Model support for confidential service-oriented business processes
by Andreas Lehmann and Niels Lohmann
Abstract. A core motivation of service-oriented execution of business processes is the opportunity to reduce costs by outsourcing certain tasks to third-party service providers. For legal or economic reasons, it might be undesirable that delicate information (e. g., customer data, trade secrets, or financial details) ``leak'' to the involved third parties. The absence of such leaks — called noninterference — can be checked automatically. To this end, a model is required in which each task is assessed as either con- fidential or public. A drawback of this method is that (1) this distinction has to be made for each task prior to the verification and that (2) an unsuccessful check requires a new confidentiality assessment followed by another verification step. This paper introduces a full-automatic technique to complete partial con- fidentiality assessments while guaranteeing noninterference. The proposed technique can be integrated into the design phase of a service-oriented business process and help the modeler choose which tasks can be safely outsourced.
Appeared as unreviewed workshop paper in Proceedings of the 4th Central-European Workshop on Services and their Composition, ZEUS 2012, Bamberg, Germany, February 23-24, 2012.