Christian Wolter

Modeling of task-based authorization constraints in BPMN

Workflows model and control the execution of business processes inan organisation by defining a set of tasks to be done. The specification of workflowsis well-elaborated and heavily tool supported. Task-based access control istailored to specify authorization constraints for task allocation in workflows. Existingworkflow modeling notations do not support the description of authorizationconstraints for task allocation commonly referred to as resource allocationpatterns. In this paper we propose an extension for the Business Process Modeling Notation(BPMN) to express such authorizations within the workflow model, enablingthe support of resource allocation pattern, such as Separation of Duty,Role-Based Allocation, Case Handling, or History-Based Allocation in BPMN.These pattern allow to specify authorization constraints, for instance role-task assignments,separation of duty, and binding of duty constraints. Based on a formalapproach we develop an authorization constraint artifact for BPMN to describesuch constraints. As a pragmatic demonstration of the feasibility of our proposed extensionwe model authorization constraints inspired by a real world banking workflowscenario. In the course of this paper we identify several aspects of future workrelated to verification and consistency analysis of modeled authorization constraints,tool-supported and pattern-driven authorization constraint description,and automatic derivation of authorization policies, such as defined by the eXtensibleAccess Control Markup Language (XACML).

Model-driven business process security requirement specification

Various types of security goals, such as authentication or confidentiality, can be defined as policies for service-oriented architectures, typically in a manual fashion. Therefore, we foster a model-driven transformation approach from modelled security goals in the context of process models to concrete security implementations. We argue that specific types of security goals may be expressed in a graphical fashion at the business process modelling level which in turn can be transformed into corresponding access control and security policies. In this paper we present security policy and policy constraint models. We further discuss a translation of security annotated business processes into platform specific target languages, such as XACML or AXIS2 security configurations. To demonstrate the suitability of this approach an example transformation is presented based on an annotated process.

Deriving XACML policies from business process models

The Business Process Modeling Notation (BPMN) has become a defacto standard for describing processes in an accessible graphical notation. The eXtensible Access Control Markup Language (XACML) is an OASIS standard to specify and enforce platform independent access control policies. In this paper we define a mapping between the BPMN and XACML metamodels to provide a model-driven extraction of security policies from a business process model. Specific types of organisational control and compliance policies that can be expressed in a graphical fashion at the business process modeling level can now be transformed into the corresponding task authorizations and access control policies for process-aware information systems. As a proof of concept, we extract XACML access control policies from a security augmented banking domain business process. We present an XSLT converter that transforms modeled security constraints into XACML policies that can be deployed and enforced in a policy enforcement and decision environment. We discuss the benefits of our modeling approach and outline how XACML can support task-based compliance in business processes.

Verification of Business Process Entailment Constraints Using SPIN

The verification of access controls is essential for providing secure systems. Model checking is an automated technique used for verifying finite state machines. The properties to be verified are usually expressed as formula in temporal logic. In this paper we present an approach to verify access control security properties of a security annotated business process model. To this end we utilise a security enhanced BPMN notation to define access control properties. To enhance the usability the complex and technical details are hidden from the process modeller by using an automatic translation of the process model into a process meta language (Promela) based on Coloured Petri net (CPN) semantics. The model checker SPIN is used for the process model verification and a trace file is written to provide visual feedback to the modeller on the abstraction level of the verified process model. As a proof of concept the described translation methodology is implemented as a plug-in for the free web-based BPMN modelling tool Oryx.

Task-based entailment constraints for basic workflow patterns

Access Control decisions are based on the authorisation policies defined for a system as well as observed context and behaviour when evaluating these constraints at runtime. Workflow management systems have been recognised as a primary source for defining authorisation policies at workflow designtime, as well as generating context at runtime. This paper analyses recent work in the workflow community regarding established control-flow patterns. We claim that there is an intrinsic relationship between these patterns and a set of task-based entailment constraints - such as Separation of Duty - that have been recently identified by the access control community. These constraints are based on a pre-determined partial order on sequence and parallel execution patterns. When, however, such an order does not exist, because of more complex control-flow patterns, ambiguous constraint evaluation situations will arise at workflow runtime. Accordingly, this paper reviews basic workflow patterns and identifies relationships between these and task-based entailment constraints. In addition, an analysis of possible runtime ambiguities that may arise from these relationships is presented. Our approach is based on recently developed techniques for visual constraint representation at a workflow design-time.

An approach to capture authorisation requirements in business processes

Business process modelling focuses on the modelling of functional behaviour. In this article, we propose an extension for the business process modelling notation to express non-functional authorisations requirements in a process model to enable the collaboration between security experts and business analysts. To capture multi-level, role-based and Separation of Duty authorisation requirements, new model element attributes and authorisation artefacts are introduced. To enhance the usability of this approach, simple visual decorators are specified to ease the communication of requirements between various stakeholders. To provide an early validation of these authorisation requirements during the definition of a process model, formal semantics are applied to the process model and model-checking techniques are used to provide feedback. As a pragmatic proof-of-concepts, a first prototype implementation is briefly discussed.

Towards the Aggregation of Security Requirements in Cross-Organisational Service Compositions

The seamless composition of independent services is one of the success factors of Service-oriented Architectures (SOA). Services are orchestrated to service compositions across organisational boundaries to enable a faster reaction to changing business needs. Each orchestrated service might demand the provision of specific user information and requires particular security mechanisms. To enable a dynamic selection of services provided by foreign organisations, a central management of static security policies is not appropriate. Instead, each service should express its own security requirements as policies that stipulate explicitly the requirements of the composition. In this paper we address the problem of aggregating security requirements from orchestrated services. Such an aggregation is not just the combination of all security requirements, since dependencies and conflicts between these requirements might exist. We provide a classification of these dependencies and introduce a conceptional security model enabling a classification of security requirements to reveal conflicts. Finally, we propose an approach to determine an aggregation of security requirements in cross organisational service compositions.

An XACML Extension for Business Process-Centric Access Control Policies

Administrative controls exist to ensure that business activities are correctly managed and controlled according to corporate and legal regulations. With many organisations reliant on complex IT solutions these controls relate to functionality of software. In this paper we present an extension for business process models to express administrative controls, such as role-based, mandatory or dynamic separation of duty access control policies on the abstraction level of business process models. A model-driven approach is applied to generate platform-specific policies. As an example we utilise the eXtensible Access Control Markup Language (XACML).