{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,7]],"date-time":"2025-04-07T09:10:10Z","timestamp":1744017010560,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":38,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642328848"},{"type":"electronic","value":"9783642328855"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-32885-5_13","type":"book-chapter","created":{"date-parts":[[2012,8,25]],"date-time":"2012-08-25T18:45:30Z","timestamp":1345920330000},"page":"172-187","source":"Crossref","is-referenced-by-count":19,"title":["Automatic Information Flow Analysis of Business Process Models"],"prefix":"10.1007","author":[{"given":"Rafael","family":"Accorsi","sequence":"first","affiliation":[]},{"given":"Andreas","family":"Lehmann","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"1","key":"13_CR1","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1142\/S0218126698000043","volume":"8","author":"W.M.P. Aalst van der","year":"1998","unstructured":"van der Aalst, W.M.P.: The application of Petri nets to workflow management. Journal of Circuits, Systems and Computers\u00a08(1), 21\u201366 (1998)","journal-title":"Journal of Circuits, Systems and Computers"},{"issue":"3","key":"13_CR2","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/s12599-011-0155-7","volume":"3","author":"R. Accorsi","year":"2011","unstructured":"Accorsi, R., Lowis, L., Sato, Y.: Automated certification for compliant cloud-based business processes. Bus. & Information Systems Eng.\u00a03(3), 145\u2013154 (2011)","journal-title":"Bus. & Information Systems Eng."},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Accorsi, R., Wonnemann, C.: Strong non-leak guarantees for workflow models. In: ACM Symposium on Applied Computing, pp. 308\u2013314. ACM (2011)","DOI":"10.1145\/1982185.1982254"},{"key":"13_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1007\/978-3-642-22444-7_13","volume-title":"Security and Trust Management","author":"R. Accorsi","year":"2011","unstructured":"Accorsi, R., Wonnemann, C.: InDico: Information Flow Analysis of Business Processes for Confidentiality Requirements. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol.\u00a06710, pp. 194\u2013209. Springer, Heidelberg (2011)"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Accorsi, R., Wonnemann, C., Dochow, S.: SWAT: A security workflow toolkit for reliably secure process-aware information systems. In: Conference on Availability, Reliability and Security, pp. 692\u2013697. IEEE (2011)","DOI":"10.1109\/ARES.2011.108"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"Accorsi, R., Wonnemann, C., Stocker, T.: Towards forensic data flow analysis of business process logs. In: Incident Management and Forensics, pp. 94\u2013110. IEEE (2011)","DOI":"10.1109\/IMF.2011.13"},{"key":"13_CR7","unstructured":"Anderson, R.: Security engineering. Wiley (2008)"},{"key":"13_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-642-29963-6_12","volume-title":"Security and Trust Management","author":"A. Armando","year":"2012","unstructured":"Armando, A., Ranise, S.: Automated Analysis of Infinite State Workflows with Access Control Policies. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol.\u00a07170, pp. 157\u2013174. Springer, Heidelberg (2012)"},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"Atluri, V., Chun, S.A., Mazzoleni, P.: A Chinese Wall security model for decentralized workflow systems. In: ACM Computer & Communication Security, pp. 48\u201357. ACM (2001)","DOI":"10.1145\/501983.501991"},{"key":"13_CR10","doi-asserted-by":"crossref","unstructured":"Atluri, V., Warner, J.: Security for workflow systems. In: Handbook of Database Security, pp. 213\u2013230. Springer (2008)","DOI":"10.1007\/978-0-387-48533-1_9"},{"issue":"1","key":"13_CR11","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1016\/j.entcs.2005.05.045","volume":"180","author":"I. Attali","year":"2007","unstructured":"Attali, I., Caromel, D., Henrio, L., Aguila, F.: Secured information flow for asynchronous sequential processes. Electr. Notes Theor. Comput. Sci.\u00a0180(1), 17\u201334 (2007)","journal-title":"Electr. Notes Theor. Comput. Sci."