University of Geneva
Business processes are usually expected to meet high level authorization requirements (e.g., separation of duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work showed that model checking can be profitably used to check authorization requirements in business processes. However, building formal models that simultaneously account for both the workflow and the access control policy is a time consuming and error-prone activity.