A rule-based framework using role patterns for business process compliance

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5321 LNCS, Issue , 2008, Pages 58-72

  Kumar, Akhil ^a   Liu, Rong ^b  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

^b IBM RESEARCH   (United States)

Author keywords

Compliant business process; Constraints; Control policies; Declarative approach; Generic role patterns; Internal control; Rules; Sarbanes oxley; Separation of duty; Task categories

Indexed keywords

ACCESS CONTROL; COMPUTER PROGRAMMING LANGUAGES; FINANCE;

BUSINESS PROCESS; CONSTRAINTS; CONTROL POLICY; DECLARATIVE APPROACH; GENERIC ROLE PATTERNS; INTERNAL CONTROLS; RULES; SARBANES-OXLEY; SEPARATION OF DUTY; TASK CATEGORIES;

PROCESS CONTROL;

EID: 57349133023     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-88808-6_9     Document Type: Conference Paper

References (31)

1. van der Aalst, W.M.P., et al.: Workflow patterns. Distributed and Parallel Databases 14(3), 5-51 (2003)
2. van der Aalst, W.M.P., Beer, H., van Dongen, B.: Process mining and verification of properties: An approach based on temporal logic. In: Meersman, R., Tari, Z. (eds.) OTM 2005. LNCS. vol. 3760, pp. 130-147. Springer, Heidelberg (2005)
3. Ahn, G.-J., et al.: Injecting RBAC to secure a web-based workflow system. In: Fifth ACM Workshop on Role-Based Access Control, Berlin, Germany (July 2000)
4. Antoniou, G., et al.: Representation results for defeasible logic. ACM Trans. Comput. Log. 2(2), 255-287 (2001)
5. Antoniou, G., Dimaresis, N., Governatori, G.: A System for Modal and Deontic Defeasible Reasoning. In: Australian Conference on Artificial Intelligence 2007. pp. 609-613 (2007)
6. Berg, D.: Turning Sarbanes-Oxley Projects into Strategic Business Processes. Sarbanes-Oxley Compliance Journal (November 2004)
7. Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65-104 (1999)
8. Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3) (2001)
9. Clocksin, W.F., Mellish, C.S.: Programming in Prolog. Springer, New York (1987)
10. Committee of Sponsoring Organizations. Internal Control - Integrated Framework. http://www.coso.org/publications/executive-summary-integrated- framework.htm
11. Ferguson, D., Stockton, M.: Enterprise Business Process Management - Architecture, Technology and Standards. In: Business Process Management. Vienna. Austria, pp. 1-15 (2006)
12. Gamma, Erich, et al.: Design Patterns: Elements of Reusable Object-Oriented Software, hardcover. Addison-Wesley, Reading (1994)
13. Goedertier, S., Mues, C., Vanthienen, J.: Specifying Process-Aware Access Control Rules in SBVR. In: Paschke, A., Biletskiy, Y. (eds.) RuleML 2007. LNCS, vol. 4824, pp. 39-52. Springer, Heidelberg (2007)
14. Goedertier, S., Vanthienen, J.: Declarative Process Modeling with Business Vocabulary and Business Rules. In: Proceedings of Object-Role Modeling (ORM 2007) (2007)
15. Governatori, G., Milosevic, Z.: A Formal Analysis of a Business Contract Language. Int. J. Cooperative Inf. Syst. 15(4), 659-685 (2006)
16. Green, S.: Manager's Guide to the Sarbanes-Oxley Act: Improving Internal Controls to Prevent Fraud. Wiley, Chichester (2004)
17. Haworth, D., Pietron, L.: Sarbanes-Oxley: Achieving Compliance by Starting with ISO 17799. Information Systems Management (Winter 2006)
18. Holzmann, G.: The Spin Model Checker. Addison-Wesley, Reading (2003)
19. Huang, W.-K., Atluri, V.: Secureflow: a secure web-enabled workflow management system. In: Proceedings of the Fourth ACM Workshop on Role-Based Access Control, pp. 83-94 (1999)
20. IBM Websphere Business Modeler (WBM), Version 6, http://www-306.ibm.com/ software/integration/wbimodeler/
21. Information Framework (IFW), IBM Industry Models for Financial Services. http://www03.ibm.com/industries/financialservices/doc/content/bin/ fss-ifw-gim-2006.pdf
22. Kuhn, D.R.: Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems. In: Proceedings 2nd ACM Workshop on Role-Based Access Control, Fairfax, VA, pp. 23-30 (October 1997)
23. Linington, P., et al.: A unified behavioural model and a contract language for extended enterprise. Data Knowl. Eng. 51(1), 5-29 (2004)
24. Liu, D., et al.: Role-based authorizations for workflow systems in support of task-based separation of duty. J. Syst. Softw. 73(3), 375-387 (2004)
25. Nagaratnam, N., et al.: Business-driven application security: From modeling to managing secure applications. IBM Systems Journal 44(4) (2005)
26. Nute, D.: Defeasible logic. In: Handbook of logic in artificial intelligence and logic programming: Nonmonotonic reasoning and uncertain reasoning, vol. 3, Oxford University Press, Inc.,. New York (1994)
27. Object Management Group (OMG). Object Constraint Language (OCL). http://www.omg.org/technology/documents/modeling-spec-catalog.htm
28. Sadiq, S., Governatori, G., Namiri, K.: Modeling Control Objectives for Business Process Compliance. In: BPM 2007. pp. 149-164 (2007)
29. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38-47 (1996)
30. Simon, R., Zurko, M.E.: Separation of Duty in Role-Based Environments. In: Proceedings of the 10th Computer Security Foundation Workshop. Rockport, MA, June 10-12, 1997. pp. 183-194 (1997)
31. Wainer, J., Kumar, A., Barthelmess, P.: DW-RBAC: A Formal Security Model of Delegation and Revocation in Workflow Systems. Information Systems 32(3), 365-384 (2007)