Title: SPCC: a security policy compliance checker plug-in for YAWL

Authors: Khalid Alissa; Jason Reid; Ed Dawson

Addresses: College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University (IAU), Dammam, Saudi Arabia ' Science and Engineering Faculty, Queensland University of Technology, Brisbane, QLD, Australia ' Science and Engineering Faculty, Queensland University of Technology, Brisbane, QLD, Australia

Abstract: YAWL provides a complete workflow system. It uses its own formal language to define the process model, which can then be translated by the YAWL engine into a working workflow system. The current structure of YAWL allows the process modeller to assign users/roles to perform tasks, but these assignments may not be in compliance with the organisation's authorisation policy. Violating the authorisation policy might lead to significant security risks. This paper introduces SPCC: an authorisation policy compliance checker for YAWL. SPCC is designed to help the process modeller to make sure the role-task assignments are in compliance with the organisation's authorisation policy. The paper describes the implementation of SPCC as a plug-in for YAWL.

Keywords: policy compliance; BPM; workflow; authorisation policies; compliance checker; YAWL.

DOI: 10.1504/IJBPIM.2018.093031

International Journal of Business Process Integration and Management, 2018 Vol.9 No.1, pp.22 - 31

Accepted: 30 Dec 2017
Published online: 04 Jul 2018 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article