DocumentCode
2512796
Title
Formal Analysis of Access Control Policies for Pattern-Based Business Processes
Author
Karimi, Vahid R.
Author_Institution
David R. Cheriton Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON, Canada
fYear
2009
fDate
25-27 Aug. 2009
Firstpage
239
Lastpage
242
Abstract
We propose formal analysis of access control policies associated with business processes. Formal analysis of such policies enables us to investigate certain properties of interest and determine whether they hold. Discovering whether these policies create the intended effects, especially when the number of policies is increased and often composed, can become complex. In addition, we believe that access control policies must be specified in such a way that their integration into business processes is straightforward. Prior research has focused on formal verification of either access control policies or business processes but not viewed the two as an integrated whole. We show an approach in which access control policies and business processes are described using the same foundational building blocks, consequently, integration of access control policies and business processes is significantly less complex. Furthermore, access control policies can now be described by business patterns, and this description may result in discovery of access control patterns that can be used in the future. Finally, our approach through the use of business patterns is capable of modeling access control policies in the same way an access control model does. In addition, these policies can be specified and extended using rules, and in this respect, are akin to a policy language.
Keywords
authorisation; business data processing; formal verification; access control model; access control pattern; access control policy; business pattern; formal analysis; formal verification; pattern-based business process; policy language; Access control; Authorization; Computer security; Engines; Formal verification; Guidelines; Logic programming; Pattern analysis; Permission; Privacy; Access control policy; Resource--Event--Agent (REA); access control model; business pattern; business process; formal analysis;
fLanguage
English
Publisher
ieee
Conference_Titel
Privacy, Security, Trust and the Management of e-Business, 2009. CONGRESS '09. World Congress on
Conference_Location
Saint John, NB
Print_ISBN
978-1-4244-5344-3
Electronic_ISBN
978-0-7695-3805-1
Type
conf
DOI
10.1109/CONGRESS.2009.18
Filename
5341693
Link To Document