Model-driven business process security requirement specification

Wolter, Christian; Menzel, Michael; Schaad, Andreas; Miseldine, Philip; Meinel, Christoph

doi:10.1016/j.sysarc.2008.10.002

Cited by 102 publications

(93 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wolter et al [26] present an approach for generating XACML policies for RBAC models in the context of process models as well as generating configurations for Apache Rampart (http://axis.apache.org/axis2/java/rampart/). Moreover, model-based security approaches for UML, e. g., [8,13,16], support, usually, the generation of security configurations as well.…”

Section: Related Workmentioning

confidence: 99%

Secure and Compliant Implementation of Business Process-Driven Systems

Brucker

Hang

2013

Business Process Management Workshops

View full text Add to dashboard Cite

Abstract. Today's businesses are inherently process-driven. Consequently, the use of business-process driven systems, usually implemented on top of service-oriented or cloud-based infrastructures, is increasing. At the same time, the demand on the security, privacy, and compliance of such systems is increasing as well. As a result, the costs-with respect to computational effort at runtime as well as financial costs-for operating business-process driven systems increase steadily. In this paper, we present a method for statically checking the security and conformance of the system implementation, e. g., on the source code level, to requirements specified on the business process level. As the compliance is statically guaranteed-already at design-time-this method reduces the number of run-time checks for ensuring the security and compliance and, thus, improves the runtime performances. Moreover, it reduces the costs of system audits, as there is no need for analyzing the generated log files for validating the compliance to the properties that are already statically guaranteed.

show abstract

Section: Related Workmentioning

confidence: 99%

Secure and Compliant Implementation of Business Process-Driven Systems

Brucker

Hang

2013

Business Process Management Workshops

View full text Add to dashboard Cite

show abstract

“…However, this dynamic task authorisation policy fails to address and tackle the workflow subject's privacy concerns because they discuss only the authorisation requirements and did not investigate the workflow subject's privacy concerns. Wolter et al [28] argue that current process modelling standards are incapable of capturing security goals such as confidentiality, integrity, or dynamic authorisation. Therefore, they proposed a security policy model that contains a set of security constraint models.…”

Section: Related Workmentioning

confidence: 99%

Privacy-Aware Workflow Management

Alhaqbani

Adams

Fidge

et al. 2013

Studies in Computational Intelligence

View full text Add to dashboard Cite

Abstract. Information security policies play an important role in achieving information security. Confidentiality, Integrity, and Availability are classic information security goals attained by enforcing appropriate security policies. Workflow Management Systems (WfMSs) also benefit from inclusion of these policies to maintain the security of business-critical data. However, in typical WfMSs these policies are designed to enforce the organisation's security requirements but do not consider other external security requirements. Privacy is an important security requirement that concerns the subject of data held by an organisation. WfMSs often process sensitive data related to subjects who demand that their data is properly protected, but WfMSs fail to enforce the subjects' privacy desire due to their inability to capture and enforce privacy policies. In this paper, we illustrate existing WfMS privacy weaknesses and introduce the WfMS extensions required to enforce data privacy. We implemented the extensions in the YAWL WfMS environment and present a case study to demonstrate how our extended WfMS enforces a subject's privacy policy.

show abstract

“…Christian Wolter discuses about. [3] ShaziaWasimSadiq discuses about process design is primarily driven by process improvement objectives. Major technical and organizational challenges is identified.…”

Section: Introductionmentioning

confidence: 99%

Performance Evaluation of Add-On Security Services Incorporated on Business Services

Thirumaran¹,

Dhavachelvan²,

Aishwarya³

et al. 2013

IJCA

View full text Add to dashboard Cite

As more and more services come under the purview of internet, online businesses have also made a flourishing start, so much so that a bulk of the business transactions have become web-based. Web services have found their way into sectors like banking, finance, construction, airlines, marketing, and telecommunication and so on. We propose to design an add-on security model which provides interoperable security for the business services. It will be flexible enough to adapt itself to the security requirements of a specific business. This add-on security service models will increase the security levels of the business services. The model designed is evaluated after integrating the add-on security services with the business services.The fundamental approach we follow, for creating our project is Model Driven Security Service Enforcement, SLA based Security Service Negotiation, Automatic Security Service Integration, Performance Evaluation, and Impact Analysis. This is a definite way to achieve better performance, consistency and cost effectiveness in business services by making it invulnerable to hacker attacks.

show abstract

Model-driven business process security requirement specification

Cited by 102 publications

References 11 publications

Secure and Compliant Implementation of Business Process-Driven Systems

Secure and Compliant Implementation of Business Process-Driven Systems

Privacy-Aware Workflow Management

Performance Evaluation of Add-On Security Services Incorporated on Business Services

Contact Info

Product

Resources

About