Modular Synthesis of Enforcement Mechanisms for the Workflow Satisfiability Problem: Scalability and Reusability

Modularity is an important concept in the design and enactment of workflows. However, supporting the specification and enforcement of authorization in this setting is not straightforward. In this paper, we introduce a notion of component and a combination mechanism for security-sensitive workflows. These are business processes in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (specifying which users can execute which tasks). We show how authorization constraints can also be imposed across components and demonstrate the usefulness of our notion of component by showing (i) the scalability of a technique for the synthesis of run-time monitors for security-sensitive workflows; and (ii) the design of a plug-in for the reuse of workflows and related run-time monitors inside an editor for security-sensitive workflows.

[1]  OI Olivia Oanea Verification of soundness and other properties of business processes , 2007 .

[2]  Jason Crampton A reference monitor for workflow systems with constrained task execution , 2005, SACMAT '05.

[3]  Silvio Ranise,et al.  Modularity for Security-Sensitive Workflows , 2015, ArXiv.

[4]  Gregory Gutin,et al.  On the Workflow Satisfiability Problem with Class-independent Constraints , 2015, IPEC.

[5]  Akhil Kumar,et al.  DW-RBAC: A formal security model of delegation and revocation in workflow systems , 2007, Inf. Syst..

[6]  Wil M. P. van der Aalst,et al.  Workflow Verification: Finding Control-Flow Errors Using Petri-Net-Based Techniques , 2000, Business Process Management.

[7]  A. Udaya Shankar,et al.  An introduction to assertional reasoning for concurrent systems , 1993, CSUR.

[8]  Alessandro Armando,et al.  Model Checking of Security-Sensitive Business Processes , 2009, Formal Aspects in Security and Trust.

[9]  Wil M. P. van der Aalst,et al.  Workflow Patterns , 2003, Distributed and Parallel Databases.

[10]  Wassiou Sitou,et al.  A Formal Model for Work Flows , 2010, 2010 8th IEEE International Conference on Software Engineering and Formal Methods.

[11]  Jim Huan-Pu Kuo,et al.  Authorized workflow schemas Deciding realizability through LTL ( F ) model checking , 2012 .

[12]  Jan Mendling,et al.  Modularity in Process Models: Review and Effects , 2008, BPM.

[13]  Jan Mendling,et al.  Business Process Model and Notation , 2012, Lecture Notes in Business Information Processing.

[14]  Gregory Gutin,et al.  On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem , 2013, TSEC.

[15]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[16]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[17]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[18]  Gregory Gutin,et al.  Valued Workflow Satisfiability Problem , 2015, SACMAT.

[19]  David A. Basin,et al.  Dynamic enforcement of abstract separation of duty constraints , 2009, TSEC.

[20]  Clara Bertolissi,et al.  Automated Synthesis of Run-time Monitors to Enforce Authorization Policies in Business Processes , 2015, AsiaCCS.

[21]  Ivan Markovic,et al.  Towards a Formal Framework for Reuse in Business Process Modeling , 2007, Business Process Management Workshops.

[22]  Silvio Ranise,et al.  Cerberus: Automated Synthesis of Enforcement Mechanisms for Security-Sensitive Business Processes , 2016, TACAS.

[23]  Wil M. P. van der Aalst,et al.  Workflow Patterns , 2004, Distributed and Parallel Databases.

[24]  W. M. P. V. D. Aalsta,et al.  YAWL : yet another workflow language , 2015 .

[25]  Wil M.P. van der Aalst,et al.  YAWL: yet another workflow language , 2005, Inf. Syst..

[26]  Remco M. Dijkman,et al.  Human and automatic modularizations of process models to enhance their comprehension , 2011, Inf. Syst..

[27]  Remco M. Dijkman,et al.  APROMORE: An advanced process model repository , 2011, Expert Syst. Appl..

[28]  Charles Morisset,et al.  Quantitative Workflow Resiliency , 2014, ESORICS.

[29]  Ninghui Li,et al.  Satisfiability and Resiliency in Workflow Authorization Systems , 2010, TSEC.

[30]  Mathias Weske,et al.  Business Process Management: Concepts, Languages, Architectures , 2007 .

[31]  Michael Huth,et al.  Authorized workflow schemas: deciding realizability through \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf{LT , 2013, International Journal on Software Tools for Technology Transfer.

[32]  Gregory Gutin,et al.  Algorithms for the workflow satisfiability problem engineered for counting constraints , 2015, Journal of Combinatorial Optimization.

[33]  Remco M. Dijkman,et al.  On the usefulness of subprocesses in business process models , 2010 .

[34]  Andreas Oberweis,et al.  Analysis of process model reuse: Where are we now, where should we go from here? , 2014, Decis. Support Syst..