Responsibility-driven design and development of process-aware security policies

Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Volumn , Issue , 2011, Pages 334-341

  Leitner, Maria ^a   Rinderle Ma, Stefanie ^a   Mangler, Juergen ^b  

^a UNIVERSITY OF VIENNA   (Austria)

^b SBA Research   (Austria)

Author keywords

Process Aware Information Systems; Security policy design; Security policy development

Indexed keywords

ACCESS RULES; AUTHORIZATION CONSTRAINTS; AUTOMATED SUPPORT; BUSINESS PROCESS; DESIGN AND DEVELOPMENT; DESIGN METHODOLOGY; HUMAN ACTOR; ORGANIZATIONAL STRUCTURES; PROCESS MODEL; PROCESS MODELING; PROCESS-AWARE INFORMATION SYSTEMS; SECURITY POLICY; SENSITIVE DATAS;

ACCESS CONTROL; DESIGN; INFORMATION SYSTEMS; PUBLIC POLICY;

SECURITY SYSTEMS;

EID: 80455140371     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2011.56     Document Type: Conference Paper

References (17)

1. N. Russell, W. M. van der Aalst, A. H. ter Hofstede, and D. Edmond, "Workflow resource patterns: Identification, representation and tool support," in Proc. of CAISE. Springer, 2005, pp. 216-232. (Pubitemid 41336105)
2. G. Neumann and M. Strembeck, "An approach to engineer and enforce context constraints in an RBAC environment," in Proc. of ACM SACMAT. ACM, 2003, pp. 65-79.
3. P. C. K. Hung and K. Karlapalem, "A secure workflow model," in Proc. of AISC on ACSW frontiers 2003 - Volume 21. Australian Computer Society, Inc., 2003, pp. 33-41.
4. E. Bertino, E. Ferrari, and V. Atluri, "The specification and enforcement of authorization constraints in workflow management systems," ACM Trans. Inf. Syst. Secur., vol. 2, no. 1, pp. 65-104, 1999.
5. R. J. Anderson, "Security in clinical systems," Tech. Rep. 1.1, 1996.
6. S. Rinderle-Ma and M. Leitner, "On evolving organizational models without loosing control on authorization constraints in web service orchestrations," in CEC, 2010.
7. J. E. Cook and A. L. Wolf, "Event-based detection of concurrency," in Proc. of ACM SIGSOFT FSE. ACM, 1998, p. 35-45.
8. W. van der Aalst, H. Reijers, A. Weijters, B. van Dongen, A. A. de Medeiros, M. Song, and H. Verbeek, "Business process mining: An industrial application," Information Systems, vol. 32, no. 5, pp. 713-732, Jul. 2007. (Pubitemid 46560274)
9. E. J. Coyne, "Role engineering," in Proceedings of the first ACM Workshop on Role-based access control. ACM, 1996.
10. G. Neumann and M. Strembeck, "A scenario-driven role engineering process for functional RBAC roles," in Proc. Of ACM SACMAT. ACM, 2002, p. 33-42.
11. M. Kuhlmann, D. Shohat, and G. Schimpf, "Role mining- revealing business roles for security administration using data mining technology," in Proceedings of the eighth ACM SACMAT. ACM, 2003, p. 179-186.
12. M. Pesic and W. van der Aalst, "A declarative approach for flexible business processes management," in Business Process Management Workshops. Springer, 2006, vol. 4103, pp. 169-180. (Pubitemid 44543247)
13. R. Sandhu, D. Ferraiolo, and R. Kuhn, "The NIST model for role-based access control: towards a unified standard," in Proceedings of the fifth ACM workshop on Role-based access control, 2000, pp. 47-63.
14. J. Wainer, P. Barthelmess, and A. Kumar, "W-RBAC - a workflow security model incorporating controlled overriding of constraints," International Journal of Cooperative Information Systems, vol. 12, no. 4, pp. 455-485, 2003. (Pubitemid 38000660)
15. R. Sandhu, V. Bhamidipati, and Q. Munawer, "The ARBAC97 model for role-based administration of roles," ACM Trans. Inf. Syst. Secur., vol. 2, no. 1, pp. 105-135, 1999.
16. F. Casati, S. Castano, and M. Fugini, "Managing workflow authorization constraints through active database technology," Inf. Syst. Frontiers, vol. 3, no. 3, pp. 319-338, 2001.
17. C. Ribeiro and P. Guedes, "Verifying workflow processes against organization security policies," in Proc. of WETICE. IEEE Computer Society, 1999, pp. 190-191.