Process-Aware Information Systems (PAIS) enable the definition, execution, and management of business processes. Typically, processes are specified by control flow, data flow, and users or services, authorized to execute process tasks. During process execution, it is often necessary to access sensitive data such as patient or customer information. To secure this confidential data, the use of se...

Information security policies play an important role in achieving information security. Confidentiality, Integrity, and Availability are classic information security goals attained by enforcing appropriate security policies. Workflow Management Systems (WfMSs) also benefit from inclusion of these policies to maintain the security of business-critical data. However, in typical WfMSs these polici...

for each country, national security in the most urgent and significant value and need, so each government tries to justify its policies and strategies in order to reach and preserve national security. acquiring national security is, people should share national interests by haying health, land integrity, independence, power, credits and all the values generally. they should be sure of this secu...

Organizations typically have multiple security policies operating together in the same system. The integration of multiple policies might be needed to achieve the desired security requirements. Validating this integrated policy is a non-trivial process. This paper addresses the problem of composing, modeling and validating the security policies. We show how the various approaches for composing ...

The key threat to information security is constituted by careless employees who do not comply with information security policies. To ensure that employees comply with organizations’ information security procedures, a number of information security policy compliance measures have been proposed in the past. Prior research has criticized these measures as lacking theoretically and empirically grou...

The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and...

Formal methods for the specification and analysis of security policies have drawn many attention recently. It is now well known that security policies can be represented using rewriting systems. These systems constitute an interesting formalism to prove properties while provides an operational way to evaluate authorization requests. In this paper, we propose to split the expression of security ...