Title :
Verifying workflow processes against organization security policies
Author :
Ribeiro, Carlos ; Guedes, Paulo
Author_Institution :
IST/INESC, Portugal
Abstract :
Workflow applications for large complex organizations often need to cross several security domains, each with different management and specific security requirements. The resultant cross-dependency between the workflow specification and the security policy of each domain can be hard to manage without specific tools. This work presents a static analyzer that automatically verifies the consistency between workflow specifications written in WPDL (Workflow Process Definition Language) and organization security policies, written in a security language specially designed to express simultaneously several security policies
Keywords :
business data processing; formal verification; program diagnostics; security of data; workflow management software; WPDL; Workflow Process Definition Language; large complex organizations; management; organization security policies; static analyzer; workflow process verification; workflow specifications; Algebra; Authorization; Electrical capacitance tomography; Engines; Inspection; Operating systems; Process design; Security;
Conference_Titel :
Enabling Technologies: Infrastructure for Collaborative Enterprises, 1999. (WET ICE '99) Proceedings. IEEE 8th International Workshops on
Conference_Location :
Stanford, CA
Print_ISBN :
0-7695-0365-9
DOI :
10.1109/ENABL.1999.805198
