Sprint*- Responsibilities: Design and development of security policies in process-aware information systems

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

Volumn 2, Issue 4, 2011, Pages 4-26

  Leitner, Maria ^a   Mangler, Juergen ^b   Rinderle Ma, Stefanie ^a  

^a UNIVERSITY OF VIENNA   (Austria)

^b SBA RESEARCH   (Austria)

Author keywords

Access control; Process aware information systems; Responsibilities; Security constraints; Security policy design; Workflow security

Indexed keywords

EID: 84874423015     PISSN: 20935374     EISSN: 20935382     Source Type: Journal    
DOI: None     Document Type: Article

References (39)

1. M. Leitner, S. Rinderle-Ma, and J. Mangler, "Responsibility-driven design and development of process-aware security policies," in Proc. of the 6th International Conference on Availability, Reliability and Security (ARES'11), Vienna, Austria. IEEE, August 2011, pp. 334-341.
2. N. Russell, W. van der Aalst, A. H. ter Hofstede, and D. Edmond, "Workflow resource patterns: Identification, representation and tool support," in Proc. of the 17th International Conference on Advanced Information Systems Engineering (CAiSE'05), Porto, Portugal, LNCS. Springer-Verlag, June 2005, vol. 3520, pp. 216-232.
3. G. Neumann and M. Strembeck, "An approach to engineer and enforce context constraints in an RBAC environment," in Proc. of the 8th ACM symposium on Access control models and technologies (SACMAT'03), Como, Italy. ACM, June 2003, pp. 65-79.
4. P. C. K. Hung and K. Karlapalem, "A secure workflow model," in Proc. of the Australasian information security workshop (AISW'03), Adelaide, Australia, vol. 21. Australian Computer Society, February 2003, pp. 33-41.
5. E. Bertino, E. Ferrari, and V. Atluri, "The specification and enforcement of authorization constraints in workflow management systems," ACM Transactions on Information and System Security, vol. 2, no. 1, pp. 65-104, February 1999.
6. W. M. P. van der Aalst, H. de Beer, and B. van Dongen, "Process mining and verification of properties: An approach based on temporal logic," in Proc. of the 13th International Conference on Cooperative Information Systems (CoopIS'05), Agia Napa, Cyprus, LNCS, vol. 3761. Springer-Verlag, October-November 2005, pp. 130-147.
7. S. Rinderle-Ma and J. Mangler, "Integration of process constraints from heterogeneous sources in Process-Aware information systems," in Proc. of the 4th International Workshop on Enterprise Modelling and Information Systems Architectures (EMISA'11), Hamburg, Germany, LNI. Gesellschaft für Informatik, September 2011, pp. 51-64.
8. R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley Publishing, 2008.
9. S. Rinderle-Ma and M. Leitner, "On evolving organizational models without losing control on authorization constraints in web service orchestrations," in Proc. of the 12th IEEE International Conference on Commerce and Enterprise Computing (CEC'10), Shanghai, China. IEEE Computer Society, November 2010, pp. 128-135.
10. J. Park and R. Sandhu, "The UCON ABC usage control model," ACM Transactions on Information and System Security, vol. 7, no. 1, pp. 128-174, February 2004. [Online]. Available: http://doi.acm.org/10.1145/984334.984339
11. T. D. Breaux and A. I. Anton, "Analyzing goal semantics for rights, permissions, and obligations," in Proc. of the 13th IEEE International Conference on Requirements Engineering (RE'05), Paris, France. IEEE, September 2005, pp. 177-186.
12. A. Fuxman, L. Liu, J. Mylopoulos, M. Pistore, M. Roveri, and P. Traverso, "Specifying and analyzing early requirements in tropos," Requirements Engineering, vol. 9, no. 2, pp. 132-150, May 2004.
13. B. H. C. Cheng and J. M. Atlee, "Research directions in requirements engineering," in Proc. of the Workshop on the Future of Software Engineering (FOSE'07), Minneapolis, Minnesota, USA. IEEE, May 2007, pp. 285-303.
14. W. M. P. van der Aalst, H. Reijers, A. Weijters, B. van Dongen, A. Alves de Medeiros, M. Song, and H. Verbeek, "Business process mining: An industrial application," Information Systems, vol. 32, no. 5, pp. 713-732, July 2007.
15. E. J. Coyne, "Role engineering," in Proc. of the 1st ACM Workshop on Role-based access control (RBAC'95), Gaithersburg, Maryland, USA. ACM, November-December 1996.
16. G. Neumann and M. Strembeck, "A scenario-driven role engineering process for functional RBAC roles," in Proc. of the 7th ACM symposium on Access control models and technologies (SACMAT'02), Monterey, California, USA. ACM, June 2002, pp. 33-42.
17. M. Kuhlmann, D. Shohat, and G. Schimpf, "Role mining - revealing business roles for security administration using data mining technology," in Proc. of the 8th ACM symposium on Access control models and technologies (SACMAT'03), Como, Italy. ACM, June 2003, pp. 179-186.
18. R. Sandhu, D. Ferraiolo, and R. Kuhn, "The NIST model for role-based access control: towards a unified standard," in Proc. of the 5th ACM workshop on Role-based access control (RBAC'00), Berlin, Germany. ACM, July 2000, pp. 47-63.
19. M. A. Al-Kahtani and R. Sandhu, "A model for attribute-based user-role assignment," in Proc. of the 18th Annual Computer Security Applications Conference (ACSAC'02), Las Vegas, Nevada, USA. IEEE, December 2002, pp. 353-362.
