Analyzing Security Requirements in Timed Workflow Processes

Abstract

Much attention is being paid to security requirements of workflow processes with authorization policies, e.g., safety properties, liveness properties, separation of duties, binding of duties, and constraints of cardinality. However, existing methods neglect the execution condition of activities and the logical structures among activities along with their time attributes, suffer from low efficiency when checking the security requirements of large-scale and structurally complex workflow processes, and provide no solutions as a response to the violations of various security requirements. Thus, existing methods cannot guarantee the absolute security and smooth execution of such workflow processes. In this article, we propose a security team timed automaton (STTA) based approach to analyzing security requirements in timed workflow processes. First, we construct STTAs for timed workflow processes with authorization policies. Second, security requirements are automatically verified based on STTAs. Third, based on two effective strategies, we provide solutions to violated security requirements, if any. Compared with the existing methods, our approach can not only formally describe and analyze five commonly-viewed and frequently-adopted security requirements for timed workflow processes and dramatically decrease their temporal and spatial complexity for verification, but also provide solutions to the violations of security requirements so as to implement the security management of workflow processes.