Run-time monitors are crucial to the development of security-aware Workflow management systems, which need to mediate access to their resources by enforcing authorization policies and constraints, such as Separation of Duty. In this paper, we introduce a precise technique to synthesize run-time monitors capable of ensuring the successful termination of Workflows while enforcing authorization policies and constraints. An extensive experimental evaluation shows the scalability of our technique on the important class of hierarchically specified security-sensitive Workflows with several hundreds of tasks.
Automated synthesis of run-time monitors to enforce authorization policies in business processes / Bertolissi, C.; Dos Santos, D. R.; Ranise, S.. - (2015), pp. 297-308. (Intervento presentato al convegno 10th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2015 tenutosi a sgp nel 2015) [10.1145/2714576.2714633].
Automated synthesis of run-time monitors to enforce authorization policies in business processes
Ranise S.
2015-01-01
Abstract
Run-time monitors are crucial to the development of security-aware Workflow management systems, which need to mediate access to their resources by enforcing authorization policies and constraints, such as Separation of Duty. In this paper, we introduce a precise technique to synthesize run-time monitors capable of ensuring the successful termination of Workflows while enforcing authorization policies and constraints. An extensive experimental evaluation shows the scalability of our technique on the important class of hierarchically specified security-sensitive Workflows with several hundreds of tasks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione