Rafael Accorsi & Andreas Lehmann (2012):
Automatic Information Flow Analysis of Business Process Models.
In: BPM,
pp. 172–187,
doi:10.1007/978-3-642-32885-5_13.
Gustavo Alonso, Roger Günthör, Mohan Kamath, Divyakant Agrawal, Amr El Abbadi & C. Mohan (1996):
Exotica/FMDC: A Workflow Management System for Mobile and Disconnected Clients.
Distributed and Parallel Databases 4(3),
pp. 229–247,
doi:10.1007/BF00140951.
Bowen Alpern & Fred B. Schneider (1987):
Recognizing safety and liveness.
Distributed Computing 2(3),
pp. 117–126,
doi:10.1007/BF01782772.
Wihem Arsac, Luca Compagna, Giancarlo Pellegrino & Serena Elisa Ponta (2011):
Security Validation of Business Processes via Model-Checking.
In: Engineering Secure Software and Systems,
LNCS 6542.
Springer,
pp. 29–42,
doi:10.1007/978-3-642-19125-1_3.
Thomas Bauereiss & Dieter Hutter (2013):
Possibilistic information flow security of workflow management systems.
Technical Report.
Available at http://bauereiss.name/papers/WorkflowSecurity_TR.pdf.
Achim D. Brucker, Isabelle Hang, Gero Lückemeyer & Raj Ruparel (2012):
SecureBPMN: Modeling and Enforcing Access Control Requirements in Business Processes.
In: SACMAT 2012.
ACM,
pp. 123–126,
doi:10.1145/2295136.2295160.
David D. Clark & David R. Wilson (1987):
A Comparison of Commercial and Military Computer Security Policies.
IEEE Symposium on Security and Privacy,
pp. 184–194,
doi:10.1109/SP.1987.10001.
Michael R. Clarkson & Fred B. Schneider (2010):
Hyperproperties.
Journal of Computer Security 18(6),
pp. 1157–1210,
doi:10.3233/JCS-2009-0393.
Riccardo Focardi & Roberto Gorrieri (1995):
A Classification of Security Properties for Process Algebras.
Journal of Computer Security 3(1),
pp. 5–33,
doi:10.3233/JCS-1994/1995-3103.
Dieter Hutter (2006):
Possibilistic Information Flow Control in MAKS and Action Refinement.
In: ETRICS,
LNCS 3995.
Springer,
pp. 268–281,
doi:10.1007/11766155_19.
Dieter Hutter (2007):
Preserving Privacy in the Web by Using Information Flow Control.
In: Andreas U. Schmidt, Michael Kreutzer & Rafael Accorsi: Long-Term and Dynamical Aspects of Information Security: Emerging Trends in Information and Communication Security.
Nova Science.
Dieter Hutter, Heiko Mantel, Ina Schaefer & Axel Schairer (2007):
Security of multi-agent systems: A case study on comparison shopping.
Journal of Applied Logic 5(2),
pp. 303–332,
doi:10.1016/j.jal.2005.12.015.
Dieter Hutter & Axel Schairer (2004):
Possibilistic Information Flow Control in the Presence of Encrypted Communication.
In: ESORICS,
LNCS 3193.
Springer,
pp. 209–224,
doi:10.1007/978-3-540-30108-0_13.
Heiko Mantel (2000):
Possibilistic Definitions of Security - An Assembly Kit.
In: CSFW.
IEEE Computer Society,
pp. 185–199,
doi:10.1109/CSFW.2000.856936.
Heiko Mantel (2001):
Information Flow Control and Applications - Bridging a Gap.
In: FME,
LNCS 2021.
Springer,
pp. 153–172,
doi:10.1007/3-540-45251-6_9.
Heiko Mantel (2001):
Preserving Information Flow Properties under Refinement.
In: IEEE Symposium on Security and Privacy.
IEEE Computer Society,
pp. 78–91,
doi:10.1109/SECPRI.2001.924289.
Heiko Mantel (2002):
On the Composition of Secure Systems.
In: IEEE Symposium on Security and Privacy.
IEEE Computer Society,
pp. 88–101,
doi:10.1109/SECPRI.2002.1004364.
Heiko Mantel & Andrei Sabelfeld (2003):
A Unifying Approach to the Security of Distributed and Multi-Threaded Programs.
Journal of Computer Security 11(4),
pp. 615–676.
Available at http://iospress.metapress.com/content/r0pr0ma4kv8wa542/.
J. McLean (1996):
A general theory of composition for a class of ``possibilistic'' properties.
IEEE Transactions on Software Engineering 22(1),
pp. 53–67,
doi:10.1109/32.481534.
Peter Muth, Dirk Wodtke, Jeanine Weissenfels, Angelika Kotz Dittrich & Gerhard Weikum (1998):
From Centralized Workflow Specification to Distributed Workflow Execution.
Journal of Intelligent Information Systems 10(2),
pp. 159–184,
doi:10.1023/A:1008608810770.
Andrew C. Myers, Andrei Sabelfeld & Steve Zdancewic (2006):
Enforcing Robust Declassification and Qualified Robustness.
Journal of Computer Security 14(2),
pp. 157–196.
Available at http://iospress.metapress.com/content/EYT2D3ERKY3A2H25.
Tobias Nipkow, Lawrence C Paulson & Markus Wenzel (2002):
Isabelle/HOL: a proof assistant for higher-order logic.
LNCS 2283.
Springer,
doi:10.1007/3-540-45949-9.
Sylvia Osborn, Ravi Sandhu & Qamar Munawer (2000):
Configuring role-based access control to enforce mandatory and discretionary access control policies.
ACM Trans. Inf. Syst. Secur. 3(2),
pp. 85\begingroupłet [Pleaseinsert\PrerenderUnicode–intopreamble]106,
doi:10.1145/354876.354878.
Alfonso Rodríguez, Eduardo Fernández-Medina & Mario Piattini (2007):
A BPMN Extension for the Modeling of Security Requirements in Business Processes.
IEICE Transactions 90-D(4),
pp. 745–752,
doi:10.1093/ietisy/e90-d.4.745.
A. Sabelfeld & A.C. Myers (2003):
Language-based information-flow security.
IEEE Journal on Selected Areas in Communications 21(1),
pp. 5–19,
doi:10.1109/JSAC.2002.806121.
Andrei Sabelfeld & David Sands (2009):
Declassification: Dimensions and principles.
Journal of Computer Security 17(5),
pp. 517–548,
doi:10.3233/JCS-2009-0352.
Andreas Schaad, Volkmar Lotz & Karsten Sohr (2006):
A model-checking approach to analysing organisational controls in a loan origination process.
In: David F. Ferraiolo & Indrakshi Ray: SACMAT.
ACM,
pp. 139–149,
doi:10.1145/1133058.1133079.
Fred B. Schneider (2000):
Enforceable security policies.
ACM Trans. Inf. Syst. Secur. 3(1),
pp. 30\begingroupłet [Pleaseinsert\PrerenderUnicode–intopreamble]50,
doi:10.1145/353323.353382.
Hans Schuster, Stefan Jablonski, Thomas Kirsche & Christoph Bussler (1994):
A Client/Server Architecture for Distributed Workflow Management Systems.
In: PDIS.
IEEE Computer Society,
pp. 253–256,
doi:10.1109/PDIS.1994.331708.
Christian Wolter & Christoph Meinel (2010):
An approach to capture authorisation requirements in business processes.
Requir. Eng. 15(4),
pp. 359–373,
doi:10.1007/s00766-010-0103-y.
Peter Y. H. Wong & Jeremy Gibbons (2008):
A Process Semantics for BPMN.
In: ICFEM,
LNCS 5256.
Springer,
pp. 355–374,
doi:10.1007/978-3-540-88194-0_22.
Ping Yang, Shiyong Lu, Mikhail I. Gofman & Zijiang Yang (2010):
Information flow analysis of scientific workflows.
Journal of Computer and System Sciences 76(6),
pp. 390–402,
doi:10.1016/j.jcss.2009.11.002.
Aris Zakinthinos & E. Stewart Lee (1997):
A General Theory of Security Properties.
In: IEEE Symposium on Security and Privacy.
IEEE Computer Society,
pp. 94–102,
doi:10.1109/SECPRI.1997.601322.