Secure and compliant implementation of business process-driven systems

Lecture Notes in Business Information Processing

Volumn 132 LNBIP, Issue , 2013, Pages 662-674

  Brucker, Achim D ^a   Hang, Isabelle ^a  

^a SAP RESEARCH   (Germany)

Author keywords

bpmn; business process security; secure service tasks; static program analysis

Indexed keywords

COMPUTER PROGRAMMING; ENTERPRISE RESOURCE MANAGEMENT;

BPMN; BUSINESS PROCESS; COMPUTATIONAL EFFORT; RUN-TIME PERFORMANCE; SECURE SERVICES; SERVICE ORIENTED; STATIC PROGRAM ANALYSIS; SYSTEM IMPLEMENTATION;

COMPLIANCE CONTROL;

EID: 84873107244     PISSN: 18651348     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-36285-9_66     Document Type: Conference Paper

References (28)

1. American National Standard for Information Technology-Role Based Access Control. ANSI, New York (2004) ANSI INCITS, 359-2004
2. van der Aalst, W., de Medeiros, A.: Process mining and security: Detecting anomalous process executions and checking process conformance. ENTCS 121, 3-21 (2005), doi:10.1016/j.entcs.2004.10.013
3. van der Aalst, W.M.P., Dumas, M., Gottschalk, F., ter Hofstede, A.H.M., La Rosa, M., Mendling, J.: Correctness-Preserving Configuration of Business Process Models. In: Fiadeiro, J.L., Inverardi, P. (eds.) FASE 2008. LNCS, vol. 4961, pp. 46-61. Springer, Heidelberg (2008)
4. Accorsi, R., Wonnemann, C.: InDico: Information Flow Analysis of Business Processes for Confidentiality Requirements. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 194-209. Springer, Heidelberg (2011)
5. Arsac, W., Compagna, L., Pellegrino, G., Ponta, S.E.: Security Validation of Busi-́ ness Processes via Model-Checking. In: Erlingsson, U., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 29-42. Springer, Heidelberg (2011)
6. Basel Committee on Banking Supervision: Basel III: A global regulatory framework for more resilient banks and banking systems. Tech. rep., Bank for International Settlements, Basel, Switzerland (2010), http://www.bis.org/publ/ bcbs189.pdf
7. Basin, D., Clavel, M., Doser, J., Egea, M.: Automated analysis of security-design models. Information and Software Technology 51(5), 815-831 (2009), doi:10.1016/j.infsof.2008.05.011; Special Issue on Model-Driven Development for Secure Information Systems
8. Basin, D.A., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39-91 (2006), doi:10.1145/1125808.1125810
9. Brucker, A.D., Brügger, L., Kearney, P., Wolff, B.: An approach to modular and testable security models of real-world health-care applications. In: ACM SAC-MAT, pp. 133-142. ACM Press, New York (2011), doi:10.1145/1998441. 1998461
10. Brucker, A.D., Doser, J.: Metamodel-based UML notations for domain-specific languages. In: Favre, J.M., Gasevic, D., L̈ammel, R., Winter, A. (eds.) 4th International Workshop on Software Language Engineering (ATEM 2007) (2007)
11. Brucker, A.D., Doser, J., Wolff, B.: A Model Transformation Semantics and Analysis Methodology for SecureUML. In: Wang, J., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 306-320. Springer, Heidelberg (2006)
12. Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN: Modeling and enforcing access control requirements in business processes. In: ACM SACMAT. ACM Press (2012), doi:10.1145/2295136.2295160
13. Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Carminati, B., Joshi, J. (eds.) ACM SACMAT, pp. 197-206. ACM Press (2009), doi:10.1145/1542207.1542239
14. Dijkman, R.M., Dumas, M., Ouyang, C.: Semantics and analysis of business process models in BPMN. Information & Software Technology 50(12), 1281-1294 (2008), doi:10.1016/j.infsof.2008.02.006
15. HIPAA: Health Insurance Portability and Accountability Act of 1996 (1996), http://www.cms.hhs.gov/HIPAAGenInfo/
16. Jürjens, J., Rumm, R.: Model-based security analysis of the german health card architecture. Methods Inf. Med. 47(5), 409-416 (2008)
17. Kohler, M., Brucker, A.D., Schaad, A.: Proactive Caching: Generating caching heuristics for business process environments. In: International Conference on Computational Science and Engineering (CSE), vol. 3, pp. 207-304. IEEE Computer Society (2009), doi:10.1109/CSE.2009.177
18. Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: J́eźequel, J.M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426-441. Springer, Heidelberg (2002)
19. Miseldine, P.: Automated XACML policy reconfiguration for evaluation optimisation. In: Win, B.D., Lee, S.W., Monga, M. (eds.) SESS, pp. 1-8. ACM (2008), doi:10.1145/1370905.1370906
20. Mülle, J., von Stackelberg, S., B̈ohm, K.: A security language for BPMN process models. Tech. rep., University Karlsruhe, KIT (2011)
21. OASIS: eXtensible Access Control Markup Language (XACML), version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/XACML-2.0-OS-NORMATIVE.zip
22. Object Management Group: Business process model and notation (BPMN), version 2.0 (2011), Available as OMG document formal/2011-01-03
23. Rodríguez, A., Ferńandez-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE-Trans. Inf. Syst. E90-D, 745-752 (2007), doi:10.1093/ietisy/e90-d.4.745
24. Sohr, K., Ahn, G.J., Gogolla, M., Migge, L.: Specification and Validation of Authorisation Constraints Using UML and OCL. In: De Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 64-79. Springer, Heidelberg (2005)
25. Wolter, C., Meinel, C.: An approach to capture authorisation requirements in business processes. Requir. Eng. 15(4), 359-373 (2010), doi:10.1007/s00766- 010-0103-y
26. Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. Journal of Systems Architecture 55(4), 211-223 (2009), doi:10.1016/j.sysarc.2008.10.002; Secure Service-Oriented Architectures (Special Issue on Secure SOA)
27. Wolter, C., Schaad, A.: Modeling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64-79. Springer, Heidelberg (2007)
28. Wolter, C., Schaad, A., Meinel, C.: Deriving XACML Policies from Business Process Models. In: Weske, M., Hacid, M.-S., Godart, C. (eds.) WISE 2007 Workshops. LNCS, vol. 4832, pp. 142-153. Springer, Heidelberg (2007)