Information flow control for workflow management systems

Workflow management plays an important role in analyzing and automating business processes. Security requirements in workflow management systems are typicallymapped to (role-based) access control configurations. This paper focuses on information flow control, taking into account implicit information leaks. The presented approach operates on a specification level in which no executable programis available yet. We illustrate the modeling of a workflowmanagement systemas a composition of state-event systems, each representing one of the activities of the workflow. This facilitates distributed deployment and eases verification by splitting up the verification of the overall system into verification of the individual components. Confidentiality requirements are modeled in terms of information flow predicates using the MAKS framework and verified following existing decomposition methodologies, which are adapted for open systems with ongoing user interaction. We discuss the interaction with other security requirements, notably separation of duty.