SPCC: a security policy compliance checker plug-in for YAWL

YAWL provides a complete workflow system. It uses its own formal language to define the process model, which can then be translated by the YAWL engine into a working workflow system. The current structure of YAWL allows the process modeller to assign users/roles to perform tasks, but these assignments may not be in compliance with the organisation's authorisation policy. Violating the authorisation policy might lead to significant security risks. This paper introduces SPCC: an authorisation policy compliance checker for YAWL. SPCC is designed to help the process modeller to make sure the role-task assignments are in compliance with the organisation's authorisation policy. The paper describes the implementation of SPCC as a plug-in for YAWL.