Verifying workflow processes against organization security policies

Abstract

Workflow applications for large complex organizations often need to cross several security domains, each with different management and specific security requirements. The resultant cross-dependency between the workflow specification and the security policy of each domain can be hard to manage without specific tools. This work presents a static analyzer that automatically verifies the consistency between workflow specifications written in WPDL (Workflow Process Definition Language) and organization security policies, written in a security language specially designed to express simultaneously several security policies.