Home Information flow control for workflow management systems
Article
Licensed
Unlicensed Requires Authentication

Information flow control for workflow management systems

  • Thomas Bauereiß

    Thomas Bauereiß received his Diplom in Computer Science from the University of Erlangen-Nürnberg. Since 2012, he is a junior researcher and PhD student at the Cyber-Physical Systems Department at DFKI Bremen. His research interests include formal methods and security, focusing on information flow control.

    Deutsches Forschungszentrum für Künstliche Intelligenz, Bibliothekstr. 1, D-28359 Bremen

         and Dieter Hutter

    Dieter Hutter received his PhD from the University of Karlsruhe working on inductive theorem proving. In 1991 he moved to the Saarland University and joined DFKI in 1993 as a member of J.H. Siekmann's resarch group. He lead various projects in Formal Methods and Security. Moving to Bremen in 2008, he is now vice director of the Cyber-Physical System Department at DFKI and honorary professor at Bremen University.

    Deutsches Forschungszentrum für Künstliche Intelligenz, Bibliothekstr. 1, D-28359 Bremen

     EMAIL logo
Published/Copyright: November 30, 2014
it - Information Technology
From the journal it - Information Technology Volume 56 Issue 6

Abstract

Workflow management plays an important role in analyzing and automating business processes. Security requirements in workflow management systems are typically mapped to (role-based) access control configurations. This paper focuses on information flow control, taking into account implicit information leaks. The presented approach operates on a specification level in which no executable program is available yet. We illustrate the modeling of a workflow management system as a composition of state-event systems, each representing one of the activities of the workflow. This facilitates distributed deployment and eases verification by splitting up the verification of the overall system into verification of the individual components. Confidentiality requirements are modeled in terms of information flow predicates using the MAKS framework and verified following existing decomposition methodologies, which are adapted for open systems with ongoing user interaction. We discuss the interaction with other security requirements, notably separation of duty.

Keywords: Security; workflows; information-flow control; non-interference
ACM CCS: Security and privacy→Formal methods and theory of security→Formal security models

About the authors

Thomas Bauereiß

Thomas Bauereiß received his Diplom in Computer Science from the University of Erlangen-Nürnberg. Since 2012, he is a junior researcher and PhD student at the Cyber-Physical Systems Department at DFKI Bremen. His research interests include formal methods and security, focusing on information flow control.

Deutsches Forschungszentrum für Künstliche Intelligenz, Bibliothekstr. 1, D-28359 Bremen

Dieter Hutter

Dieter Hutter received his PhD from the University of Karlsruhe working on inductive theorem proving. In 1991 he moved to the Saarland University and joined DFKI in 1993 as a member of J.H. Siekmann's resarch group. He lead various projects in Formal Methods and Security. Moving to Bremen in 2008, he is now vice director of the Cyber-Physical System Department at DFKI and honorary professor at Bremen University.

Deutsches Forschungszentrum für Künstliche Intelligenz, Bibliothekstr. 1, D-28359 Bremen

Received: 2014-5-30
Revised: 2014-10-5
Accepted: 2014-10-17
Published Online: 2014-11-30
Published in Print: 2014-12-28

©2014 Walter de Gruyter Berlin/Boston

Articles in the same Issue

  1. Frontmatter
  2. Editorial
  3. Reliably secure software systems
  4. Special Issue
  5. Making security type systems less ad hoc
  6. The linear-hyper-branching spectrum of temporal logics
  7. Checking probabilistic noninterference using JOANA
  8. Confidentiality for Android apps: Specification and verification
  9. Information flow control for workflow management systems
  10. Security in e-voting
  11. Self-Portrayals of GI Junior Fellows
  12. Designing networks for challenging applications
  13. Theory for processing data on the Web
  14. Distinguished Dissertations
  15. On the insecurity of XML Security
https://doi.org/10.1515/itit-2014-1055
Keywords for this article
Security; workflows; information-flow control; non-interference

Articles in the same Issue

  1. Frontmatter
  2. Editorial
  3. Reliably secure software systems
  4. Special Issue
  5. Making security type systems less ad hoc
  6. The linear-hyper-branching spectrum of temporal logics
  7. Checking probabilistic noninterference using JOANA
  8. Confidentiality for Android apps: Specification and verification
  9. Information flow control for workflow management systems
  10. Security in e-voting
  11. Self-Portrayals of GI Junior Fellows
  12. Designing networks for challenging applications
  13. Theory for processing data on the Web
  14. Distinguished Dissertations
  15. On the insecurity of XML Security
Sign up now to receive a 20% welcome discount
Institutional Access
How does access work?
Have an idea on how to improve our website?
Please write us.
© 2025 De Gruyter Brill
Downloaded on 17.9.2025 from https://www.degruyterbrill.com/document/doi/10.1515/itit-2014-1055/html
Scroll to top button