Assisting the Deployment of Security-Sensitive Workflows by Finding Execution Scenarios

To support the re-use of business process models, an emerging trend in Business Process Management, it is crucial to assist customers during deployment. We study how to do this for an important class of business processes, called security-sensitive workflows, in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (constraining which users can execute which tasks). We identify the capability of solving Scenario Finding Problems (SFPs), i.e. finding concrete execution scenarios, as crucial in supporting the re-use of security-sensitive workflows. Solutions of SFPs provide evidence that the business process model can be successfully executed under the policy adopted by the customer. We present a technique for solving two SFPs and validate it on real-world business process models taken from an on-line library.

[1]  Andreas Schaad,et al.  Avoiding Policy-based Deadlocks in Business Processes , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[2]  Mathias Weske,et al.  Business Process Management: Concepts, Languages, Architectures , 2007 .

[3]  Clara Bertolissi,et al.  Automated Synthesis of Run-time Monitors to Enforce Authorization Policies in Business Processes , 2015, AsiaCCS.

[4]  Hanêne Ben-Abdallah,et al.  Literature review of reuse in business process modeling , 2012, Software & Systems Modeling.

[5]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[6]  Alessandro Armando,et al.  Model Checking of Security-Sensitive Business Processes , 2009, Formal Aspects in Security and Trust.

[7]  Michael Huth,et al.  Authorized workflow schemas: deciding realizability through \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf{LT , 2013, International Journal on Software Tools for Technology Transfer.

[8]  Jason Crampton A reference monitor for workflow systems with constrained task execution , 2005, SACMAT '05.

[9]  Jim Huan-Pu Kuo,et al.  Authorized workflow schemas Deciding realizability through LTL ( F ) model checking , 2012 .

[10]  Ninghui Li,et al.  Satisfiability and Resiliency in Workflow Authorization Systems , 2010, TSEC.

[11]  David A. Basin,et al.  Optimal workflow-aware authorizations , 2012, SACMAT '12.

[12]  Yanjiang Yang,et al.  Dynamic Workflow Adjustment with Security Constraints , 2014, DBSec.

[13]  David A. Basin,et al.  Obstruction-Free Authorization Enforcement: Aligning Security with Business Objectives , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[14]  W.M.P. van der Aalst,et al.  Business Process Management: A Comprehensive Survey , 2013 .

[15]  Gregory Gutin,et al.  Iterative Plan Construction for the Workflow Satisfiability Problem , 2013, J. Artif. Intell. Res..

[16]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[17]  Kaushik Roy,et al.  Integrated Systems in the More-than-Moore Era: Designing Low-Cost Energy-Efficient Systems Using Heterogeneous Components , 2010, 2010 23rd International Conference on VLSI Design.

[18]  Wil M.P. van der Aalst,et al.  YAWL: yet another workflow language , 2005, Inf. Syst..

[19]  Mark von Rosing,et al.  Business Process Model and Notation - BPMN , 2015, The Complete Business Process Handbook, Vol. I.

[20]  Gregory Gutin,et al.  On the parameterized complexity of the workflow satisfiability problem , 2012, CCS '12.

[21]  Letizia Tanca,et al.  What you Always Wanted to Know About Datalog (And Never Dared to Ask) , 1989, IEEE Trans. Knowl. Data Eng..

[22]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[23]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[24]  Indrakshi Ray,et al.  Satisfiability Analysis of Workflows with Control-Flow Patterns and Authorization Constraints , 2014, IEEE Transactions on Services Computing.