Modelling security requirements on data and processes

In workflows and business processes, there are often security requirements on
both the data, i.e. confidentiality and integrity, and the process, e.g.
separation of duty.  We aim towards a framework for the integrated
formalization of both kinds of security requirements and their interrelations
in a property-centric way, i.e. on an abstract level without depending on
details of enforcement mechanisms such as Role-Based Access Control (RBAC).
We present first steps towards an approach that is based on translating
process requirements to requirements on data and verifying them together,
building upon well-known techniques for information flow control.