A Usage Control Model Extension for the Verification of Security Policies in Artifact-Centric Business Process Models

Artifact-centric initiatives have been used in business processes whose data management is complex, being the simple activity-centric workflow description inadequate. Several artifact-centric initiatives pursue the verification of the structural and data perspectives of the models, but unfortunately uncovering security aspects. Security has become a crucial priority from the business and customer perspectives, and a complete verification procedure should also fulfill it. We propose an extension of artifact-centric process models based on the Usage Control Model which introduces mechanisms to specify security policies. An automatic transformation is provided to enable the verification of enriched artifact-centric models using existing verification correctness algorithms.