Serena Elisa Ponta

Learn More
More and more industrial activities are captured through Business Processes (BPs). To evaluate whether a BP under-design enjoys certain security desiderata is hardly manageable by business analysts without tool support, as the BP runtime environment is highly dynamic (e.g., task delegation). Automated reasoning techniques such as model checking can provide(More)
Security-sensitive business processes are business processes that must comply with security requirements (e.g. authorization constraints). In previous works it has been shown that model checking can be profitably used for the automatic analysis of security-sensitive business processes. But building a formal model that simultaneously accounts for both the(More)
The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends(More)
Business processes under authorization control are sets of coordinated activities subject to a security policy stating which agent can access which resource. Their behavior is difficult to predict due to the complex and unexpected inter-leaving of different execution flows within the process. Serious flaws may thus go undetected and manifest themselves only(More)
We present an approach to the formal specification and automatic analysis of business processes under authorization constraints based on the action language C. The use of C allows for a natural and concise modeling of the business process and the associated security policy and for the automatic analysis of the resulting specification by using the Causal(More)
To evaluate whether a business process (BP) under-design enjoys certain security desiderata is hardly manageable by business analysts without a proper tool support, as the BP runtime environment is highly dynamic, e.g., delegation. We describe a novel security validation tool for BPs that employs model checking for evaluating security-relevant aspects of(More)
Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work showed that model checking can be profitably used to check(More)
Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to achieve, many times resulting in vulnerable systems exposed to the Internet. Authenticated vulnerability scanners and(More)