Security requirements specification in service-oriented business process management

Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

Volumn , Issue , 2009, Pages 41-48

  Menzel, Michael ^a   Thomas, Ivonne ^a   Meinel, Christoph ^a  

^a UNIVERSITY OF POTSDAM   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ABSTRACT LEVELS; BUSINESS PROCESS; BUSINESS PROCESS MANAGEMENT; BUSINESS PROCESS MODELLING; MODEL DRIVEN APPROACH; ORGANISATIONAL LEVEL; SECURITY ELEMENTS; SECURITY MECHANISM; SECURITY MODEL; SECURITY PATTERNS; SECURITY REQUIREMENTS; SECURITY RISKS; SERVICE ORIENTED; SERVICE-BASED SYSTEMS; SOFTWARE COMPONENT; TECHNICAL LEVELS; WORK-FLOWS;

ENTERPRISE RESOURCE MANAGEMENT; INFORMATION SERVICES; NETWORK PROTOCOLS; SERVICE ORIENTED ARCHITECTURE (SOA);

NETWORK SECURITY;

EID: 70349683196     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2009.90     Document Type: Conference Paper

References (39)

1. M. Weske, Business Process Management. Springer, 2007.
2. C. Wolter, M. Menzel, A. Schaad, P. Miseldine, and C. Meinel, "Modeldriven business process security requirement specification," Journal of Systems Architecture Special Issue on Secure Web Services, 2008.
3. C. Wolter, M. Menzel, and C. Meinel, "Modelling security goals in business processes," in Proc. GI Modellierung 2008, no. ISBN 978-3-88579-221-5. GI LNI, Berlin, Germany, 1008.
4. C. Wolter and A. Schaad, "Modeling of task-based authorization constraints in bpmn," in BPM, 2007, pp. 64-79.
5. A. Rodríguez, E. Fernández-Medina, and M. Piattini, "A bpmn extension for the modeling of security requirements in business processes," IEICE Transactions, vol. 90-D, no. 4, pp. 745-752, 2007.
6. C. P. Pfleeger and S. L. Pfleeger, Security in Computing. Prentice Hall Professional Technical Reference, 2002.
7. D. H. McKnight and N. L. Chervany, "The meanings of trust," Technical Report, University of Minnesota, 1996.
8. R. S. Sandhu and E. J. Coyne, "Role-based access control models," IEEE Computer, vol. 29, pp. 38-47, 1996.
9. R. K. Thomas and R. S. Sandhu, "Task-based authorization controls (tbac): A family of models for active and enterprise-oriented autorization management," in DBSec, 1997, pp. 166-181.
10. H. bo Shen and F. Hong, "An attribute-based access control model for web services," in pdcat. IEEE Computer Society, 2006, pp. 74-79.
11. D. Pugh, "Role activation conflict: A study of industrial inspection." American Sociological Review, vol. 31:835-42, 1966.
12. I. Thomas, M. Menzel, and C. Meinel, "Using quantified trust level to describe authentication requirements in federated identity management," in Proc SWS, 2008.
13. P. Lindstrom, "Attacking and defending web services, a spire research report," 2004. [Online]. Available: http://forumsystems.com/ papers/Attacking-and-Defending-WS.pdf
14. "Eege project. grid and web service security vulnerabilties and threads analysis and model," 2005. [Online]. Available: https://edms.cern.ch/documents/632020/
15. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns - Integrating Security and System Engineering. John Wiley & Sons, Ltd, 2006.
16. IBM, "Introduction to business security pattern," 2004.
17. C. Wolter, M. Menzel, and C. Meinel, "Modelling security goals in business processes," in Proc. GI Modellierung 2008, no. ISBN 978-3-88579-221-5. GI LNI, Berlin, Germany, 1008.
18. M. MacKenzie, K. Laskey, F. McCabe, P. Brown, and R. Metz, "Reference model for service oriented architecture 1.0," OASIS Committee Specification, February 2006.
