A model-checking approach to analysing organisational controls in a loan origination process

Abstract: ABSTRACT

“…Our approach provides the user with a level of abstraction which is much closer to the process being modeled and provides a number of important advantages including (i) the separate specification of the workflow and of the access control policy and (ii) the formal specification of the security properties as LTL formulae that specify the allowed behavior of the access-controlled workflow system. This is not the case in the approach presented in [1], where even small changes in the workflow or in the access control policy may affect the specification of the whole transition system and the specification of the security property is relative to the (low level) transition system. In our approach the compilation of the access controlled workflow system and of the expected security properties into the corresponding planning system and properties (resp.)…”

“…SoD amounts to requiring that some critical tasks are executed by different agents. This can be achieved by constraining the assignment of roles (Static SoD), their activation (Dynamic SoD) or even the execution of tasks [1]. In this paper we focus on Object-based SoD (ObjSoD) and Operational SoD (OpSoD).…”

“…An approach to the automatic analysis of security-sensitive business processes is put forward in [1]. The paper shows that business processes with RBAC policies and delegation can be formally specified as transition systems and that SoD properties can be formally expressed as LTL formulae specifying the allowed behaviors of the transition systems.…”

“…A natural question is whether model checking can be profitably used for the automatic analysis of security-sensitive business processes. Previous works [1][2][3] provide a positive answer to this question by showing that business processes under authorization constraints can be formally specified as transition systems and automatically analyzed by model checkers taken off the shelf. However the manual definition of the transition system starting from the workflow and the associated security policy is a complex and error-prone activity, which-if not carried out correctly-may undermine the significance of the whole method.…”

Model Checking of Security-Sensitive Business Processes

“…Our approach provides the user with a level of abstraction which is much closer to the process being modeled and provides a number of important advantages including (i) the separate specification of the workflow and of the access control policy and (ii) the formal specification of the security properties as LTL formulae that specify the allowed behavior of the access-controlled workflow system. This is not the case in the approach presented in [1], where even small changes in the workflow or in the access control policy may affect the specification of the whole transition system and the specification of the security property is relative to the (low level) transition system. In our approach the compilation of the access controlled workflow system and of the expected security properties into the corresponding planning system and properties (resp.)…”

“…SoD amounts to requiring that some critical tasks are executed by different agents. This can be achieved by constraining the assignment of roles (Static SoD), their activation (Dynamic SoD) or even the execution of tasks [1]. In this paper we focus on Object-based SoD (ObjSoD) and Operational SoD (OpSoD).…”

“…An approach to the automatic analysis of security-sensitive business processes is put forward in [1]. The paper shows that business processes with RBAC policies and delegation can be formally specified as transition systems and that SoD properties can be formally expressed as LTL formulae specifying the allowed behaviors of the transition systems.…”

“…A natural question is whether model checking can be profitably used for the automatic analysis of security-sensitive business processes. Previous works [1][2][3] provide a positive answer to this question by showing that business processes under authorization constraints can be formally specified as transition systems and automatically analyzed by model checkers taken off the shelf. However the manual definition of the transition system starting from the workflow and the associated security policy is a complex and error-prone activity, which-if not carried out correctly-may undermine the significance of the whole method.…”

Model Checking of Security-Sensitive Business Processes

“…Schaad et al [34] also verify separation of duty properties in the context of a work flow process utilizing an RBAC system. The goal of this work is to identify a sequence of delegations and revocations that may place a principal into two or more roles that would be characterized as unsafe.…”

Formal verification of security properties in trust management policy

Security for Workflow Systems