A usage control model extension for the verification of security policies in artifact-centric business process models

Abstract

Artifact-centric initiatives have been used in business processes whose data management is complex, being the simple activitycentric workflow description inadequate. Several artifact-centric initiatives pursue the verification of the structural and data perspectives of the models, but unfortunately uncovering security aspects. Security has become a crucial priority from the business and customer perspectives, and a complete verification procedure should also fulfill it. We propose an extension of artifact-centric process models based on the Usage Control Model which introduces mechanisms to specify security policies. An automatic transformation is provided to enable the verification of enriched artifact-centric models using existing verification correctness algorithms.