End-to-end security policy description and management for collaborative system

Su, Ziyi; Biennier, Frédérique

doi:10.1109/isias.2010.5604183

Cited by 4 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such federated business paradigm brings new concerns about how to configure security among decentralized partners and how to protect resource in life-long scale. Fitting the open and collaborative Internet-based system paradigm, more adaptive attribute-based security policies (OASIS, 2005) (Su and Biennier, 2010) have been brought forward to express enriched security factors as well as consumption 'actions' upon resource. When applied to service composition scenarios, full lifecycle security for exchanged assets can be achieved with analysis of business process and adaption of security policies.…”

Section: Background and Related Workmentioning

confidence: 99%

Service Call Graph (SCG) - Information Flow Analysis in Web Service Composition

Su¹,

Biennier

2013

Proceedings of the 15th International Conference on Enterprise Information Systems

View full text Add to dashboard Cite

This paper presents a method for analyzing Web Service-based dynamic business process, using a business process slicing method to capture the asset (service or information) derivation pattern, allowing to maintain providers' policies during the full lifecycle of assets in a collaborative context. Firstly, we propose a Service Call Graph (SCG) model, extending the System Dependency Graph, to describe dependencies among partners in a business process. Analysis can be done based on SCG to group partners into sub-contexts. Secondly, for analyzing SCG, we propose two slicing strategies, namely 'asset-based' and 'request-based' slicing, to deal with the scenarios of both pre-processing business process scripts and on-the-fly analyzing service compositions. Security analysis can be achieved focusing on each sub-context, by examining downstream consumers' security profiles with upstream asset providers' policies.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Service Call Graph (SCG) - Information Flow Analysis in Web Service Composition

Su¹,

Biennier

2013

Proceedings of the 15th International Conference on Enterprise Information Systems

View full text Add to dashboard Cite

show abstract

“…Our previous work (see [5] for more detail information) centers on a policy model that defines the access Rights upon the resource thanks to the refined attributes related to requester, resource and infrastructure, as well as obligations fulfilling on the granted rights. Policy is constructed through the logical combination of Assertion, which is a tuple:…”

Section: Security Policies For Collaborative Contextsmentioning

confidence: 99%

“…Security governance in collaborative enterprise needs not only a static trust assessment, but also a policy to express both participants' security requirements and regulations of the partner behavior, detailing "due usage" (namely information consumption actions) control to set a continuous protection of resources even beyond organization boundary and to coordinate requirements to set a consistent protection policy in a (dynamic) business federation. In former work [4], we brought to light one solution on continuously regulating (define, grant and deny) 'usage' policy upon corporate assets, giving these rights to a partner according to its 'Quality-of-protection'. This involves the expression of security factors ranging from the IT infrastructure to partner behaviour with a Collaboration Security Policy.…”

Section: Introductionmentioning

confidence: 99%

Toward Comprehensive Security Policy Governance in Collaborative Enterprise

Biennier

2012

Advances in Production Management Systems. Value Networks: Innovation, Technologies, and Management

Self Cite

View full text Add to dashboard Cite

Part 2: Supply Chain ManagementInternational audienceThe development of collaborative service ecosystem relies mostly on software services spanning multiple organisations so to provide agile support for business applications, extending the IT Cloud paradigm to the business level. Nevertheless, a lack of trust on such cloud organisation and the rather poor adaptability level of the current security policies are often seen as braking forces to such XaaS economy development. Removing this impediment involves re-thinking the security policy according to “due usage” requirements and setting security enforcement and regulations according to both the due usage and the runtime environment. To reach this goal, we propose a multidimensional resource protection framework depending on a policy model to manage “due usage” control in service/information aggregation, which provides compendious but comprehensive security governance for collaborative enterprise

show abstract

“…In former works we have proposed a collaborative usage control model that deduces the co-effect of policies [25] and an implementation architecture supporting 'usage control' enforcement [27]. It's our intention in this paper to complete our end-to-end security management framework, by developing a method for analyzing complex collaborative context and applying collaborative usage policy to manage asset sharing activities.…”

Section: Introductionmentioning

confidence: 99%

Originator usage control with business process slicing

Su¹,

Biennier²

2012

Preprint

Self Cite

View full text Add to dashboard Cite

Originator Control allows information providers to define the information re-dissemination condition. Combined with usage control policy, fine-grained 'downstream usage control' can be achieved, which specifies what attributes the downstream consumers should have and how data is used. This paper discusses originator usage control, paying particular attention to enterprise-level dynamic business federations. Rather than 'pre-defining' the information re-dissemination paths, our business process slicing method 'capture' the asset derivation pattern, allowing to maintain originators' policies during the full lifecycle of assets in a collaborative context. First, we propose Service Call Graph (SCG), based on extending the System Dependency Graph, to describe dependencies among partners. When SCG (and corresponding 'service call tuple' list) is built for a business process, it is analyzed to group partners into sub-contexts, according to their dependency relations. Originator usage control can be achieved focusing on each sub-context, by examining downstream consumers' security profiles with upstream asset providers' policies. Second, for analyzing SCG, we propose two 'slicing' strategies, namely 'asset-based' and 'request-based' slicing, to deal with the scenarios of both 'pre-processing' a business process scripts and 'on-the-fly' analyzing service compositions. Last, our implementation work involves a 'context manager' service for processing business processes defined in WS-BPEL. It can be composed with our former proposed policy negotiation and aggregation services to provide policy-based end-to-end security management. We also make experiments based on processing the sample processes that come with 'WS-BPEL2.0' specification.

show abstract

End-to-end security policy description and management for collaborative system

Cited by 4 publications

References 20 publications

Service Call Graph (SCG) - Information Flow Analysis in Web Service Composition

Service Call Graph (SCG) - Information Flow Analysis in Web Service Composition

Toward Comprehensive Security Policy Governance in Collaborative Enterprise

Originator usage control with business process slicing

Contact Info

Product

Resources

About