Logics of time and computation
Logics of time and computation
Role-Based Access Control Models
Computer
SecureFlow: a secure Web-enabled workflow management system
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Security in Computing
The Use of Information Capacity in Schema Integration and Translation
VLDB '93 Proceedings of the 19th International Conference on Very Large Data Bases
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Task-role-based access control model
Information Systems
Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
Best-Practice Patterns and Tool Support for Configuring Secure Web Services Messaging
ICWS '04 Proceedings of the IEEE International Conference on Web Services
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Integration of risk identification with business process models
Systems Engineering
Axis2, Middleware for Next Generation Web Services
ICWS '06 Proceedings of the IEEE International Conference on Web Services
An Attribute-Based Access Control Model for Web Services
PDCAT '06 Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies
Principles of the Spin Model Checker
Principles of the Spin Model Checker
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Modeling control objectives for business process compliance
BPM'07 Proceedings of the 5th international conference on Business process management
Towards a UML 2.0 extension for the modeling of security requirements in business processes
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Security ontology for annotating resources
OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, COA, and ODBASE - Volume Part II
Lightweight modeling and analysis of security concepts
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
An integrated approach for identity and access management in a SOA context
Proceedings of the 16th ACM symposium on Access control models and technologies
Derivation of trust federation for collaborative business processes
Information Systems Frontiers
Achieving life-cycle compliance of service-oriented architectures: open issues and challenges
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Security and safety of assets in business processes
Proceedings of the 27th Annual ACM Symposium on Applied Computing
A framework for modelling security architectures in services ecosystems
ESOCC'12 Proceedings of the First European conference on Service-Oriented and Cloud Computing
Towards an approach to design and enforce security in web service composition
International Journal of Web Engineering and Technology
Proceedings of the Workshop on Model-Driven Security
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Information and Software Technology
Hi-index | 0.00 |
Various types of security goals, such as authentication or confidentiality, can be defined as policies for service-oriented architectures, typically in a manual fashion. Therefore, we foster a model-driven transformation approach from modelled security goals in the context of process models to concrete security implementations. We argue that specific types of security goals may be expressed in a graphical fashion at the business process modelling level which in turn can be transformed into corresponding access control and security policies. In this paper we present security policy and policy constraint models. We further discuss a translation of security annotated business processes into platform specific target languages, such as XACML or AXIS2 security configurations. To demonstrate the suitability of this approach an example transformation is presented based on an annotated process.