Possibilistic Information Flow Control for Workflow Management Systems

In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and associated security requirements. We present an approach for formally verifying that a workflow satisfies such security requirements. For this purpose, we define the semantics of a workflow as a state-event system and formalise security properties in a trace-based way, i.e. on an abstract level without depending on details of enforcement mechanisms such as Role-Based Access Control (RBAC). This formal model then allows us to build upon well-known verification techniques for information flow control. We describe how a compositional verification methodology for possibilistic information flow can be adapted to verify that a specification of a distributed workflow management system satisfies security requirements on both data and processes.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Dependencies and Separation of Duty Constraints in GTRBAC

A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC’s language constructs allow one to specify various temporal constraints on role, user-role assignments and role-permission assignments. In this paper, we identify various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Such constraints allow specification of dynamically changing access control requirements that are typical in today’s large systems. In addition to allowing specification of time, the constraints introduced here also allow expressing access control policies at a finer granularity. The inclusion of control flow dependency constraints allows defining much stricter dependency requirements that are typical in workflow types of applications

Possibilistic interorganizationalworkflow net for the recovery problem concerning communication failures

In this paper, an approach based on interorganizational WorkFlow nets and on possibilistic Petri nets is proposed to deal with communication failures in business processes. Routing patterns and communication protocols existing in business processes are modeled by interorganizational WorkFlow nets. Possibilistic Petri nets with uncertainty on the marking and on the transition firing are considered to express in a more realistic way the uncertainty attached to communication failures. Combining both formalisms, a kind of possibilistic interorganizational WorkFlow net is obtained. An example of communication failure at a process monitoring level that precedes the presentation of a paper at a conference is presented

Composition and Declassification in Possibilistic Information Flow Security

Formal methods for security can rule out whole classes of security vulnerabilities, but applying them in practice remains challenging. This thesis develops formal verification techniques for information flow security that combine the expressivity and scalability strengths of existing frameworks. It builds upon Bounded Deducibility (BD) Security, which allows specifying and verifying fine-grained policies about what information may flow when to whom. Our main technical result is a compositionality theorem for BD Security, providing scalability by allowing us to verify security properties of a large system by verifying smaller components. Its practical utility is illustrated by a case study of verifying confidentiality properties of a distributed social media platform. Moreover, we discuss its use for the modular development of secure workflow systems, and for the security-preserving enforcement of safety and security properties other than information flow control

Uncertain Marking for Dealing with Partial Parallelization in Business Processes

In this paper, an approach based on WorkFlow nets and possibilistic Petri nets is proposed for dealing with flow deviations in business processes. Routing patterns existing in business processes are modeled by WorkFlow nets. Possibilistic Petri nets with uncertainty in the marking and the transition firing are considered to express in a more realistic way the ordering of human activities during real time execution of the process model. Combining both formalisms, a kind of possibilistic WorkFlow net is obtained. An example of flow deviations due to human behavior at a process monitoring level is presented

Possibilistic WorkFlow nets for dealing with cancellation regions in business processes

In this paper, an approach based on WorkFlow nets and possibilistic Petri nets is proposed for dealing with the cancellation features in business processes. Routing patterns existing in business processes are modeled by WorkFlow nets. Possibilistic Petri nets with uncertainty in the marking and the transition firing are used to deal with all possible markings when cancellation behaviour is considered. Combining both formalisms, a kind of possibilisticWorkFlow net is obtained. An example of a simplified version of a credit card application process is presented

Combining Coordination and Organisation Mechanisms for the Development of a Dynamic Context-aware Information System Personalised by means of Logic-based Preference Methods

The general objective of this thesis is to enhance current ICDs by developing a personalised information system stable over dynamic and open environments, by adapting the behaviour to different situations, and handle user preferences in order to effectively provide the content (by means of a composition of several information services) the user is waiting for. Thus, the system combines two different usage contexts: the adaptive behaviour, in which the system adapts to unexpected events (e.g., the sudden failure of a service selected as information source), and the information customisation, in which the system proactively personalises a list of suggestions by considering user’s context and preferences

Clustering of nonstationary data streams: a survey of fuzzy partitional methods

YesData streams have arisen as a relevant research topic during the past decade. They are real‐time, incremental in nature, temporally ordered, massive, contain outliers, and the objects in a data stream may evolve over time (concept drift). Clustering is often one of the earliest and most important steps in the streaming data analysis workflow. A comprehensive literature is available about stream data clustering; however, less attention is devoted to the fuzzy clustering approach, even though the nonstationary nature of many data streams makes it especially appealing. This survey discusses relevant data stream clustering algorithms focusing mainly on fuzzy methods, including their treatment of outliers and concept drift and shift.Ministero dell‘Istruzione, dell‘Universitá e della Ricerca

An integrated core competence evaluation framework for portfolio management in the oil industry

Drawing upon resource-based theory, this paper presents a core competence evaluation framework for managing the competence portfolio of an oil company. It introduces a network typology to illustrate how to form different types of strategic alliance relations with partnering firms to manage and grow the competence portfolio. A framework is tested using a case study approach involving face-to-face structured interviews. We identified purchasing, refining and sales and marketing as strong candidates to be the core competencies. However, despite the company's core business of refining oil, the core competencies were identified to be their research and development and performance management (PM) capabilities. We further provide a procedure to determine different kinds of physical, intellectual and cultural resources making a dominant impact on company's competence portfolio. In addition, we provide a comprehensive set of guidelines on how to develop core competence further by forging a partnership alliance choosing an appropriate network topology