Skip to main content
SpringerLink
Log in

On the satisfiability of authorization requirements in business process

  • Research Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

Satisfiability problem of authorization requirements in business process asks whether there exists an assignment of users to tasks that satisfies all the requirements, and methods were proposed to solve this problem. However, the proposed methods are inefficient in the sense that a step of the methods is searching all the possible assignments, which is time-consuming. This work proposes a method to solve the satisfiability problem of authorization requirements without browsing the assignments space. Our method uses improved separation of duty algebra (ISoDA) to describe a satisfiability problem of qualification requirements and quantification requirements (Separation of Duty and Binding of Duty requirements). Thereafter, ISoDA expressions are reduced into multi-mutual-exclusive expressions. The satisfiabilities of multi-mutual-exclusive expressions are determined by an efficient algorithm proposed in this study. The experiment shows that our method is faster than the state-of-the-art methods.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Becker J, Delfmann P, Dietrich H-A, Steinhorst M, Eggert M. Business process compliance checking —applying and evaluating a generic pattern matching approach for conceptual models in the financial sector. Information Systems Frontiers, 2016, 18(2): 359–405

    Article  Google Scholar 

  2. Ly L T, Rinderle-Ma S, Knuplesch D, Dadam P. Monitoring business process compliance using compliance rule graphs. Lecture Notes in Computer Science, 2011, 7044: 82–99

    Article  Google Scholar 

  3. Ly L T, Rinderle S, Dadam P. Integration and verification of semantic constraints in adaptive process management systems. Data & Knowledge Engineering, 2008, 64(1): 3–23

    Article  Google Scholar 

  4. Li N H, Wang Q H. Beyond separation of duty: an algebra for specifying high-level security policies. Journal of the ACM, 2008, 55(3): 1–46

    Article  MathSciNet  MATH  Google Scholar 

  5. Wolter C, Schaad A. Modeling of task-based authorization constraints in BPMN. In: Proceedings of International Conference on Business Process Management. 2007, 64–79

    Google Scholar 

  6. Bertino E, Ferrari E, Atluri V. An authorization model for supporting the specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information System Security, 1999, 2(1): 65–104

    Article  Google Scholar 

  7. Crampton J, Gutin G, Karapetyan. D. Valued workflow satisfiability problem. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies. 2015, 3–13

    Chapter  Google Scholar 

  8. Karapetyan D, Gagarin A, Gutin G. Pattern backtracking algorithm for the workflow satisfiability problem with user-independent constraints. In: Proceedings of the 9th International Workshop on Frontiers in Algorithmics. 2015, 138–149

    Chapter  Google Scholar 

  9. Mace J C, Morisset C, Van Moorsel A. Modelling user availability in workflow resiliency analysis. In: Proceedings of Symposium and Bootcamp on the Science of Security. 2015, 1–10

    Google Scholar 

  10. Cohen D, Crampton J, Gagarin A, Gutin G, Jones M. Iterative plan construction for the workflow satisfiability problem. Journal of Artificial Intelligence Research, 2014, 51: 555–577

    MathSciNet  MATH  Google Scholar 

  11. Crampton J, Gutin G, Yeo A. On the parameterized complexity and kernelization of the workflow satisfiability problem. ACM Transactions on Information and System Security, 2012, 16(1): 1518–1527

    Google Scholar 

  12. Cohen D, Crampton J, Gagarin A, Gutin G, Jones M. Algorithms for the workflow satisfiability problem engineered for counting constraints. Journal of Combinatorial Optimization, 2015: 1–22

    Google Scholar 

  13. Zhai Z N, Wang G, Zheng Z J. Verification of (≠, =) constrained workflow robustness based on satisfiability counting. Chinese Journal of Electronics, 2015, 43(11): 2298–2304

    Google Scholar 

  14. Bo Y, Xia C H, Luo Y, Tang Q. Static compliance checking beyond separation of duty constraints. In: Proceedings of the 9th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC). 2014, 171–178.

