业务工作流和基于角色的访问控制系统的正式验证

The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007) Pub Date : 2007-10-14 DOI:10.1109/SECUREWARE.2007.4385334

A. Dury, S. Boroday, A. Petrenko, V. Lotz

{"title":"业务工作流和基于角色的访问控制系统的正式验证","authors":"A. Dury, S. Boroday, A. Petrenko, V. Lotz","doi":"10.1109/SECUREWARE.2007.4385334","DOIUrl":null,"url":null,"abstract":"An approach for combined modeling of role-based access control systems (RBAC) together with business workflows is presented. The model allows to model check various security properties. Several techniques to confine the state explosion, which may occur during model checking are presented and experimentally evaluated using the model checker Spin. The techniques allow the verification of the business workflow and associated RBAC for a reasonable number of users of a medium sized company.","PeriodicalId":257937,"journal":{"name":"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Formal Verification of Business Workflows and Role Based Access Control Systems\",\"authors\":\"A. Dury, S. Boroday, A. Petrenko, V. Lotz\",\"doi\":\"10.1109/SECUREWARE.2007.4385334\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An approach for combined modeling of role-based access control systems (RBAC) together with business workflows is presented. The model allows to model check various security properties. Several techniques to confine the state explosion, which may occur during model checking are presented and experimentally evaluated using the model checker Spin. The techniques allow the verification of the business workflow and associated RBAC for a reasonable number of users of a medium sized company.\",\"PeriodicalId\":257937,\"journal\":{\"name\":\"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-10-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECUREWARE.2007.4385334\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECUREWARE.2007.4385334","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

摘要

提出了一种基于角色的访问控制系统(RBAC)与业务工作流相结合的建模方法。该模型允许对各种安全属性进行建模检查。提出了几种约束模型校核过程中可能发生的状态爆炸的技术，并利用模型校核器自旋进行了实验评价。这些技术允许为中等规模公司的合理数量的用户验证业务工作流和相关的RBAC。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Formal Verification of Business Workflows and Role Based Access Control Systems

An approach for combined modeling of role-based access control systems (RBAC) together with business workflows is presented. The model allows to model check various security properties. Several techniques to confine the state explosion, which may occur during model checking are presented and experimentally evaluated using the model checker Spin. The techniques allow the verification of the business workflow and associated RBAC for a reasonable number of users of a medium sized company.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)

自引率

0.00%

发文量