Model-driven business process security requirement specification

Journal of Systems Architecture

Volumn 55, Issue 4, 2009, Pages 211-223

  Wolter, Christian ^a   Menzel, Michael ^b   Schaad, Andreas ^a   Miseldine, Philip ^a   Meinel, Christoph ^b  

^a SAP RESEARCH   (Germany)

^b UNIVERSITY OF POTSDAM   (Germany)

Author keywords

Access control; Business process; Model transformation; Security annotations; Web service security

Indexed keywords

BUSINESS PROCESS; BUSINESS PROCESS MODELLING; MANUAL FASHIONS; MODEL TRANSFORMATION; MODEL-DRIVEN; POLICY CONSTRAINTS; PROCESS MODELS; SECURITY ANNOTATIONS; SECURITY GOALS; SECURITY IMPLEMENTATIONS; SECURITY POLICIES; SERVICE-ORIENTED ARCHITECTURES; TARGET LANGUAGES; WEB SERVICE SECURITY;

ACCESS CONTROL; INFORMATION SERVICES; SECURITY SYSTEMS; SYSTEMS ANALYSIS; WEB SERVICES;

PROCESS CONTROL;

EID: 63949084590     PISSN: 13837621     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.sysarc.2008.10.002     Document Type: Article

References (34)

1. Lambert J.H., Jennings R.K., and Joshi N.N. Integration of risk identification with business process models. Syst. Eng. 9 3 (2006) 187-198
2. Wolter C., and Schaad A. Modeling of task-based authorization constraints in BPMN. BPM. Lecture Notes in Computer Science vol. 4714 (2007), Springer 64-79
3. Alfonso Rodríguez, Eduardo Fernández-Medina, Mario Piattini, Towards a UML 2.0 extension for the modeling of security requirements in business processes, in: TrustBus, 2006, pp. 51-61.
4. Shazia Wasim Sadiq, Guido Governatori, Kioumars Namiri, Modeling control objectives for business process compliance, in: BPM, 2007, pp. 149-164.
5. Schaad A., Lotz V., and Sohr K. A model-checking approach to analysing organisational controls in a loan origination process. SACMAT'06. ACM Symposium on Access Control Models and Technologies (2006), ACM, New York, NY, USA 139-149
6. Alberts C., Dorofee A., Stevens J., and Woody C. Introduction to the octave approach. Networked Systems Survivability Program (2003), Carnegie Mellon Software Engineering Institute, Pittsburgh, PA, USA
7. Nagaratnam N., Nadalin A., Hondo M., McIntosh M., and Austel P. Business-driven application security: from modeling to managing secure applications. IBM Syst. J. 44 4 (2005)
8. Oh S., and Park S. Task-role-based access control model. Inform. Syst. 28 6 (2003) 533-562
9. Wang L., Wijesekera D., and Jajodia S. A logic-based framework for attribute based access control. FMSE'04. Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering (2004), ACM, New York, NY, USA 45-55
10. Chun Ouyang, Wil M.P van der Aalst, Dumas Marlon, ter Hofstede, Arthur H.M. Translating BPMN to BPEL, in BPM Center Report BPM-06-02, 2006.
11. Charles P. Pfleeger, Shari Lawrence Pfleeger, Security in Computing. Prentice Hall Professional Technical Reference, 2002.
12. Shen H.b., and Hong F. An attribute-based access control model for web services. PDCAT'06. Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (2006), IEEE Computer Society, Washington, DC, USA 74-79
13. Grit Denker, Lalana Kagal, Timothy W. Finin, Massimo Paolucci, Katia P. Sycara, Security for DAML web services: annotation and matchmaking, in: International Semantic Web Conference, 2003, pp. 335-350.
14. Sandhu R.S., and Coyne E.J. Role-based access control models. IEEE Comput. 29 (1996) 38-47
15. Roshan K. Thomas, Ravi S. Sandhu, Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented autorization management, in: DBSec, 1997, pp. 166-181.
16. Shen H.b., and Hong F. An attribute-based access control model for web services. PDCAT (2006), IEEE Computer Society pp. 74-79
17. Miller R.J., Ioannidis Y.E., and Ramakrishnan R. The use of information capacity in schema integration and translation. VLDB'93. Proceedings of the 19th International Conference on Very Large Data Bases (1993), Morgan Kaufmann Publishers Inc, San Francisco, CA, USA 120-133
18. Anne Anderson, Core and hierarchical role based access control (RBAC) profile of XACML v2.0. OASIS Standard, 2005.
19. Jothy Rosenberg, David Remy, Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption, year = 2004, isbn = 0672326515, publisher = Pearson Higher Education.
20. Mordechai Ben-Ari, Principles of the Spin Model Checker.
21. Perera S., Herath C., Ekanayake J., Chinthaka E., Ranabahu A., Jayasinghe D., Weerawarana S., and Daniels G. Axis2 middleware for next generation web services. ICWS (2006), IEEE Computer Society pp. 833-840
22. Saminda Abeyruwan et al., Apache rampart: Ws-security module for axis2, 2008.
23. Clarke E.M., Grumberg O., and Peled D.A. Model Checking (2000), The MIT Press January
24. Till Mossakowski, Michael Drouineaud, Karsten Sohr, A temporal-logic extension of role-based access control covering dynamic separation of duties, in: TIME, 2003, pp. 83-90.
25. Goldblatt R. Logics of Time Computation (1987), Center for the Study of Language and Information, Stanford, CA, USA
26. Tatsubori M., Imamura T., and Nakamura Y. Best-practice patterns and tool support for configuring secure web services messaging. ICWS (2004), IEEE Computer Society pp. 244-251
27. Torben Schreiter, Guido Laures, A business process-centered approach for modeling enterprise architectures, in: Proceedings of EMISA, 2006.
28. Wei kuang Huang, Vijayalakshmi Atluri, Secureflow: a secure web-enabled workflow management system, in: ACM Workshop on Role-Based Access Control, 1999, pp. 83-94.
29. Dong Huang, Semantic Policy-based security framework for business processes, in: Proceedings of the Semantic Web and Policy Workshop, 2005.
30. David Basin, Jürgen Doser, Torsten Lodderstedt, Model driven security for process-oriented systems, in: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, 2003, pp. 100-109.
31. Jan Jurjens, UMLsec: Extending UML for secure systems development, in: UML'02: Proceedings of the Fifth International Conference on The Unified Modeling Language, 2002, pp. 412-425.
32. Anya Kim, Jim Luo, Myong H. Kang, Security ontology for annotating resources, in: OTM Conferences, vol. 2, 2005, pp. 1483-1499.
33. Grit Denker, Lalana Kagal, Tim Finin, Massimo Paolucci, Katia Sycara, Security for daml web services: annotation and matchmaking, in: The SemanticWeb - ISWC 2003, 2870/2003, 2005, pp. 335-350.
34. Michael Beisiegel, Dave Booz, Ching-Yun Chao, et al., 7sca Policy Framework 1.00. Public Draft Specification, March 2007.