    Google Scholar 

  15. Wang Q H, Li N H. Satisfiability and resiliency in workflow authorization systems. ACM Transactions on Information and System Security, 2010, 13(4): 747–759

    Article  MathSciNet  Google Scholar 

  16. Kohler M, Schaad A. Avoiding policy-based deadlocks in business processes. In: Proceedings of International Conference on Availability, Reliability and Security. 2008, 709–716

    Google Scholar 

  17. Strembeck M, Mendling J. Generic algorithms for consistency checking of mutual-exclusion and binding constraints in a business process context. Lecture Notes in Computer Science, 2010: 204–221

    Google Scholar 

  18. Tan K, Crampton J, Gunter C A. The consistency of task-based authorization constraints in workflow systems. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop. 2004, 155–169

    Google Scholar 

  19. Armando A, Ponta S E. Model checking authorization requirements in business processes. Computers and Security, 2014, 40(2): 1–22

    Article  Google Scholar 

  20. Hoffmann J, Weber I, Governatori G. On compliance checking for clausal constraints in annotated process models. Information Systems Frontiers, 2012, 14(2): 155–177

    Article  Google Scholar 

  21. Basin D, Burri S J, Karjoth G. Dynamic enforcement of abstract separation of duty constraints. In: Proceedings of the 14th European Symposium on Research in Computer Security. 2009, 250–267

    Google Scholar 

  22. Barletta M, Ranise S, Vigano L. Verifying the interplay of authorization policies and workflow in service-oriented architectures. In: Proceedings of the 16th International Conference on Computational Science and Engineering. 2009, 289–296

    Google Scholar 

  23. Armando A, Ponta S E. Model checking of security-sensitive business processes. Lecture Notes in Computer Science, 2009, 5983: 66–80

    Article  Google Scholar 

  24. Rodríguez A, Fernández-Medina E, Piattini M. A BPMN extension for the modeling of security requirements in business processes. IEICE Transactions on Information and Systems, 2007, 90(4): 745–752

    Article  Google Scholar 

  25. Cohen D, Crampton J, Gagarin A, Gutin G, Jones M. Engineering algorithms for workflow satisfiability problem with user-independent constraints. Lecture Notes in Computer Science, 2014, 8497: 48–59

    Article  MATH  Google Scholar 

Download references

Acknowledgements

This work was partially supported by the Project on the Integration of Industry, Education and Research of Aviation Industry Corporation of China (CXY2011BH07), and the Co-Funding Project of Beijing Municipal education Commission (JD100060630).

Author information

Authors and Affiliations

  1. Beijing Key Laboratory of Network Technology, Beihang University, Beijing, 100191, China

    Yang Bo, Chunhe Xia & Zhigang Zhang

  2. School of Computer Science and Engineering, Beihang University, Beijing, 100191, China

    Yang Bo, Chunhe Xia & Zhigang Zhang

  3. The Research Institute of Beihang University in Shenzhen, Shenzhen, 518057, China

    Chunhe Xia

  4. National Education Examinations Authority, Ministry of Education, Beijing, 100084, China

    Xinzheng Lu

Authors
  1. Yang Bo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chunhe Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhigang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xinzheng Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yang Bo.

Additional information

Yang Bo is a PhD candidate of computer science at Beihang University, China. His research concerns the security and privacy of network and business process.

Chunhe Xia received his PhD degree in computer science and engineering from Beihang University, China in 2003. He is now heading the Beijing Key Laboratory of Network Technology, Beihang University. His research interests include network security, network management and security policy analysis.

Zhigang Zhang is a postgraduate student of computer science at Beihang University, China. His research concerns information security.

Xinzheng Lu is an associate research fellow of National Education Examinations Authority of China, China. His research interest includes network and information security.

Electronic supplementary material

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bo, Y., Xia, C., Zhang, Z. et al. On the satisfiability of authorization requirements in business process. Front. Comput. Sci. 11, 528–540 (2017). https://doi.org/10.1007/s11704-016-6016-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-016-6016-2

Keywords

Search

Navigation