Formal Analysis of Workflow Systems with Security Considerations

Workflow systems play an essential role in today’s enterprises by providing automatic manipulation of business processes. As an integral part of workflow systems, workflow security has received extensive attentions, within which role-based access control (RBAC) mechanism and separation of duty (SoD) constraints are important topics. RBAC is a natural mechanism to lighten the complexity of security administration, with the basic notion that permissions are associated with roles and users are assigned to appropriate roles. However, to satisfy the complex security policies of workflow systems, SoD constraints are also necessary, which aim at reducing the risk of fraud by not allowing any individual to have sufficient authority within the system to perpetrate a fraud on his own [1]. Currently, most existing approaches to the specification of RBAC mechanism, and especially of SoD constraints are complicated and not suitable for the verification of desired security properties that workflow systems should possess; besides, the workflow process and authorization flow are separated during specification and verification in most approaches. Our goal is to propose appropriate and efficient methods to formally specify and verify workflow systems with such security considerations, and thus prove that execution of any workflow instance will be secure with respect to RBAC and SoD.