},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Barkaoui, K., Ayed, R.B., Boucheneb, H., Hicheur, A.: Verification of workflow processes under multilevel security considerations. In: Risks and Security of Internet and Systems, pp. 77\u201384. IEEE (2008)","DOI":"10.1109\/CRISIS.2008.4757466"},{"key":"13_CR13","unstructured":"Bell, D., LaPadula, L.: Secure Computer Systems: Mathematical Foundations. MITRE Corporation (1973)"},{"issue":"6","key":"13_CR14","doi-asserted-by":"publisher","first-page":"1065","DOI":"10.1017\/S0960129509990120","volume":"19","author":"N. Busi","year":"2009","unstructured":"Busi, N., Gorrieri, R.: Structural non-interference in elementary and trace nets. Mathematical Structures in Computer Science\u00a019(6), 1065\u20131090 (2009)","journal-title":"Mathematical Structures in Computer Science"},{"issue":"5","key":"13_CR15","doi-asserted-by":"publisher","first-page":"236","DOI":"10.1145\/360051.360056","volume":"19","author":"D.E. Denning","year":"1976","unstructured":"Denning, D.E.: A lattice model of secure information flow. Communications of the ACM\u00a019(5), 236\u2013243 (1976)","journal-title":"Communications of the ACM"},{"issue":"7","key":"13_CR16","doi-asserted-by":"publisher","first-page":"504","DOI":"10.1145\/359636.359712","volume":"20","author":"D.E. Denning","year":"1977","unstructured":"Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM\u00a020(7), 504\u2013513 (1977)","journal-title":"Communications of the ACM"},{"issue":"5","key":"13_CR17","doi-asserted-by":"publisher","first-page":"448","DOI":"10.1016\/j.datak.2011.01.004","volume":"70","author":"D. Fahland","year":"2011","unstructured":"Fahland, D., Favre, C., Koehler, J., Lohmann, N., V\u00f6lzer, H., Wolf, K.: Analysis on demand: Instantaneous soundness checking of industrial business process models. Data Knowl. Eng.\u00a070(5), 448\u2013466 (2011)","journal-title":"Data Knowl. Eng."},{"key":"13_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/3-540-45608-2_6","volume-title":"Foundations of Security Analysis and Design","author":"R. Focardi","year":"2001","unstructured":"Focardi, R., Gorrieri, R.: Classification of Security Properties. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol.\u00a02171, pp. 331\u2013396. Springer, Heidelberg (2001)"},{"key":"13_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/978-3-642-01465-9_14","volume-title":"Formal Aspects in Security and Trust","author":"S. Frau","year":"2009","unstructured":"Frau, S., Gorrieri, R., Ferigato, C.: Petri Net Security Checker: Structural Non-interference at Work. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol.\u00a05491, pp. 210\u2013225. Springer, Heidelberg (2009)"},{"key":"13_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/978-3-642-23082-0_5","volume-title":"Foundations of Security Analysis and Design VI","author":"R. Gorrieri","year":"2011","unstructured":"Gorrieri, R., Vernali, M.: On Intransitive Non-interference in Some Models of Concurrency. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol.\u00a06858, pp. 125\u2013151. Springer, Heidelberg (2011)"},{"key":"13_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"773","DOI":"10.1007\/978-3-642-05089-3_49","volume-title":"FM 2009: Formal Methods","author":"W. Harris","year":"2009","unstructured":"Harris, W., Kidd, N., Chaki, S., Jha, S., Reps, T.W.: Verifying Information Flow Control over Unbounded Processes. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol.\u00a05850, pp. 773\u2013789. Springer, Heidelberg (2009)"},{"issue":"6","key":"13_CR22","doi-asserted-by":"publisher","first-page":"852","DOI":"10.1109\/TDSC.2010.43","volume":"8","author":"H. Huang","year":"2011","unstructured":"Huang, H., Kirchner, H.: Formal specification and verification of modular security policy based on colored Petri nets. IEEE Trans. Dependable Sec. Comput.\u00a08(6), 852\u2013865 (2011)","journal-title":"IEEE Trans. Dependable Sec. Comput."},{"key":"13_CR23","unstructured":"ISO\/IEC Information Security Management System 27001 (2005), http:\/\/www.27000.org\/iso-27001.html (last accessed in June 2012)"},{"key":"13_CR24","doi-asserted-by":"crossref","unstructured":"Juszczyszyn, K.: Verifying enterprise\u2019s mandatory access control policies with coloured Petri nets. In: Enabling Technologies, pp. 184\u2013189. IEEE (2003)","DOI":"10.1109\/ENABL.2003.1231405"},{"key":"13_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"905","DOI":"10.1007\/978-3-642-05151-7_11","volume-title":"On the Move to Meaningful Internet Systems: OTM 2009","author":"B. Katt","year":"2009","unstructured":"Katt, B., Zhang, X., Hafner, M.: Towards a Usage Control Policy Specification with Petri Nets. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2009, Part II. LNCS, vol.\u00a05871, pp. 905\u2013912. Springer, Heidelberg (2009)"},{"key":"13_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1007\/978-3-642-28166-2_6","volume-title":"ESSoS 2012","author":"M. Kov\u00e1cs","year":"2012","unstructured":"Kov\u00e1cs, M., Seidl, H.: Runtime Enforcement of Information Flow Security in Tree Manipulating Processes. