The integration of corporate security strategies in collaborative business processes

IEEE Transactions on Services Computing

Volumn 4, Issue 3, 2011, Pages 243-254

  Badr, Youakim ^a   Biennier, Frédérique ^a   Tata, Samir ^b  

^a UNIVERSITÉ DE LYON   (France)

^b INSTITUT TELECOM   (France)

Author keywords

Computer security; data processing; distributed information system

Indexed keywords

BUSINESS ORGANIZATIONS; BUSINESS PROCESS; BUSINESS SERVICE; COLLABORATIVE BUSINESS PROCESS; COLLABORATIVE PROCESS; DISTRIBUTED ENVIRONMENTS; DISTRIBUTED INFORMATION SYSTEMS; END-TO-END SECURITY; ENTERPRISE SERVICE BUS; NEW SERVICES; QUALITY OF PROTECTIONS; SECURITY APPROACH; SECURITY OBJECTIVES; SECURITY REQUIREMENTS; SECURITY STRATEGIES; SERVICE DESCRIPTION; SERVICE ENVIRONMENT; SERVICE ORIENTED; STRUCTURAL ORGANIZATION; TECHNICAL SECURITY; VIRTUAL ENTERPRISE;

DATA PROCESSING; INFORMATION SERVICES; INFORMATION SYSTEMS; INTEROPERABILITY; QUALITY OF SERVICE; SERVICE ORIENTED ARCHITECTURE (SOA); SUPPLY CHAINS; VIRTUAL CORPORATION;

SECURITY OF DATA;

EID: 81455143669     PISSN: 19391374     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSC.2010.18     Document Type: Article

References (40)

