Title :
Verification of Workflow processes under multilevel security considerations
Author :
Barkaoui, Kamel ; Ben Ayed, R. ; Boucheneb, Hanifa ; Hicheur, Awatef
Author_Institution :
CEDRIC-CNAM, Paris
Abstract :
Traditional modelling and analysis of workflow aims at verifying the correctness of its control flow. When dealing with workflow security, the compliance of information flow with the adopted security policies needs also to be analyzed. In this paper, we propose a two-steps verification approach. While the first step is concerned by soundness of the workflow, the second one is concerned by the data consistency with respect to a multilevel security policy where the granting of access rights to objects by the workflow system is done according to information flow rules of Bell-LaPadula model. Our approach is based on the ECATNet formalism. It offers means to incorporate the security constraints on information flow into an initial WF net modeling the control flow of a workflow specification. We then show how to analyze the impact of the security rules on the whole Workflow through the model checker of the MAUDE environment and how to relax them before producing the correct specification and submitting it to the workflow system.
Keywords :
Petri nets; algebra; authorisation; formal specification; program verification; workflow management software; Bell-LaPadula model; MAUDE environment; Petri net; access right; control flow correctness; data consistency; extended concurrent algebraic term net; information flow security; model checker; multilevel security policy; workflow process verification; workflow specification; Access control; Control systems; Data security; Information security; Internet; Multilevel systems; Permission; Petri nets; Software systems; Workflow management software;
Conference_Titel :
Risks and Security of Internet and Systems, 2008. CRiSIS '08. Third International Conference on
Conference_Location :
Tozeur
Print_ISBN :
978-1-4244-3309-4
DOI :
10.1109/CRISIS.2008.4757466
