Possibilistic Information Flow Control for Workflow Management Systems

被引：0

作者：

Bauereiss, Thomas ^{[1
]}

Hutter, Dieter ^{[1
]}

机构：

[1] German Res Ctr Artificial Intelligence DFKI, Bibliothekstr 1, D-28359 Bremen, Germany

来源：

ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE | 2014年 / 148期

关键词：

D O I：

10.4204/EPTCS.148.4

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and associated security requirements. We present an approach for formally verifying that a workflow satisfies such security requirements. For this purpose, we define the semantics of a workflow as a state-event system and formalise security properties in a trace-based way, i.e. on an abstract level without depending on details of enforcement mechanisms such as Role-Based Access Control (RBAC). This formal model then allows us to build upon well-known verification techniques for information flow control. We describe how a compositional verification methodology for possibilistic information flow can be adapted to verify that a specification of a distributed workflow management system satisfies security requirements on both data and processes.

引用

页码：47 / 62

页数：16

共 50 条

[41] Towards temporal information in workflow systems
Combi, C
Pozzi, G
[J]. ADVANCED CONCEPTUAL MODELING TECHNIQUES, 2003, 2784 : 13 - 25
[42] Re-configuring workflow management systems to facilitate a "Smooth flow of work"
Reijers, H. A.
Poelmans, S.
[J]. INTERNATIONAL JOURNAL OF COOPERATIVE INFORMATION SYSTEMS, 2007, 16 (02) : 155 - 175
[43] On some problems while writing an engine for flow control in workflow management software
Milasinovic, Boris
Fertalj, Kresimir
Nizetic, Ivana
[J]. PROCEEDINGS OF THE ITI 2007 29TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY INTERFACES, 2007, : 489 - +
[44] Diagnostic Information for Control-Flow Analysis of Workflow Graphs (a.k.a. Free-Choice Workflow Nets)
Favre, Cedric
Voelzer, Hagen
Mueller, Peter
[J]. TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS (TACAS 2016), 2016, 9636 : 463 - 479
[45] Compatibility of Safety Properties and Possibilistic Information Flow Security in MAKS
Bauereiss, Thomas
Hutter, Dieter
[J]. ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, IFIP TC 11 INTERNATIONAL CONFERENCE, SEC 2014, 2014, 428 : 250 - 263
[46] Information systems quality in management accounting and management control effectiveness
Papiorek, Kevin L.
Hiebl, Martin R. W.
[J]. JOURNAL OF ACCOUNTING AND ORGANIZATIONAL CHANGE, 2024, 20 (03): : 433 - 458
[47] Discounted cash flow of anesthesia information management systems
Sinclair, David R.
[J]. JOURNAL OF CLINICAL ANESTHESIA, 2012, 24 (07) : 603 - 604
[48] Information systems for material flow management in construction processes
Mesaros, P.
Mandicak, T.
[J]. INTERNATIONAL SCIENTIFIC CONFERENCE OF YOUNG SCIENTISTS: ADVANCED MATERIALS IN CONSTRUCTION AND ENGINEERING, 2015, 71
[49] Controlling information access in workflow management systems using RBAC-based model
Chou, Shih-Chien
Wu, Chien-Jung
[J]. JOURNAL OF THE CHINESE INSTITUTE OF ENGINEERS, 2007, 30 (02) : 331 - 336
[50] Flexible process control a neuro-fuzzy approach to workflow management systems
Schulz, K
Frank, H
Winterhalder, D
Gundel, M
[J]. IECON '98 - PROCEEDINGS OF THE 24TH ANNUAL CONFERENCE OF THE IEEE INDUSTRIAL ELECTRONICS SOCIETY, VOLS 1-4, 1998, : 56 - 60

← 1 2 3 4 5 →