在多级安全考虑下验证工作流过程

2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI:10.1109/CRISIS.2008.4757466

Kamel Barkaoui, R. Ayed, H. Boucheneb, A. Hicheur

{"title":"在多级安全考虑下验证工作流过程","authors":"Kamel Barkaoui, R. Ayed, H. Boucheneb, A. Hicheur","doi":"10.1109/CRISIS.2008.4757466","DOIUrl":null,"url":null,"abstract":"Traditional modelling and analysis of workflow aims at verifying the correctness of its control flow. When dealing with workflow security, the compliance of information flow with the adopted security policies needs also to be analyzed. In this paper, we propose a two-steps verification approach. While the first step is concerned by soundness of the workflow, the second one is concerned by the data consistency with respect to a multilevel security policy where the granting of access rights to objects by the workflow system is done according to information flow rules of Bell-LaPadula model. Our approach is based on the ECATNet formalism. It offers means to incorporate the security constraints on information flow into an initial WF net modeling the control flow of a workflow specification. We then show how to analyze the impact of the security rules on the whole Workflow through the model checker of the MAUDE environment and how to relax them before producing the correct specification and submitting it to the workflow system.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Verification of Workflow processes under multilevel security considerations\",\"authors\":\"Kamel Barkaoui, R. Ayed, H. Boucheneb, A. Hicheur\",\"doi\":\"10.1109/CRISIS.2008.4757466\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Traditional modelling and analysis of workflow aims at verifying the correctness of its control flow. When dealing with workflow security, the compliance of information flow with the adopted security policies needs also to be analyzed. In this paper, we propose a two-steps verification approach. While the first step is concerned by soundness of the workflow, the second one is concerned by the data consistency with respect to a multilevel security policy where the granting of access rights to objects by the workflow system is done according to information flow rules of Bell-LaPadula model. Our approach is based on the ECATNet formalism. It offers means to incorporate the security constraints on information flow into an initial WF net modeling the control flow of a workflow specification. We then show how to analyze the impact of the security rules on the whole Workflow through the model checker of the MAUDE environment and how to relax them before producing the correct specification and submitting it to the workflow system.\",\"PeriodicalId\":346123,\"journal\":{\"name\":\"2008 Third International Conference on Risks and Security of Internet and Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Third International Conference on Risks and Security of Internet and Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CRISIS.2008.4757466\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Third International Conference on Risks and Security of Internet and Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CRISIS.2008.4757466","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

传统的工作流建模和分析旨在验证其控制流程的正确性。在处理工作流安全性时，还需要分析信息流与所采用的安全策略的遵从性。在本文中，我们提出了一种两步验证方法。第一步关注工作流的稳健性，第二步关注多级安全策略的数据一致性，其中工作流系统根据Bell-LaPadula模型的信息流规则授予对象访问权限。我们的方法是基于ECATNet的形式化。它提供了将信息流上的安全约束合并到对工作流规范的控制流建模的初始WF网络中的方法。然后，我们将展示如何通过MAUDE环境的模型检查器分析安全规则对整个工作流的影响，以及如何在生成正确的规范并将其提交给工作流系统之前放松它们。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Verification of Workflow processes under multilevel security considerations

Traditional modelling and analysis of workflow aims at verifying the correctness of its control flow. When dealing with workflow security, the compliance of information flow with the adopted security policies needs also to be analyzed. In this paper, we propose a two-steps verification approach. While the first step is concerned by soundness of the workflow, the second one is concerned by the data consistency with respect to a multilevel security policy where the granting of access rights to objects by the workflow system is done according to information flow rules of Bell-LaPadula model. Our approach is based on the ECATNet formalism. It offers means to incorporate the security constraints on information flow into an initial WF net modeling the control flow of a workflow specification. We then show how to analyze the impact of the security rules on the whole Workflow through the model checker of the MAUDE environment and how to relax them before producing the correct specification and submitting it to the workflow system.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 Third International Conference on Risks and Security of Internet and Systems

自引率

0.00%

发文量