOH9TN0R-ouuh9CFrroScAp8py6ix6EgHPzHH1oKCIKFBFdo4holyKihY4CRUQtRbxAZ-PR7OPnga-bMRA4I-uBzMtEkljmqSTlkAtFVKwqSUWq0gxuYoU5Vrmy6mElQY1RPOM5zishMq64Sl-ijl5q-QpFdIgFlSnjqUowzSvKSpbEmMeUU8xZ3ENxmMFC-KTytrbJZRG8By8KO-uFnXXbBrPeQ_32ndqlVNnbOwvAFF4pdMpeAYS1972jayi2QyUUKAeskB46DLAWfvkaMIQZZnYfDh6_ax8Dx7XHaKWWyw30AbEFUhFU4319MHC6jDGyp09OQDjmMN7rW3znDXq4XZqHqLNebeRbdE_8Wi_M6sgvg9_-Tr0G
linkProvider	Elsevier
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Model+checking+authorization+requirements+in+business+processes&rft.jtitle=Computers+%26+security&rft.au=Armando%2C+Alessandro&rft.au=Ponta%2C+Serena+Elisa&rft.date=2014-02-01&rft.issn=0167-4048&rft.volume=40&rft.spage=1&rft.epage=22&rft_id=info:doi/10.1016%2Fj.cose.2013.10.002&rft.externalDBID=NO_FULL_TEXT
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon