SecureBPMN
/
SecureBPMN
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Activity
This repository has been archived on 2018-08-08. You can view files and clone it, but cannot push or open issues or pull requests.
SecureBPMN/examples/TravelApproval/generated/TravelApproval.aslan

75 lines
3.4 KiB
Plaintext
Raw Blame History

section signature:
user_to_role : user * role -> fact
poto : userORrole * taskName -> fact
task_to_data : taskName * set * set -> fact
aknows : entity * data -> fact
mc_pair : data * data -> data
contains : set * data -> fact
task : taskName * nat -> taskInstance
canExecute : user * role * humanTaskName -> fact
granted : user * role * taskInstance -> fact
executed : user * taskInstance -> fact
ready : taskInstance -> fact
done : taskInstance -> fact
entity > organization
entity > user
data > object
data > set
userORrole > user
userORrole > role
taskName > automatedTaskName
taskName > humanTaskName
section types:
start_event_startevent1,parallelgateway1_to_usertask2,parallelgateway1_to_usertask3,parallelgateway2_to_servicetask1: fact
HT,usertask1,usertask2,usertask3: humanTaskName
IN,OUT,in_usertask1,out_usertask1,in_usertask2,out_usertask2,in_usertask3,out_usertask3,in_servicetask1,out_servicetask1: set
manager,supervisor,clerk,R: role
N,N0,N1,N2,N3,N4,N5,N6,N7,N8,N9,N10,N11,N12: nat
AT,servicetask1: automatedTaskName
user1_manager,user2_manager,user1_supervisor,user2_supervisor,user1_clerk,user2_clerk,A,U0: user
section inits:
initial_state init_1 :=
user_to_role(user1_manager,manager).
user_to_role(user2_manager,manager).
user_to_role(user1_supervisor,supervisor).
user_to_role(user2_supervisor,supervisor).
user_to_role(user1_clerk,clerk).
user_to_role(user2_clerk,clerk).
start_event_startevent1.
task_to_data(usertask1,in_usertask1,out_usertask1).
task_to_data(usertask2,in_usertask2,out_usertask2).
task_to_data(usertask3,in_usertask3,out_usertask3).
task_to_data(servicetask1,in_servicetask1,out_servicetask1)
section hornClauses:
hc rbac_ac (A,R,HT) := canExecute(A,R,HT) :- user_to_role(A,R), poto(R,HT)
hc direct_ac (A,R,HT) := canExecute(A,R,HT) :- user_to_role(A,R), poto(A,HT)
hc poto_usertask1:= poto(clerk,usertask1)
hc poto_usertask2:= poto(manager,usertask2)
hc poto_usertask3:= poto(manager,usertask3)
section rules:
step authorizeTaskExecution(A,R,HT,N) := canExecute(A,R,HT). ready(task(HT,N)) => granted(A,R,task(HT,N))
step h_taskExecution(A,R,HT,N,IN,OUT) := granted(A,R,task(HT,N)). task_to_data(HT,IN,OUT) => executed(A,task(HT,N)). done(task(HT,N)). task_to_data(HT,IN,OUT). aknows(A,IN). aknows(A,OUT)
step atask_execution(AT,N,IN,OUT) := ready(task(AT,N)). task_to_data(AT,IN,OUT) => done(task(AT,N)). task_to_data(AT,IN,OUT)
step w_usertask1(N0) := start_event_startevent1=[exists N0] => ready(task(usertask1,N0))
step w_parallelgateway1(N1) := done(task(usertask1,N1)) => parallelgateway1_to_usertask2. parallelgateway1_to_usertask3
step w_usertask2(N2) := parallelgateway1_to_usertask2=[exists N2] => ready(task(usertask2,N2))
step w_usertask3(N3) := parallelgateway1_to_usertask3=[exists N3] => ready(task(usertask3,N3))
step w_parallelgateway2(N4,N5) := done(task(usertask2,N4)). done(task(usertask3,N5)) => parallelgateway2_to_servicetask1
step w_servicetask1(N6) := parallelgateway2_to_servicetask1=[exists N6] => ready(task(servicetask1,N6))
section goals:
attack_state sod_securitySod1_1(U0,N7,N8):= executed(U0,task(usertask2,N7)). executed(U0,task(usertask3,N8))
attack_state sod_securitySod2_1(U0,N9,N10):= executed(U0,task(usertask1,N9)). executed(U0,task(usertask3,N10))
attack_state sod_securitySod3_1(U0,N11,N12):= executed(U0,task(usertask1,N11)). executed(U0,task(usertask2,N12))
Reference in New Issue View Git Blame Copy Permalink