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol.\u00a07159, pp. 46\u201359. Springer, Heidelberg (2012)"},{"key":"13_CR27","unstructured":"Lohmann, N., Mennicke, S., Sura, C.: The Petri Net API: A collection of Petri net-related functions. In: Algorithms and Tools for Petri Nets. CEUR Workshop Proc., vol.\u00a0643, pp. 148\u2013155. CEUR-WS.org (2010)"},{"key":"13_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1007\/978-3-642-00899-3_3","volume-title":"ToPNoC II","author":"N. Lohmann","year":"2009","unstructured":"Lohmann, N., Verbeek, E., Dijkman, R.: Petri Net Transformations for Business Processes \u2013 A Survey. In: Jensen, K., van der Aalst, W.M.P. (eds.) ToPNoC II. LNCS, vol.\u00a05460, pp. 46\u201363. Springer, Heidelberg (2009)"},{"key":"13_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/978-3-642-15618-2_7","volume-title":"Business Process Management","author":"N. Lohmann","year":"2010","unstructured":"Lohmann, N., Wolf, K.: How to Implement a Theory of Correctness in the Area of Business Processes and Services. In: Hull, R., Mendling, J., Tai, S. (eds.) BPM 2010. LNCS, vol.\u00a06336, pp. 61\u201377. Springer, Heidelberg (2010)"},{"issue":"3","key":"13_CR30","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1109\/TSC.2010.37","volume":"4","author":"L. Lowis","year":"2011","unstructured":"Lowis, L., Accorsi, R.: Vulnerability analysis in SOA-based business processes. IEEE T. Services Computing\u00a04(3), 230\u2013242 (2011)","journal-title":"IEEE T. Services Computing"},{"issue":"4","key":"13_CR31","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1109\/5.24143","volume":"77","author":"T. Murata","year":"1989","unstructured":"Murata, T.: Petri nets: Properties, analysis and applications. Proc. IEEE\u00a077(4), 541\u2013580 (1989)","journal-title":"Proc. IEEE"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Pfeiffer, S., Unger, S., Timmermann, D., Lehmann, A.: Secure Information Flow Awareness for Smart Wireless eHealth Systems. In: Multi-Conference on Systems, Signals and Devices. IEEE (2012)","DOI":"10.1109\/SSD.2012.6198123"},{"issue":"1-2","key":"13_CR33","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1023\/B:ELEC.0000009282.06809.c5","volume":"4","author":"S. R\u00f6hrig","year":"2004","unstructured":"R\u00f6hrig, S., Knorr, K.: Security analysis of electronic business processes. Electronic Commerce Research\u00a04(1-2), 59\u201381 (2004)","journal-title":"Electronic Commerce Research"},{"issue":"1","key":"13_CR34","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A. Sabelfeld","year":"2003","unstructured":"Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications\u00a021(1), 5\u201319 (2003)","journal-title":"IEEE Journal on Selected Areas in Communications"},{"key":"13_CR35","doi-asserted-by":"crossref","unstructured":"Shafiq, B., Masood, A., Joshi, J., Ghafoor, A.: A role-based access control policy verification framework for real-time systems. In: Object-Oriented Real-Time Dependable Systems, pp. 13\u201320. IEEE (2005)","DOI":"10.1109\/WORDS.2005.11"},{"key":"13_CR36","unstructured":"Trusted Computer Security Evaluation Criteria, DoD (1983), http:\/\/csrc.nist.gov\/publications\/history\/dod85.pdf (last accessed in June 2012)"},{"key":"13_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/978-3-540-73094-1_5","volume-title":"Petri Nets and Other Models of Concurrency \u2013 ICATPN 2007","author":"K. Wolf","year":"2007","unstructured":"Wolf, K.: Generating Petri Net State Spaces. In: Kleijn, J., Yakovlev, A. (eds.) ICATPN 2007. LNCS, vol.\u00a04546, pp. 29\u201342. Springer, Heidelberg (2007)"},{"key":"13_CR38","doi-asserted-by":"crossref","unstructured":"Zhang, Z.-L., Hong, F., Xiao, H.-J.: Verification of strict integrity policy via Petri nets. In: Conference on Systems and Networks Communications, p. 23 (2006)","DOI":"10.1109\/ICSNC.2006.76"}],"container-title":["Lecture Notes in Computer Science","Business Process Management"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-32885-5_13.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,7]],"date-time":"2025-04-07T08:41:00Z","timestamp":1744015260000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-32885-5_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642328848","9783642328855"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-32885-5_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2012]]}}}