Automatic information flow analysis of business process models

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7481 LNCS, Issue , 2012, Pages 172-187

  Accorsi, Rafael ^a   Lehmann, Andreas ^b  

^a UNIVERSITY OF FREIBURG   (Germany)

^b UNIVERSITY OF ROSTOCK   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATIC INFORMATION; BUSINESS PROCESS MODEL; INDUSTRIAL PROCESSS; INFORMATION FLOW ANALYSIS; INFORMATION FLOW CONTROL; MODEL-CHECKING ALGORITHMS; NON INTERFERENCE; PROCESS MODEL; REACHABILITY; STATE OF THE ART;

MODEL CHECKING; PETRI NETS;

ENTERPRISE RESOURCE MANAGEMENT;

EID: 84866391692     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-32885-5_13     Document Type: Conference Paper

References (38)

1. van der Aalst, W.M.P.: The application of Petri nets to workflow management. Journal of Circuits, Systems and Computers 8(1), 21-66 (1998)
2. Accorsi, R., Lowis, L., Sato, Y.: Automated certification for compliant cloud-based business processes. Bus. & Information Systems Eng. 3(3), 145-154 (2011)
3. Accorsi, R., Wonnemann, C.: Strong non-leak guarantees for workflow models. In: ACM Symposium on Applied Computing, pp. 308-314. ACM (2011)
4. Accorsi, R., Wonnemann, C.: InDico: Information Flow Analysis of Business Processes for Confidentiality Requirements. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 194-209. Springer, Heidelberg (2011)
5. Accorsi, R., Wonnemann, C., Dochow, S.: SWAT: A security workflow toolkit for reliably secure process-aware information systems. In: Conference on Availability, Reliability and Security, pp. 692-697. IEEE (2011)
6. Accorsi, R., Wonnemann, C., Stocker, T.: Towards forensic data flow analysis of business process logs. In: Incident Management and Forensics, pp. 94-110. IEEE (2011)
7. Anderson, R.: Security engineering. Wiley (2008)
8. Armando, A., Ranise, S.: Automated Analysis of Infinite State Workflows with Access Control Policies. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 157-174. Springer, Heidelberg (2012)
9. Atluri, V., Chun, S.A., Mazzoleni, P.: A Chinese Wall security model for decentralized workflow systems. In: ACM Computer & Communication Security, pp. 48-57. ACM (2001)
10. Atluri, V., Warner, J.: Security for workflow systems. In: Handbook of Database Security, pp. 213-230. Springer (2008)
11. Attali, I., Caromel, D., Henrio, L., Aguila, F.: Secured information flow for asynchronous sequential processes. Electr. Notes Theor. Comput. Sci. 180(1), 17-34 (2007)
12. Barkaoui, K., Ayed, R.B., Boucheneb, H., Hicheur, A.: Verification of workflow processes under multilevel security considerations. In: Risks and Security of Internet and Systems, pp. 77-84. IEEE (2008)
13. Bell, D., LaPadula, L.: Secure Computer Systems: Mathematical Foundations. MITRE Corporation (1973)
14. Busi, N., Gorrieri, R.: Structural non-interference in elementary and trace nets. Mathematical Structures in Computer Science 19(6), 1065-1090 (2009)
15. Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236-243 (1976)
16. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504-513 (1977)
17. Fahland, D., Favre, C., Koehler, J., Lohmann, N., Völzer, H., Wolf, K.: Analysis on demand: Instantaneous soundness checking of industrial business process models. Data Knowl. Eng. 70(5), 448-466 (2011)
18. Focardi, R., Gorrieri, R.: Classification of Security Properties. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331-396. Springer, Heidelberg (2001)
19. Frau, S., Gorrieri, R., Ferigato, C.: Petri Net Security Checker: Structural Noninterference at Work. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 210-225. Springer, Heidelberg (2009)
20. Gorrieri, R., Vernali, M.: On Intransitive Non-interference in Some Models of Concurrency. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 125-151. Springer, Heidelberg (2011)
21. Harris, W., Kidd, N., Chaki, S., Jha, S., Reps, T.W.: Verifying Information Flow Control over Unbounded Processes. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 773-789. Springer, Heidelberg (2009)
22. Huang, H., Kirchner, H.: Formal specification and verification of modular security policy based on colored Petri nets. IEEE Trans. Dependable Sec. Comput. 8(6), 852-865 (2011)
23. ISO/IEC Information Security Management System 27001 (2005), http://www.27000.org/iso-27001.html (last accessed in June 2012)
24. Juszczyszyn, K.: Verifying enterprise's mandatory access control policies with coloured Petri nets. In: Enabling Technologies, pp. 184-189. IEEE (2003)
25. Katt, B., Zhang, X., Hafner, M.: Towards a Usage Control Policy Specification with Petri Nets. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2009, Part II. LNCS, vol. 5871, pp. 905-912. Springer, Heidelberg (2009)
26. Kovács, M., Seidl, H.: Runtime Enforcement of Information Flow Security in Tree Manipulating Processes. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol. 7159, pp. 46-59. Springer, Heidelberg (2012)
27. Lohmann, N., Mennicke, S., Sura, C.: The Petri Net API: A collection of Petri net-related functions. In: Algorithms and Tools for Petri Nets. CEUR Workshop Proc., vol. 643, pp. 148-155. CEUR-WS.org (2010)
28. Lohmann, N., Verbeek, E., Dijkman, R.: Petri Net Transformations for Business Processes - A Survey. In: Jensen, K., van der Aalst, W.M.P. (eds.) ToPNoC II. LNCS, vol. 5460, pp. 46-63. Springer, Heidelberg (2009)
29. Lohmann, N., Wolf, K.: How to Implement a Theory of Correctness in the Area of Business Processes and Services. In: Hull, R., Mendling, J., Tai, S. (eds.) BPM 2010. LNCS, vol. 6336, pp. 61-77. Springer, Heidelberg (2010)
30. Lowis, L., Accorsi, R.: Vulnerability analysis in SOA-based business processes. IEEE T. Services Computing 4(3), 230-242 (2011)
31. Murata, T.: Petri nets: Properties, analysis and applications. Proc. IEEE 77(4), 541-580 (1989)
32. Pfeiffer, S., Unger, S., Timmermann, D., Lehmann, A.: Secure Information Flow Awareness for Smart Wireless eHealth Systems. In: Multi-Conference on Systems, Signals and Devices. IEEE (2012)
33. Röhrig, S., Knorr, K.: Security analysis of electronic business processes. Electronic Commerce Research 4(1-2), 59-81 (2004)
34. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5-19 (2003)
35. Shafiq, B., Masood, A., Joshi, J., Ghafoor, A.: A role-based access control policy verification framework for real-time systems. In: Object-Oriented Real-Time Dependable Systems, pp. 13-20. IEEE (2005)
36. Trusted Computer Security Evaluation Criteria, DoD (1983), http://csrc.nist.gov/publications/history/dod85.pdf (last accessed in June 2012)
37. Wolf, K.: Generating Petri Net State Spaces. In: Kleijn, J., Yakovlev, A. (eds.) ICATPN 2007. LNCS, vol. 4546, pp. 29-42. Springer, Heidelberg (2007)
38. Zhang, Z.-L., Hong, F., Xiao, H.-J.: Verification of strict integrity policy via Petri nets. In: Conference on Systems and Networks Communications, p. 23 (2006)