Abstract
We present an approach to the formal specification and automatic analysis of business processes under authorization constraints based on the action language \(\cal{C}\). The use of \(\cal{C}\) allows for a natural and concise modeling of the business process and the associated security policy and for the automatic analysis of the resulting specification by using the Causal Calculator (CCALC). Our approach improves upon previous work by greatly simplifying the specification step while retaining the ability to perform a fully automatic analysis. To illustrate the effectiveness of the approach we describe its application to a version of a business process taken from the banking domain and use CCALC to determine resource allocation plans complying with the security policy.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This work was partially supported by the FP7-ICT-2007-1 Project no. 216471, “AVANTSSAR: Automated Validation of Trust and Security of Service-oriented Architectures” ( www.avantssar.eu ).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Schaad, A., Lotz, V., Sohr, K.: A model-checking approach to analysing organisational controls in a loan origination process. In: SACMAT 2006, pp. 139–149. ACM, New York (2006)
Cerone, A., Xiangpeng, Z., Krishnan, P.: Modelling and resource allocation planning of BPEL workflows under security constraints. Technical Report 336, UNU-IIST (2006), http://www.iist.unu.edu/
Giunchiglia, E., Lifschitz, V.: An action language based on causal explanation: Preliminary report. In: AAAI 1998, pp. 623–630. AAAI Press, Menlo Park (1998)
Texas Action Group at Austin: The causal calculator (2008), http://www.cs.utexas.edu/users/tag/cc/
Peterson, J.L.: Petri Net Theory and the Modeling of Systems. Prentice Hall PTR, Upper Saddle River (1981)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Chirichiello, A.: Two Formal Approaches for Web Services: Process Algebras & Action Languages. PhD thesis, “Sapienza” University of Roma (2008)
Koksal, P., Cicekli, N.K., Toroslu, I.H.: Specification of workflow processes using the action description language \(\mathcal{C}\). In: AAAI Spring 2001 Symposium Series: Answer Set Programming, pp. 103–109 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Armando, A., Giunchiglia, E., Ponta, S.E. (2009). Formal Specification and Automatic Analysis of Business Processes under Authorization Constraints: An Action-Based Approach. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2009. Lecture Notes in Computer Science, vol 5695. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03748-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-03748-1_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03747-4
Online ISBN: 978-3-642-03748-1
eBook Packages: Computer ScienceComputer Science (R0)