19. J. Yoder and J. Barcalow, "Architectural patterns for enabling application security," in PLoP, 1997.
20. C. Alexander, S. Ishikawa, M. Silverstein, M. Jacobsen, I. Fiksdahl-King, and S. Angel, A Pattern Lanuage: Towns - Buildings - Construction. Oxford University Press, 1977.
21. M. Schumacher, Security Engineering with Patterns - Origins,Theoretical Model, and New Applications. Springer, Berlin, 2003, no. ISBN 3-540-40731-6.
22. F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, and M. Stal, Pattern-Oriented Software Architecture: A System of Pattern. John Wiley & Sons, Ltd, 1996.
23. W. Zimmer, "Relationships between design patterns," Pattern languages of program design, pp. 345-364, 1995.
24. N. Yoshioka, H. Washizaki, and K. Maruyama, "A survey on security patterns," Progress in Informatics, vol. 5, pp. 35-47, 2008.
25. S. Perera, C. Herath, J. Ekanayake, E. Chinthaka, A. Ranabahu, D. Jayasinghe, S. Weerawarana, and G. Daniels, "Axis2, middleware for next generation web services." in ICWS. IEEE Computer Society, 2006.
26. S. A. et. al., "Apache rampart : Ws-security module for axis2," 2008. [Online]. Available: http://ws.apache.org/axis2/modules/rampart/1-0/ security-module.html
27. S. Bajaj, D. Box, and et. al., "Web services policy 1.2 - framework (wspolicy)," Public Draft Specification, April 2005. [Online]. Available: "http://www.w3.org/Submission/WS-Policy/"
28. J. Rosenberg and D. Remy, Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption. Pearson Higher Education, 2004.
29. M. Tatsubori, T. Imamura, and Y. Nakamura, "Best-practice patterns and tool support for configuring secure web services messaging," in ICWS, 2004, pp. 244-251.
30. N. Nagaratnam, A. Nadalin, M. Hondo, M. McIntosh, and P. Austel, "Business-driven application security: From Modeling to Managing Secure Applications," IBM Systems Journal, Vol 44, No 4, 2005.
31. A. Rodríguez, E. Fernández-Medina, and M. Piattini, "Towards a uml 2.0 extension for the modeling of security requirements in business processes," in TrustBus, 2006, pp. 51-61.
32. A. Rodriguez, E. Fernandez-Medina, and M. Piattini, "Towards cim to pim transformation: From secure business processes defined in bpmn to use-cases," in BPM, 2007, pp. 408-415.
33. S. W. Sadiq, G. Governatori, and K. Namiri, "Modeling control objectives for business process compliance," in BPM, 2007, pp. 149-164.
34. W. kuang Huang and V. Atluri, "Secureflow: A secure web-enabled workflow management system," in ACM Workshop on Role-Based Access Control, 1999, pp. 83-94.
35. R. Crook, D. C. Ince, and B. Nuseibeh, "Modelling access policies using roles in requirements engineering," Information & Software Technology, vol. 45, no. 14, pp. 979-991, 2003.
36. D. Basin, J. Doser, and T. Lodderstedt, "Model Driven Security for Process-Oriented Systems," in SACMAT '03: Proceedings of the 8th ACM symposium on Access control models and technologies, 2003.
37. J. Juerjens, "UMLsec: Extending UML for Secure Systems Development," in UML '02: Proceedings of the 5th International Conference on The Unified Modeling Language, 2002, pp. 412-425.
38. J. H. Lambert, R. K. Jennings, and N. N. Joshi, "Integration of risk identification with business process models," Syst. Eng., vol. 9, no. 3, pp. 187-198, 2006.
39. M. Menzel, C. Wolter, and C. Meinel, "Towards the aggregation of security requirements in cross-organisational service compositions," in Proc. 11th BIS, no. ISBN: 978-3-540-79396-3. Springer LNCS, Innsbruck, Austria, May 2008.