John C. Mace, Charles Morisset, Aad van Moorsel


Workflows capture complex operational processes and include security constraints limiting which users can perform which tasks. An improper security policy may prevent certain tasks being assigned and may force a policy violation. Deciding whether a valid user-task assignment exists for a given policy is known to be extremely complex, especially when considering user unavailability (known as the resiliency problem). Therefore tools are required that allow automatic evaluation of workflow resiliency. Modelling well defined workflows is fairly straightforward, however user availability can be modelled in multiple ways for the same workflow. Correct choice of model is a complex yet necessary concern as it has a major impact on the calculated resiliency. We describe a number of user availability models and their encoding in the model checker PRISM, used to evaluate resiliency. We also show how model choice can affect resiliency computation in terms of its value, memory and CPU time. Date: April 21, 2015 Presented: 2015 Symposium and Bootcamp on the Science of Security (HotSoS 2015), Urbana-Champaign, 21-22 April, 2015. Published: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security (HotSoS), Urbana-Champaign, 2015. Publisher: ACM Publisher URL: Full Text: