Verifying Security Policies in Multi-agent Workflows with Loops

Bernd Finkbeiner; Christian M\"uller; Helmut Seidl; Eugen; Z\u{a}linescu

arXiv:1708.09013·cs.LO·August 31, 2017

Verifying Security Policies in Multi-agent Workflows with Loops

Bernd Finkbeiner, Christian M\"uller, Helmut Seidl, Eugen, Z\u{a}linescu

PDF

TL;DR

This paper presents a method for automatically verifying information flow security policies in complex web-based workflows with loops and multiple agents, using a logical reduction approach.

Contribution

It introduces a workflow language with loops and non-determinism, and reduces verification to first-order linear-time temporal logic satisfiability, providing decidability results.

Findings

01

Decidability results for specific workflow classes

02

Implementation demonstrates practical verification on benchmarks

03

Logical reduction enables automated security policy verification

Abstract

We consider the automatic verification of information flow security policies of web-based workflows, such as conference submission systems like EasyChair. Our workflow description language allows for loops, non-deterministic choice, and an unbounded number of participating agents. The information flow policies are specified in a temporal logic for hyperproperties. We show that the verification problem can be reduced to the satisfiability of a formula of first-order linear-time temporal logic, and provide decidability results for relevant classes of workflows and specifications. We report on experimental results obtained with an implementation of our approach on a series of benchmarks.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.