20. B. Weber, M. Reichert, W. Wild, and S. Rinderle-Ma, "Providing integrated life cycle support in Process-Aware information systems." International Journal of Cooperative Information Systems, vol. 18, no. 1, pp. 115-165, March 2009.
21. M. Pesic and W. van der Aalst, "A declarative approach for flexible business processes management," in Proc. of the 1st International Workshop on Dynamic Process Management (DPM'06), Vienna, Austria, LNCS, vol. 4103. Springer-Verlag, September 2006, pp. 169-180.
22. W. M. P. van der Aalst, "Formalization and verification of event-driven process chains," Information & Software Technology, vol. 41, no. 10, pp. 639-650, July 1999.
23. W. M. P. van der Aalst, "Verification of workflow nets," in Proc. of the 18th International Conference on Application and Theory of Petri Nets (ICATPN'97), Toulouse, France, LNCS, vol. 1248. Springer-Verlag, June 1997, pp. 407-426.
24. C. Wolter and A. Schaad, "Modeling of Task-Based authorization constraints in BPMN," in Proc. of the 5th International Conference on Business Process Management (BPM'07), Brisbane, Australia, LNCS, vol. 4714. Springer-Verlag, September 2007, pp. 64-79.
25. K. v. Hee, N. Sidorova, and M. Voorhoeve, "Resource-Constrained workflow nets," Fundamenta Informati-cae, vol. 71, no. 2-3, pp. 243-257, June 2006.
26. P. Dadam, M. Reichert, S. Rinderle-Ma, A. Lanz, R. Pryss, M. Predeschly, J. Kolb, L. T. Ly, M. Jurisch, U. Kreher et al., "From ADEPT to AristaFlow BPM suite: A research vision has become reality," in Proc. of the 1st International Workshop on Empirical Research in Business Process Management (ER-BPM'09), Ulm, Germany, LNBIP, vol. 43. Springer-Verlag, September 2009.
27. L. T. Ly, D. Knuplesch, S. Rinderle-Ma, K. Goser, H. Pfeifer, M. Reichert, and P. Dadam, "SeaFlows toolset - compliance verification made easy for Process-Aware information systems," in Proc. of the 22nd International Conference on Advanced Information Systems Engineering (CAiSE'10), Hammamet, Tunisia, LNBIP, vol. 72. Springer-Verlag, January 2011, pp. 76-91.
28. M. Pesic, H. Schonenberg, and W. v. d. Aalst, "DECLARE: full support for Loosely-Structured processes." in Proc. of the 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC'07), Annapolis, Maryland, USA. IEEE, October 2007, pp. 287-300.
29. W. M. P. van der Aalst and A. H. M. Ter Hofstede, "YAWL: yet another workflow language," Information Systems, vol. 30, no. 4, pp. 245-275, June 2005.
30. L. Ly, S. Rinderle-Ma, and P. Dadam, "Design and verification of instantiable compliance rule graphs in Process-Aware information systems," in Proc. of the 22nd International Conference on Advanced Information Systems Engineering (CAiSE'10), Hammamet, Tunisia, LNCS, vol. 6051. Springer-Verlag, June 2010, pp. 9-23.
31. T. Ly, S. Rinderle-Ma, K. Goser, and P. Dadam, "On enabling integrated process compliance with semantic constraints in process management systems - requirements, challenges, solutions," Information Systems Frontiers, pp. 1-25, June 2009.
32. A. Agrawal, M. Amend, M. Das, M. Ford, C. Keller, M. Kloppmann, D. Konig, F. Leymann, R. Muller, G. Pfau, K. Plosser, R. Rangaswamy, A. Rickayzen, M. Rowley, P. Schmidt, P. Trickovic, A. Yiu, and M. Zeller, "WS-BPEL extension for people (BPEL4People)," Specification Version 1.0, June 2007, http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-bpel4people/BPEL4Peoplev1.pdf, last accessed 12/15/2011. [Online]. Available
33. S. Schefer, M. Strembeck, J. Mendling, and A. Baumgrass, "Detecting and resolving conflicts of Mutual-Exclusion and binding constraints in a business process context," in Proc. of the 19th International Conference on Cooperative Information Systems (CoopIS'11), Crete, Greece, LNCS, vol. 7044. Springer-Verlag, October 2011, pp. 329-346.
34. S. Rinderle-Ma and M. Reichert, "Comprehensive life cycle support for access rules in information systems: The CEOSIS project," Enterprise Information Systems, vol. 3, no. 3, pp. 219-251, July 2009.
35. G. Sturmer, J. Mangler, and E. Schikuta, "Building a modular service oriented workflow engine," in Proc. of the IEEE International Conference on Service-Oriented Computing and Applications (SOCA'09), Taipei, Taiwan. IEEE, January 2009, pp. 1-4.
36. J. Wainer, P. Barthelmess, and A. Kumar, "W-RBAC - a workflow security model incorporating controlled overriding of constraints," International Journal of Cooperative Information Systems, vol. 12, no. 4, pp. 455-485, December 2003.
37. R. Sandhu, V. Bhamidipati, and Q. Munawer, "The ARBAC97 model for role-based administration of roles," ACM Transactions on Information and System Security, vol. 2, no. 1, pp. 105-135, February 1999.
38. F. Casati, S. Castano, and M. Fugini, "Managing workflow authorization constraints through active database technology," Information Systems Frontiers, vol. 3, no. 3, pp. 319-338, September 2001.
39. C. Ribeiro and P. Guedes, "Verifying workflow processes against organization security policies," in Proc. of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises (WETICE'99), Stanford, California, USA. IEEE, June 1999, pp. 190-191.