Abstract
Separation of Duties (SoD) is the concept that conflicting activities cannot be assigned to the same individual. A goal of SoD is to separate roles and responsibilities to reduce the risk of fraud or error. We consider the problem of verifying SoD constraints in the presence of uncertain information. We demonsrate the feasibility of implementing probabilistic model checking in a business process design with a case study. Modeling and verification is done with the probabilistic model checker PRISM.
This work was supported in part by the “Concept for the Future” of Karlsruhe Institute of Technology within the framework of the German Excellence Initiative.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Knorr, K., Weidner, H.: Analyzing separation of duties in petri net workflows. In: MMM-ACNS, pp. 102–114 (2001)
Lawrence, L.G.: The role of roles. Computers and Security 12(1), 15–21 (1993)
Mendt, T., Sinz, C., Tveretina, O.: Probabilistic Model Checking of Constraints in a Supply Chain Business Process. In: Abramowicz, W. (ed.) BIS 2011. LNBIP, vol. 87, pp. 1–12. Springer, Heidelberg (2011)
Wynn, M.T., Verbeek, H.M.W., Aalst, W.M.P., Ter Hofstede, A.H.M., Edmond, D.: Business process verification - finally a reality! Business Process Management Journal 15(1), 74–92 (2007)
Janssen, W., Mateescu, R., Mauw, S., Springintveld, J.: Verifying business processes using spin. In: Proceedings of the 4th International SPIN Workshop, pp. 21–36 (1998)
Janssen, W., Mateescu, R., Mauw, S., Fennema, P., van der Stappen, P.: Model Checking for Managers. In: Dams, D.R., Gerth, R., Leue, S., Massink, M. (eds.) SPIN 1999. LNCS, vol. 1680, pp. 92–107. Springer, Heidelberg (1999)
El Kharbili, M., de Medeiros, A.K.A., Stein, S., van der Aalst, W.M.P.: Business process compliance checking: Current state and future challenges. In: Modellierung Betrieblicher Informationssysteme (MobIS 2008). LNI, vol. 141, pp. 107–113 (2008)
Lu, R., Sadiq, S., Governatori, G., Yang, X.: Defining Adaptation Constraints for Business Process Variants. In: Abramowicz, W. (ed.) Business Information Systems. LNBIP, vol. 21, pp. 145–156. Springer, Heidelberg (2009)
Ly, L.T., Göser, K., Rinderle-Ma, S., Dadam, P.: Compliance of semantic constraints - a requirements analysis for process management systems. In: 1st Int’l Workshop on Governance, Risk and Compliance - Applications in Information Systems, Montpellier, France (2008)
Schaad, A., Lotz, V., Sohr, K.: A model-checking approach to analysing organisational controls in a loan origination process. In: SACMAT 2006: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 139–149. ACM, New York (2006)
Armando, A., Ponta, S.: Model checking of security-sensitive business processes (2010)
Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2), 244–263 (1986)
Kwiatkowska, M., Norman, G., Parker, D.: Stochastic Model Checking. In: Bernardo, M., Hillston, J. (eds.) SFM 2007. LNCS, vol. 4486, pp. 220–270. Springer, Heidelberg (2007)
PRISM website (2010), http://www.prismmodelchecker.org
Baier, C., Katoen, J.-P.: Principles of model checking. MIT Press (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mendt, T., Sinz, C., Tveretina, O. (2011). Analyzing Separation of Duties Constraints with a Probabilistic Model Checker. In: Abramowicz, W., Maciaszek, L., Węcel, K. (eds) Business Information Systems Workshops. BIS 2011. Lecture Notes in Business Information Processing, vol 97. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25370-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-25370-6_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25369-0
Online ISBN: 978-3-642-25370-6
eBook Packages: Computer ScienceComputer Science (R0)