References

  1. Rafael Accorsi & Andreas Lehmann (2012): Automatic Information Flow Analysis of Business Process Models. In: BPM, pp. 172–187, doi:10.1007/978-3-642-32885-5_13.
  2. Gustavo Alonso, Roger Günthör, Mohan Kamath, Divyakant Agrawal, Amr El Abbadi & C. Mohan (1996): Exotica/FMDC: A Workflow Management System for Mobile and Disconnected Clients. Distributed and Parallel Databases 4(3), pp. 229–247, doi:10.1007/BF00140951.
  3. Bowen Alpern & Fred B. Schneider (1987): Recognizing safety and liveness. Distributed Computing 2(3), pp. 117–126, doi:10.1007/BF01782772.
  4. Wihem Arsac, Luca Compagna, Giancarlo Pellegrino & Serena Elisa Ponta (2011): Security Validation of Business Processes via Model-Checking. In: Engineering Secure Software and Systems, LNCS 6542. Springer, pp. 29–42, doi:10.1007/978-3-642-19125-1_3.
  5. Thomas Bauereiss & Dieter Hutter (2013): Possibilistic information flow security of workflow management systems. Technical Report. Available at http://bauereiss.name/papers/WorkflowSecurity_TR.pdf.
  6. Achim D. Brucker, Isabelle Hang, Gero Lückemeyer & Raj Ruparel (2012): SecureBPMN: Modeling and Enforcing Access Control Requirements in Business Processes. In: SACMAT 2012. ACM, pp. 123–126, doi:10.1145/2295136.2295160.
  7. David D. Clark & David R. Wilson (1987): A Comparison of Commercial and Military Computer Security Policies. IEEE Symposium on Security and Privacy, pp. 184–194, doi:10.1109/SP.1987.10001.
  8. Michael R. Clarkson & Fred B. Schneider (2010): Hyperproperties. Journal of Computer Security 18(6), pp. 1157–1210, doi:10.3233/JCS-2009-0393.
  9. Riccardo Focardi & Roberto Gorrieri (1995): A Classification of Security Properties for Process Algebras. Journal of Computer Security 3(1), pp. 5–33, doi:10.3233/JCS-1994/1995-3103.
  10. Florian Haftmann & Tobias Nipkow (2007): A code generator framework for Isabelle/HOL. In: Theorem Proving in Higher Order Logics: Emerging Trends. Available at http://es.cs.uni-kl.de/events/TPHOLs-2007/proceedings/B-128.pdf.
  11. Dieter Hutter (2006): Possibilistic Information Flow Control in MAKS and Action Refinement. In: ETRICS, LNCS 3995. Springer, pp. 268–281, doi:10.1007/11766155_19.
  12. Dieter Hutter (2007): Preserving Privacy in the Web by Using Information Flow Control. In: Andreas U. Schmidt, Michael Kreutzer & Rafael Accorsi: Long-Term and Dynamical Aspects of Information Security: Emerging Trends in Information and Communication Security. Nova Science.
  13. Dieter Hutter, Heiko Mantel, Ina Schaefer & Axel Schairer (2007): Security of multi-agent systems: A case study on comparison shopping. Journal of Applied Logic 5(2), pp. 303–332, doi:10.1016/j.jal.2005.12.015.
  14. Dieter Hutter & Axel Schairer (2004): Possibilistic Information Flow Control in the Presence of Encrypted Communication. In: ESORICS, LNCS 3193. Springer, pp. 209–224, doi:10.1007/978-3-540-30108-0_13.
  15. Heiko Mantel (2000): Possibilistic Definitions of Security - An Assembly Kit. In: CSFW. IEEE Computer Society, pp. 185–199, doi:10.1109/CSFW.2000.856936.
  16. Heiko Mantel (2000): Unwinding Possibilistic Security Properties. In: ESORICS, LNCS 1895. Springer, pp. 238–254, doi:10.1007/10722599_15.
  17. Heiko Mantel (2001): Information Flow Control and Applications - Bridging a Gap. In: FME, LNCS 2021. Springer, pp. 153–172, doi:10.1007/3-540-45251-6_9.
