• DocumentCode
    2512796
  • Title

    Formal Analysis of Access Control Policies for Pattern-Based Business Processes

  • Author

    Karimi, Vahid R.

  • Author_Institution
    David R. Cheriton Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON, Canada
  • fYear
    2009
  • fDate
    25-27 Aug. 2009
  • Firstpage
    239
  • Lastpage
    242
  • Abstract
    We propose formal analysis of access control policies associated with business processes. Formal analysis of such policies enables us to investigate certain properties of interest and determine whether they hold. Discovering whether these policies create the intended effects, especially when the number of policies is increased and often composed, can become complex. In addition, we believe that access control policies must be specified in such a way that their integration into business processes is straightforward. Prior research has focused on formal verification of either access control policies or business processes but not viewed the two as an integrated whole. We show an approach in which access control policies and business processes are described using the same foundational building blocks, consequently, integration of access control policies and business processes is significantly less complex. Furthermore, access control policies can now be described by business patterns, and this description may result in discovery of access control patterns that can be used in the future. Finally, our approach through the use of business patterns is capable of modeling access control policies in the same way an access control model does. In addition, these policies can be specified and extended using rules, and in this respect, are akin to a policy language.
  • Keywords
    authorisation; business data processing; formal verification; access control model; access control pattern; access control policy; business pattern; formal analysis; formal verification; pattern-based business process; policy language; Access control; Authorization; Computer security; Engines; Formal verification; Guidelines; Logic programming; Pattern analysis; Permission; Privacy; Access control policy; Resource--Event--Agent (REA); access control model; business pattern; business process; formal analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Privacy, Security, Trust and the Management of e-Business, 2009. CONGRESS '09. World Congress on
  • Conference_Location
    Saint John, NB
  • Print_ISBN
    978-1-4244-5344-3
  • Electronic_ISBN
    978-0-7695-3805-1
  • Type

    conf

  • DOI
    10.1109/CONGRESS.2009.18
  • Filename
    5341693