The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Production workflow: concepts and techniques
Production workflow: concepts and techniques
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Evaluation of Workflow Management Systems Using Meta Models
HICSS '99 Proceedings of the Thirty-second Annual Hawaii International Conference on System Sciences-Volume 5 - Volume 5
Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
An Approach to Extract RBAC Models from BPEL4WS Processes
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Modeling permissions in a (U/X)ML world
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Achieving life-cycle compliance of service-oriented architectures: open issues and challenges
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Hi-index | 0.00 |
The Business Process Modeling Notation (BPMN) has become the defacto standard for describing processes in an accessible graphical notation. The eXtensible Access Control Markup Language (XACML) and WS-Security are both OASIS standards used to specify and enforce platform independent access control and security policies suitable for service-oriented architectures. In this document we propose a transformation approach based on a security modeling framework for business process management to support access control and security policies for business processes. To deploy and enforce such security policies in an enterprise environment, a model-driven transformation between security annotated process models and a security specification language is used. We argue that specific types of organisational control and compliance policies may be expressed in a graphical fashion at the business process modeling level. These can then be transformed into corresponding access control and security policies for business process-driven information systems based on service-oriented architectures. This approach acts as an enabler for better collaboration between security and business process domain experts to define consistent and valid security policies that can be easily communicated. We discuss the benefits of our modeling approach and outline how our framework can support security and compliance in business processes.