Sectet: an extensible framework for the realization of secure inter‐organizational workflows

Häfner, Michael; Breu, Ruth; Agreiter, Berthold; Nowak, Andrea

doi:10.1108/10662240610710978

Cited by 46 publications

(22 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…''Misuse cases'' (Sindre and Opdahl 2005) and ''abuse cases'' (McDermott and Fox 1999) has utilized UML's use case diagrams, and van Lamsweerde (2004) used ''anti-goals''. Some approaches target supporting several phases-defining high level requirements and elaborating them to support their realization in software (e.g., Hafner et al 2006;Wolter and Schaad 2007;Rodriguez et al 2006).…”

Section: Evaluation With Respect To Existing Workmentioning

confidence: 99%

“…For example, Lankhorst (2005), Wolter and Schaad (2007), and Gaaloul et al (2012) focused on modeling access control. Some modeling methods have focused on business processes (e.g., Rodriguez et al 2006;Hafner et al 2006;Wolter et al 2008;Accorsi et al 2011) while others have focused on security risk management (e.g., Matulevičius et al 2012;den Braber et al 2007), and security goals (e.g., Giorgini et al 2005;van Lamsweerde 2004). The lack of methods that satisfy requirement R1 may be a result of the observation that researchers working in this field generally specialize in a specific perspective, mainly a technical or a business/social variant.…”

Section: Evaluation With Respect To Existing Workmentioning

confidence: 99%

See 1 more Smart Citation

Components of a multi-perspective modeling method for designing and managing IT security systems

Goldstein

Frank

2015

Inf Syst E-Bus Manage

View full text Add to dashboard Cite

Information technology (IT) security design and management are a major concern and substantial challenge for IT management. Today's highly complex business and technological environments and the need to effectively communicate and justify IT security requirements and controls demand methodical support. The modeling method presented in this paper addresses this demand. The method is based on the assumption that enriched enterprise models integrating technological, business, organizational and strategic aspects provide an effective foundation for developing and managing IT security systems and facilitating communication and understanding between stakeholders. The proposed modeling method for designing and managing IT security in organizations accounts for different perspectives and is based on multi-perspective enterprise modeling. The core components of the method, based on analysis of requirements at different levels of abstraction, are: modeling language concepts specifically designed to address security issues, process models that guide the use of the resulting language, and a modeling environment. The method facilitates elaborate representations of the various aspects of IT security at different levels of abstraction and covers the entire lifecycle of IT security systems. It not only supports multi-perspective requirement analysis and design but also enables monitoring and analysis of IT security at runtime. The presented artifact is evaluated with recourse to a research method that enables the configuration of multi-criteria justification procedures.

show abstract

Section: Evaluation With Respect To Existing Workmentioning

confidence: 99%

Section: Evaluation With Respect To Existing Workmentioning

confidence: 99%

Components of a multi-perspective modeling method for designing and managing IT security systems

Goldstein

Frank

2015

Inf Syst E-Bus Manage

View full text Add to dashboard Cite

show abstract

“…Shifting to more access-control-oriented proposals, we found the SECTET framework [4], perhaps the most remarkable one. SECTET makes use of a model-driven approach to focus on confidentiality, integrity, and nonrepudiation characteristics of SOAs, using WS as the implementation technology.…”

Section: Related Workmentioning

confidence: 99%

“…[2], [3], [4]). However, these approaches do not offer thorough support for access control descriptors, code generation, Web Services Descnption Language (WSDL) [5], and WS-Pohcy [6].…”

Section: Service-orientedmentioning

confidence: 99%

Model-Driven Development of a Web Service-Oriented Architecture and Security Policies

Gallino

Miguel

Briones

et al. 2010

2010 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing

View full text Add to dashboard Cite

Abstract-Applying model-driven development methodologies provide inherent benefits such as increased productivity, greater reuse, and better maintainability, to ñame a few. Efforts on achieving model-driven development of web services already exist. However, there is currently no complete solution that addresses non-functional aspects of these services as well. This paper presents an ongoing work which seeks to intégrate these non-functional aspects in the development of web services, with a clear emphasis on security.

show abstract

“…These specifications are then used to indicate security functionalities that are offered by a special Security Service, and integrate them in the AO4BPEL process. Sectet [13] is a framework for the implementation of security patterns from design to the implementation of an orchestration. Sectet enables the design of orchestrations as UML message flow diagrams, which are converted into workflows and used to generate stubs for actual orchestrations.…”

Section: Related Workmentioning

confidence: 99%

Designing Secure Service Workflows in BPEL

Pino

Mahbub

Spanoudakis

2014

Service-Oriented Computing

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract. This paper presents an approach that we have developed to support the design of secure service based applications in BPEL. The approach is based on the use of secure service composition patterns, which are proven to preserve composition level security properties if the services that are composed according to the pattern satisfy other properties individually. The secure service composition patterns are used for two purposes: (a) to analyse whether a given workflow fragment satisfies a given security property, and (b) to generate compositions of services that could substitute for individual services within the workflow that cause the violation of the security properties. Our approach has been implemented in a tool that is based on Eclipse BPEL Designer. Permanent

show abstract

Sectet: an extensible framework for the realization of secure inter‐organizational workflows

Cited by 46 publications

References 24 publications

Components of a multi-perspective modeling method for designing and managing IT security systems

Components of a multi-perspective modeling method for designing and managing IT security systems

Model-Driven Development of a Web Service-Oriented Architecture and Security Policies

Designing Secure Service Workflows in BPEL

Contact Info

Product

Resources

About