1. M. Alam, R. Breu, and M. Hafner, "Modelling Permissions in a (U/X)ML World," Proc. Int'l Conf. Availability, Reliability, and Security (ARES '06), pp. 685-692, 2006.
2. C. Alberts and A. Dorofee, "An Introduction to the OCTAVESM Method," white paper, CERT, http://www.cert.org/octave/methodintro.html, 2001.
3. L. Ali and F. Biennier, "Integration of Security Requirements in Virtual Enterprises," Proc. Symp. and Exhibition on Advanced Packaging Materials (APMS '05), 2005.
4. A. Andrieux, K. Czajkowski, A. Dan, K. Keahey, H. Ludwig, J. Pruyne, J. Rofrano, S. Tuecke, and M. Xu, "Web Services Agreement Specification (WS-Agreement)," http://www.ogf. org/documents/GFD.107.pdf, 2007.
5. A. Dan, H. Ludwig, and J. Rofrano, "WS-Agreement Structure, Version 0.1," http://www.mcs.anl.gov/~keahey/Meetings/GRAAP/WS-Agreement Structure.pdf, 2004.
6. F. Biennier, X. Boucher, A. Hammami, and L. Vincent, "Towards a Modeling Framework for Networks of SMEs," Proc. IFIP TC5/WG5.5 Third Working Conf. Infrastructures for Virtual Enterprises: Collaborative Business Ecosystems and Virtual Enterprises (PRO-VE '02), pp. 11-18, 2002.
7. CLUSIF, Mehari, https://www.clusif.asso.fr/fr/production/ouvrages/pdf/ MEHARI.pdf, 2000.
8. Common Criteria Organization, "Common Criteria an Introduction," http://www.commoncriteria.org/introductory-over views/CCIntroduction.pdf, p. 20, 2000.
9. Direction Centrale de la Sécurité des Systèmes d'Information (DCSSI), "Expression des Besoins et Identification des Objectifs de Sécurité (EBIOS)," rapport technique, http://www.ssi.gouv.fr/fr/confiance/ebios.html, 2004.
10. US Department of Defense, Trusted Computer Security Evaluation Criteria-Orange Book, DOD 5200.28-STD report, 1985.
11. US Department of Defense, NRL Security Ontology, http://chacs.nrl.navy. mil/projects/4SEA/ontology.html, 2005.
12. M. Dumas, W. Van Der Aalst, and A. ter Hofstede, Process Aware Information Systems: Bridging People and Software through Process Technology. Wiley-Interscience, Sept. 2005.
13. Information Technology Security Evaluation Criteria (ITSEC), "Criteria and Methods of Evaluations of Information Systems," http://www.cordis.lu/infosec/src/crit.htm, 1991.
14. D. Ferraiolo, J. Cugini, and R. Kuhn, "Role Based Access Control: Features and Motivations," Proc. Ann. Computer Security Application Conf., pp. 554-563, 1995.
15. T. Gross, "Security Analysis of the SAML Single Sign-On, Browser/Artifact Profile," Proc. Ann. Computer Security Applications Conf. (ACSAC '03), pp. 298-307, 2003.
16. ISO/IEC 17799, Standard-Information Technology, Code of Practice for Information Security Management, ISO, 2000.
17. J.-Y. Jung, H. Kim, and S.-H. Kang, "Standards-Based Approaches to B2B Workflow Integration," Computers and Industrial Eng., vol. 51, no. 2, pp. 321-334, Oct. 2006. (Pubitemid 44573589)
18. D. Li, S. Hu, and S. Bai, "A Uniform Model for Authorization and Access Control in Enterprise Information Platform," Proc. Int'l Conf. Eng. and Deployment of Cooperative Information Systems (EDCIS '02), pp. 180-192, 2002.
19. A. Lin, R. Brown, "The Application of Security Policy to Role-Based Access Control and the Common Data Security Architecture," Computer Comm., vol. 23, pp. 1584-1593, 2000. (Pubitemid 32033558)
20. A.P. Moore and R.J. Ellison, "Architectural Refinement for the Design of Survivable Systems," Technical Note SOFT01 (CMU/SEI-2001-TN-008), Software Eng. Inst., Carnegie Mellon Univ., http://www.sei.cmu.edu/ publications/documents/01.reports/01tn008.html, Oct. 2001.
21. Organization for the Advancement of Structured Information Standards (OASIS), "Security Assertion Markup Language (SAML)," http://xml.coverpages.org/saml.html, 2002.
22. Organization for the Advancement of Structured Information Standards (OASIS), "Extensible Access Control Markup Language (XACML) TC," http://www.oasisopen.org/committees/tc-home.php?wg-abbrev=xacml, 2008.
23. Organization for the Advancement of Structured Information Standards (OASIS), "Service Oriented Architecture Reference Model TC, Reference Architecture for Service Oriented Architecture," Version 1.0, http://docs.oasis-open.org/soa-rm/soa-ra/v1.0/soara-pr-01.pdf, 2008.
24. Open Grid Forum, "Web Services Agreement Specification (WSAgreement)," http://www.ogf.org/documents/GFD.107.pdf, 2007.
25. L. Razmerita, "Services Contextualisés pour Utilisateurs et la Modé lisation des Utilisateurs à Base d'Ontologie: Dé fis et Perspectives," Proc. EGC Workshop, 2005.
26. M. Weske, "Business Process Management: Concepts, Languages," Architectures, Springer, 2007.
27. Z. Zhou and S. Bhiri, "Space Based Process Mediator," Technical Report DERI-TR-2008-06-26, Digital Enterprise Research Inst., Galway Nat'l Univ., 2008.
28. P. Herrmann and G. Herrmann, "Security Requirement Analysis of Business Processes," Electronic Commerce Research, vol. 6, nos. 3/4, pp. 305-335, Oct. 2006. (Pubitemid 44488792)
29. C. Wolter, M. Menzel, A. Schaad, P. Miseldine, and C. Meinel, "Model-Driven Business Process Security Requirement Specification," J. Systems Architecture, vol. 55, no. 4, pp. 211-223, Apr. 2009.
30. D. Huang, "Semantic Policy-Based Security Framework for Business Processes," Proc. Semantic Web and Policy Workshop (ICSW '05), Nov. 2005.
31. D. Basin, J. Doser, and T. Lodderstedt, "Model Driven Security for Process-Oriented Systems," Proc. the Eighth ACM Symp. Access Control Models and Technologies, pp. 100-109, 2003.
32. J. Jurjens, "UMLsec: Extending UML for Secure Systems Development," Proc. Fifth Int'l Conf. Unified Modeling Language (UML '02), pp. 412-425, 2002.
33. A. Rodŕguez, E. Fernández-Medina, and M. Piattini, "Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes," Proc. TrustBus, pp. 51-61, 2006. (Pubitemid 44577491)
34. H. Lockhart et al., "Web Services Federation Language (WSFederation)," http://download.boulder.ibm.com/ibmdl/pub/software/dw/ specs/ws-fed/WS-Federation-V1-1B.pdf?S-TACT= 105AGX04&S-CMP= LP, Dec. 2006.
35. S. Rieger, "User-Centric Identity Management in Heterogeneous Federations," Proc. Fourth Int'l Conf. Internet and Web Applications and Services, pp. 527-532, May 2009.
36. A. Kim, J. Luo, and M.H. Kang, "Security Ontology for Annotating Resources," Proc. OTM Conf., vol. 2, pp. 1483-1499, 2005. (Pubitemid 43734382)
37. "Petals ESB, the Open Source ESB for Large SOA Infrastructures, " http://petals.ow2.org, 2011.
38. F. Jennings and D. Salter, Building SOAS-Based Composite Applications Using Netbeans IDE 6, p. 300, Packt Publishing, 2008.
39. Y. Chabeb and S. Tata, "Yet Another Semantic Annotation for WSDL (YASA4WSDL)," Proc. IADIS WWW/Internet Conf., pp. 462-467, Oct. 2008.
40. Y. Chabeb, S. Tata, and A. Ozanne, "YASA-M A Semantic Web Service Matchmaker," Proc. Int'l Conf. Advanced Information Networking and Applications (AINA '10), pp. 20-23, Apr. 2010.