We introduce a new class of analysis problems, called Scenario Finding Problems (SFPs), for security-sensitive business processes that - besides execution constraints on tasks - define access control policies (constraining which users can execute which tasks) and authorization constraints (such as Separation of Duty). The solutions to SFPs are concrete execution scenarios that assist customers in the reuse and deployment of security-sensitive workflows. We study the relationship of SFPs to well-known properties of security-sensitive processes such as Workflow Satisfiability and Resiliency together with their complexity. Finally, we present a symbolic approach to solving SFPs and describe our experience with a prototype implementation on real-world business process models taken from an on-line library.
Automatically finding execution scenarios to deploy security-sensitive workflows / Dos Santos, D. R.; Ranise, S.; Compagna, L.; Ponta, S. E.. - In: JOURNAL OF COMPUTER SECURITY. - ISSN 0926-227X. - 25:3(2017), pp. 255-282. [10.3233/JCS-16894]
Automatically finding execution scenarios to deploy security-sensitive workflows
Ranise S.;
2017-01-01
Abstract
We introduce a new class of analysis problems, called Scenario Finding Problems (SFPs), for security-sensitive business processes that - besides execution constraints on tasks - define access control policies (constraining which users can execute which tasks) and authorization constraints (such as Separation of Duty). The solutions to SFPs are concrete execution scenarios that assist customers in the reuse and deployment of security-sensitive workflows. We study the relationship of SFPs to well-known properties of security-sensitive processes such as Workflow Satisfiability and Resiliency together with their complexity. Finally, we present a symbolic approach to solving SFPs and describe our experience with a prototype implementation on real-world business process models taken from an on-line library.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione