Cerberus is a tool to automatically synthesize run-time enforcement mechanisms for security-sensitive Business Processes (BPs). The tool is capable of guaranteeing that the execution constraints ECEC on the tasks together with the authorization policy APAP and the authorization constraints ACAC are satisfied while ensuring that the process can successfully terminate. Cerberus can be easily integrated in many workflow management systems, it is transparent to process designers, and does not require any knowledge beyond usual BP modeling. The tool works in two phases. At design-time, the enforcement mechanism M, parametric in the authorization policy APAP, is generated from ECEC and ACAC; M can thus be used with any instance of the same BP provided that ECEC and ACAC are left unchanged. At run-time, a specific authorization policy is added to M, thereby obtaining an enforcement mechanism M∗M∗ dedicated to a particular instance of the security-sensitive business process. To validate our approach, we discuss the implementation and usage of Cerberus in the SAP HANA Operational Intelligence platform.
Cerberus: Automated Synthesis of Enforcement Mechanisms for Security-Sensitive Business Processes
Dos Santos, Daniel Ricardo;Ranise, Silvio
2016-01-01
Abstract
Cerberus is a tool to automatically synthesize run-time enforcement mechanisms for security-sensitive Business Processes (BPs). The tool is capable of guaranteeing that the execution constraints ECEC on the tasks together with the authorization policy APAP and the authorization constraints ACAC are satisfied while ensuring that the process can successfully terminate. Cerberus can be easily integrated in many workflow management systems, it is transparent to process designers, and does not require any knowledge beyond usual BP modeling. The tool works in two phases. At design-time, the enforcement mechanism M, parametric in the authorization policy APAP, is generated from ECEC and ACAC; M can thus be used with any instance of the same BP provided that ECEC and ACAC are left unchanged. At run-time, a specific authorization policy is added to M, thereby obtaining an enforcement mechanism M∗M∗ dedicated to a particular instance of the security-sensitive business process. To validate our approach, we discuss the implementation and usage of Cerberus in the SAP HANA Operational Intelligence platform.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.