Cerberus is a tool to automatically synthesize run-time enforcement mechanisms for security-sensitive Business Processes (BPs). The tool is capable of guaranteeing that the execution constraints EC on the tasks together with the authorization policy AP and the authorization constraints AC are satisfied while ensuring that the process can successfully terminate. Cerberus can be easily integrated in many workflow management systems, it is transparent to process designers, and does not require any knowledge beyond usual BP modeling. The tool works in two phases. At design-time, the enforcement mechanism M, parametric in the authorization policy AP, is generated from EC and AC; M can thus be used with any instance of the same BP provided that EC and AC are left unchanged. At run-time, a specific authorization policy is added to M, thereby obtaining an enforcement mechanism M ∗ dedicated to a particular instance of the security-sensitive business process. To validate our approach, we discuss the implementation and usage of Cerberus in the SAP HANA Operational Intelligence platform.

Cerberus: Automated synthesis of enforcement mechanisms for security-sensitive business processes / Compagna, L.; dos Santos, D. R.; Ponta, S. E.; Ranise, S.. - 9636:(2016), pp. 567-572. (Intervento presentato al convegno 22nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2016 and held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016 tenutosi a nld nel 2016) [10.1007/978-3-662-49674-9_36].

Cerberus: Automated synthesis of enforcement mechanisms for security-sensitive business processes

Ranise S.
2016-01-01

Abstract

Cerberus is a tool to automatically synthesize run-time enforcement mechanisms for security-sensitive Business Processes (BPs). The tool is capable of guaranteeing that the execution constraints EC on the tasks together with the authorization policy AP and the authorization constraints AC are satisfied while ensuring that the process can successfully terminate. Cerberus can be easily integrated in many workflow management systems, it is transparent to process designers, and does not require any knowledge beyond usual BP modeling. The tool works in two phases. At design-time, the enforcement mechanism M, parametric in the authorization policy AP, is generated from EC and AC; M can thus be used with any instance of the same BP provided that EC and AC are left unchanged. At run-time, a specific authorization policy is added to M, thereby obtaining an enforcement mechanism M ∗ dedicated to a particular instance of the security-sensitive business process. To validate our approach, we discuss the implementation and usage of Cerberus in the SAP HANA Operational Intelligence platform.
2016
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
HEIDELBERGER PLATZ 3, D-14197 BERLIN, GERMANY
Springer Verlag
978-3-662-49673-2
978-3-662-49674-9
Compagna, L.; dos Santos, D. R.; Ponta, S. E.; Ranise, S.
Cerberus: Automated synthesis of enforcement mechanisms for security-sensitive business processes / Compagna, L.; dos Santos, D. R.; Ponta, S. E.; Ranise, S.. - 9636:(2016), pp. 567-572. (Intervento presentato al convegno 22nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2016 and held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016 tenutosi a nld nel 2016) [10.1007/978-3-662-49674-9_36].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333314
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 2
social impact