Model checking authorization requirements in business processes

Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Computers & security Ročník 40; s. 1 - 22
Hlavní autori: Armando, Alessandro, Ponta, Serena Elisa
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Amsterdam Elsevier Ltd 01.02.2014
Elsevier
Elsevier Sequoia S.A
Predmet:
Access
Access control
Applied sciences
Authorization
Authorization requirements
Authorizations
Automatic security analysis
Business
Computer science; control theory; systems
Computer systems and distributed systems. User interface
Computer systems performance. Reliability
Delegation
Economics
Exact sciences and technology
Information systems. Data bases
Loan originations
Loans
Mathematical models
Memory and file management (including protection and security)
Memory organisation. Data processing
Model checking
Organizational control
Organizational effectiveness
Permission
Policies
Requirements analysis
Security-sensitive business process
Software
Specification
Specifications
Studies
Time use
Workflow
Access control
Model checking
Authorization requirements
Security-sensitive business process
Organizational control
Automatic security analysis
Groupware
Legislation
Workflow
Integrated management
Delegation
Program verification
Role-based access control
Business process
Loan
Duty separation
Formal specification
Static analysis
Licence procedure
Firm management
Automatic analysis
Computer security
ISSN:0167-4048, 1872-6208
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work showed that model checking can be profitably used to check authorization requirements in business processes. However, building formal models that simultaneously account for both the workflow and the access control policy is a time consuming and error-prone activity. In this paper we present a new approach to model checking authorization requirements in business processes that allows for the separate specification of the workflow and of the associated access control policy while retaining the ability to carry out a fully automatic analysis of the business process. To illustrate the effectiveness of the approach we describe its application to a Loan Origination Process subject to an RBAC access control policy featuring conditional permission assignments and delegation.
Bibliografia:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-2
content type line 23
ObjectType-Article-1
ObjectType-Feature-2
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2013.10.002