@inproceedings(DBLP:conf/bpm/AccorsiL12, author = "Rafael Accorsi and Andreas Lehmann", year = "2012", title = "Automatic Information Flow Analysis of Business Process Models", booktitle = "BPM", pages = "172--187", doi = "10.1007/978-3-642-32885-5\_13", ) @article(DBLP:journals/dpd/AlonsoGKAAM96, author = "Gustavo Alonso and Roger G{\"u}nth{\"o}r and Mohan Kamath and Divyakant Agrawal and Amr {El Abbadi} and C. Mohan", year = "1996", title = "Exotica/FMDC: A Workflow Management System for Mobile and Disconnected Clients", journal = "Distributed and Parallel Databases", volume = "4", number = "3", pages = "229--247", doi = "10.1007/BF00140951", ) @article(alpern_recognizing_1987, author = "Bowen Alpern and Fred B. Schneider", year = "1987", title = "Recognizing safety and liveness", journal = "Distributed Computing", volume = "2", number = "3", pages = "117--126", doi = "10.1007/BF01782772", ) @incollection(arsac_security_2011, author = "Wihem Arsac and Luca Compagna and Giancarlo Pellegrino and Serena Elisa Ponta", year = "2011", title = "Security Validation of Business Processes via Model-Checking", booktitle = "Engineering Secure Software and Systems", series = "LNCS", volume = "6542", publisher = "Springer", pages = "29--42", doi = "10.1007/978-3-642-19125-1\_3", ) @techreport(Bauereiss2013, author = "Thomas Bauereiss and Dieter Hutter", year = "2013", title = "Possibilistic information flow security of workflow management systems", type = "Technical Report", note = "Available at \url {http://bauereiss.name/papers/WorkflowSecurity_TR.pdf}", ) @inproceedings(brucker.ea:securebpmn:2012, author = "Achim D. Brucker and Isabelle Hang and Gero L{\"u}ckemeyer and Raj Ruparel", year = "2012", title = "{SecureBPMN}: Modeling and Enforcing Access Control Requirements in Business Processes", booktitle = "SACMAT 2012", publisher = "ACM", pages = "123--126", doi = "10.1145/2295136.2295160", ) @article(clark_comparison_1987, author = "David D. Clark and David R. Wilson", year = "1987", title = "A Comparison of Commercial and Military Computer Security Policies", journal = "{IEEE} Symposium on Security and Privacy", pages = "184--194", doi = "10.1109/SP.1987.10001", ) @article(clarkson_hyperproperties_2010, author = "Michael R. Clarkson and Fred B. Schneider", year = "2010", title = "Hyperproperties", journal = "Journal of Computer Security", volume = "18", number = "6", pages = "1157--1210", doi = "10.3233/JCS-2009-0393", ) @article(focardi_classification_1995, author = "Riccardo Focardi and Roberto Gorrieri", year = "1995", title = "A Classification of Security Properties for Process Algebras", journal = "Journal of Computer Security", volume = "3", number = "1", pages = "5--33", doi = "10.3233/JCS-1994/1995-3103", ) @inproceedings(haftmann_code_2007, author = "Florian Haftmann and Tobias Nipkow", year = "2007", title = "A code generator framework for {Isabelle/HOL}", booktitle = "Theorem Proving in Higher Order Logics: Emerging Trends", url = "http://es.cs.uni-kl.de/events/TPHOLs-2007/proceedings/B-128.pdf", ) @inproceedings(hutter_possibilistic_2006, author = "Dieter Hutter", year = "2006", title = "Possibilistic Information Flow Control in MAKS and Action Refinement", booktitle = "ETRICS", series = "LNCS", volume = "3995", publisher = "Springer", pages = "268--281", doi = "10.1007/11766155\_19", ) @incollection(hutter_preserving_2007, author = "Dieter Hutter", year = "2007", title = "Preserving Privacy in the Web by Using Information Flow Control", editor = "Andreas U. Schmidt and Michael Kreutzer and Rafael Accorsi", booktitle = "Long-Term and Dynamical Aspects of Information Security: Emerging Trends in Information and Communication Security", publisher = "Nova Science", ) @article(hutter_security_2007, author = "Dieter Hutter and Heiko Mantel and Ina Schaefer and Axel Schairer", year = "2007", title = "Security of multi-agent systems: A case study on comparison shopping", journal = "Journal of Applied Logic", volume = "5", number = "2", pages = "303--332", doi = "10.1016/j.jal.2005.12.015", ) @inproceedings(hutter_possibilistic_2004, author = "Dieter Hutter and Axel Schairer", year = "2004", title = "Possibilistic Information Flow Control in the Presence of Encrypted Communication", booktitle = "ESORICS", series = "LNCS", volume = "3193", publisher = "Springer", pages = "209--224", doi = "10.1007/978-3-540-30108-0\_13", ) @inproceedings(mantel_possibilistic_2000, author = "Heiko Mantel", year = "2000", title = "Possibilistic Definitions of Security - An Assembly Kit", booktitle = "CSFW", publisher = "IEEE Computer Society", pages = "185--199", doi = "10.1109/CSFW.2000.856936", ) @inproceedings(DBLP:conf/esorics/Mantel00, author = "Heiko Mantel", year = "2000", title = "Unwinding Possibilistic Security Properties", booktitle = "ESORICS", series = "LNCS", volume = "1895", publisher = "Springer", pages = "238--254", doi = "10.1007/10722599\_15", ) @inproceedings(mantel_information_2001, author = "Heiko Mantel", year = "2001", title = "Information Flow Control and Applications - Bridging a Gap", booktitle = "FME", series = "LNCS", volume = "2021", publisher = "Springer", pages = "153--172", doi = "10.1007/3-540-45251-6\_9", ) @inproceedings(mantel_preserving_2001, author = "Heiko Mantel", year = "2001", title = "Preserving Information Flow Properties under Refinement", booktitle = "IEEE Symposium on Security and Privacy", publisher = "IEEE Computer Society", pages = "78--91", doi = "10.1109/SECPRI.2001.924289", ) @inproceedings(mantel_composition_2002, author = "Heiko Mantel", year = "2002", title = "On the Composition of Secure Systems", booktitle = "IEEE Symposium on Security and Privacy", publisher = "IEEE Computer Society", pages = "88--101", doi = "10.1109/SECPRI.2002.1004364", ) @article(DBLP:journals/jcs/MantelS03, author = "Heiko Mantel and Andrei Sabelfeld", year = "2003", title = "A Unifying Approach to the Security of Distributed and Multi-Threaded Programs", journal = "Journal of Computer Security", volume = "11", number = "4", pages = "615--676", url = "http://iospress.metapress.com/content/r0pr0ma4kv8wa542/", ) @article(mclean_general_1996, author = "J. {McLean}", year = "1996", title = "A general theory of composition for a class of ``possibilistic'' properties", journal = "{IEEE} Transactions on Software Engineering", volume = "22", number = "1", pages = "53--67", doi = "10.1109/32.481534", ) @article(muth_centralized_1998, author = "Peter Muth and Dirk Wodtke and Jeanine Weissenfels and Angelika Kotz Dittrich and Gerhard Weikum", year = "1998", title = "From Centralized Workflow Specification to Distributed Workflow Execution", journal = "Journal of Intelligent Information Systems", volume = "10", number = "2", pages = "159--184", doi = "10.1023/A:1008608810770", ) @article(myers_enforcing_2006, author = "Andrew C. Myers and Andrei Sabelfeld and Steve Zdancewic", year = "2006", title = "Enforcing Robust Declassification and Qualified Robustness", journal = "Journal of Computer Security", volume = "14", number = "2", pages = "157--196", url = "http://iospress.metapress.com/content/EYT2D3ERKY3A2H25", ) @book(nipkow2002isabelle, author = "Tobias Nipkow and Lawrence C Paulson and Markus Wenzel", year = "2002", title = "Isabelle/HOL: a proof assistant for higher-order logic", series = "LNCS", volume = "2283", publisher = "Springer", doi = "10.1007/3-540-45949-9", ) @article(osborn_configuring_2000, author = "Sylvia Osborn and Ravi Sandhu and Qamar Munawer", year = "2000", title = "Configuring role-based access control to enforce mandatory and discretionary access control policies", journal = "{ACM} Trans. Inf. Syst. Secur.", volume = "3", number = "2", pages = "85\begingroup \let \relax \relax \endgroup [Pleaseinsert\PrerenderUnicode{–}intopreamble]106", doi = "10.1145/354876.354878", ) @article(DBLP:journals/ieicet/RodriguezFP07, author = "Alfonso Rodr\'{\i }guez and Eduardo Fern{\'a}ndez-Medina and Mario Piattini", year = "2007", title = "A BPMN Extension for the Modeling of Security Requirements in Business Processes", journal = "IEICE Transactions", volume = "90-D", number = "4", pages = "745--752", doi = "10.1093/ietisy/e90-d.4.745", ) @article(sabelfeld_language-based_2003, author = "A. Sabelfeld and {A.C.} Myers", year = "2003", title = "Language-based information-flow security", journal = "{IEEE} Journal on Selected Areas in Communications", volume = "21", number = "1", pages = "5--19", doi = "10.1109/JSAC.2002.806121", ) @article(DBLP:journals/jcs/SabelfeldS09, author = "Andrei Sabelfeld and David Sands", year = "2009", title = "Declassification: Dimensions and principles", journal = "Journal of Computer Security", volume = "17", number = "5", pages = "517--548", doi = "10.3233/JCS-2009-0352", ) @inproceedings(schaad_model-checking_2006, author = "Andreas Schaad and Volkmar Lotz and Karsten Sohr", year = "2006", title = "A model-checking approach to analysing organisational controls in a loan origination process", editor = "David F. Ferraiolo and Indrakshi Ray", booktitle = "SACMAT", publisher = "ACM", pages = "139--149", doi = "10.1145/1133058.1133079", ) @article(schneider_enforceable_2000, author = "Fred B. Schneider", year = "2000", title = "Enforceable security policies", journal = "{ACM} Trans. Inf. Syst. Secur.", volume = "3", number = "1", pages = "30\begingroup \let \relax \relax \endgroup [Pleaseinsert\PrerenderUnicode{–}intopreamble]50", doi = "10.1145/353323.353382", ) @inproceedings(schuster_client/server_1994, author = "Hans Schuster and Stefan Jablonski and Thomas Kirsche and Christoph Bussler", year = "1994", title = "A Client/Server Architecture for Distributed Workflow Management Systems", booktitle = "PDIS", publisher = "IEEE Computer Society", pages = "253--256", doi = "10.1109/PDIS.1994.331708", ) @techreport(stork_downgrading_1975, author = "Daniel F. Stork", year = "1975", title = "Downgrading in a Secure Multilevel Computer System: The Formulary Concept", type = "Technical Report", institution = "{DTIC} Document", url = "http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA011696", ) @article(DBLP:journals/re/WolterM10, author = "Christian Wolter and Christoph Meinel", year = "2010", title = "An approach to capture authorisation requirements in business processes", journal = "Requir. Eng.", volume = "15", number = "4", pages = "359--373", doi = "10.1007/s00766-010-0103-y", ) @inproceedings(wong_process_2008, author = "Peter Y. H. Wong and Jeremy Gibbons", year = "2008", title = "A Process Semantics for BPMN", booktitle = "ICFEM", series = "LNCS", volume = "5256", publisher = "Springer", pages = "355--374", doi = "10.1007/978-3-540-88194-0\_22", ) @article(yang_information_2010, author = "Ping Yang and Shiyong Lu and Mikhail I. Gofman and Zijiang Yang", year = "2010", title = "Information flow analysis of scientific workflows", journal = "Journal of Computer and System Sciences", volume = "76", number = "6", pages = "390--402", doi = "10.1016/j.jcss.2009.11.002", ) @inproceedings(zakinthinos_general_1997, author = "Aris Zakinthinos and E. Stewart Lee", year = "1997", title = "A General Theory of Security Properties", booktitle = "IEEE Symposium on Security and Privacy", publisher = "IEEE Computer Society", pages = "94--102", doi = "10.1109/SECPRI.1997.601322", )