  18. Heiko Mantel (2001): Preserving Information Flow Properties under Refinement. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, pp. 78–91, doi:10.1109/SECPRI.2001.924289.
  19. Heiko Mantel (2002): On the Composition of Secure Systems. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, pp. 88–101, doi:10.1109/SECPRI.2002.1004364.
  20. Heiko Mantel & Andrei Sabelfeld (2003): A Unifying Approach to the Security of Distributed and Multi-Threaded Programs. Journal of Computer Security 11(4), pp. 615–676. Available at http://iospress.metapress.com/content/r0pr0ma4kv8wa542/.
  21. J. McLean (1996): A general theory of composition for a class of ``possibilistic'' properties. IEEE Transactions on Software Engineering 22(1), pp. 53–67, doi:10.1109/32.481534.
  22. Peter Muth, Dirk Wodtke, Jeanine Weissenfels, Angelika Kotz Dittrich & Gerhard Weikum (1998): From Centralized Workflow Specification to Distributed Workflow Execution. Journal of Intelligent Information Systems 10(2), pp. 159–184, doi:10.1023/A:1008608810770.
  23. Andrew C. Myers, Andrei Sabelfeld & Steve Zdancewic (2006): Enforcing Robust Declassification and Qualified Robustness. Journal of Computer Security 14(2), pp. 157–196. Available at http://iospress.metapress.com/content/EYT2D3ERKY3A2H25.
  24. Tobias Nipkow, Lawrence C Paulson & Markus Wenzel (2002): Isabelle/HOL: a proof assistant for higher-order logic. LNCS 2283. Springer, doi:10.1007/3-540-45949-9.
  25. Sylvia Osborn, Ravi Sandhu & Qamar Munawer (2000): Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. 3(2), pp. 85\begingroupłet [Pleaseinsert\PrerenderUnicode–intopreamble]106, doi:10.1145/354876.354878.
  26. Alfonso Rodríguez, Eduardo Fernández-Medina & Mario Piattini (2007): A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE Transactions 90-D(4), pp. 745–752, doi:10.1093/ietisy/e90-d.4.745.
  27. A. Sabelfeld & A.C. Myers (2003): Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), pp. 5–19, doi:10.1109/JSAC.2002.806121.
  28. Andrei Sabelfeld & David Sands (2009): Declassification: Dimensions and principles. Journal of Computer Security 17(5), pp. 517–548, doi:10.3233/JCS-2009-0352.
  29. Andreas Schaad, Volkmar Lotz & Karsten Sohr (2006): A model-checking approach to analysing organisational controls in a loan origination process. In: David F. Ferraiolo & Indrakshi Ray: SACMAT. ACM, pp. 139–149, doi:10.1145/1133058.1133079.
  30. Fred B. Schneider (2000): Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), pp. 30\begingroupłet [Pleaseinsert\PrerenderUnicode–intopreamble]50, doi:10.1145/353323.353382.
  31. Hans Schuster, Stefan Jablonski, Thomas Kirsche & Christoph Bussler (1994): A Client/Server Architecture for Distributed Workflow Management Systems. In: PDIS. IEEE Computer Society, pp. 253–256, doi:10.1109/PDIS.1994.331708.
  32. Daniel F. Stork (1975): Downgrading in a Secure Multilevel Computer System: The Formulary Concept. Technical Report. DTIC Document. Available at http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA011696.
  33. Christian Wolter & Christoph Meinel (2010): An approach to capture authorisation requirements in business processes. Requir. Eng. 15(4), pp. 359–373, doi:10.1007/s00766-010-0103-y.
  34. Peter Y. H. Wong & Jeremy Gibbons (2008): A Process Semantics for BPMN. In: ICFEM, LNCS 5256. Springer, pp. 355–374, doi:10.1007/978-3-540-88194-0_22.
  35. Ping Yang, Shiyong Lu, Mikhail I. Gofman & Zijiang Yang (2010): Information flow analysis of scientific workflows. Journal of Computer and System Sciences 76(6), pp. 390–402, doi:10.1016/j.jcss.2009.11.002.
  36. Aris Zakinthinos & E. Stewart Lee (1997): A General Theory of Security Properties. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, pp. 94–102, doi:10.1109/SECPRI.1997.601322.
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org