The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Production workflow: concepts and techniques
Production workflow: concepts and techniques
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
An approach to engineer and enforce context constraints in an RBAC environment
Proceedings of the eighth ACM symposium on Access control models and technologies
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Evaluation of Workflow Management Systems Using Meta Models
HICSS '99 Proceedings of the Thirty-second Annual Hawaii International Conference on System Sciences-Volume 5 - Volume 5
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
An Approach to Extract RBAC Models from BPEL4WS Processes
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Access control in collaborative systems
ACM Computing Surveys (CSUR)
Modeling permissions in a (U/X)ML world
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
Information and Software Technology
Cue: a framework for generating meaningful feedback in XACML
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Deriving role engineering artifacts from business processes and scenario models
Proceedings of the 16th ACM symposium on Access control models and technologies
Configuring private data management as access restrictions: from design to enforcement
ICSOC'12 Proceedings of the 10th international conference on Service-Oriented Computing
Secure federation of semantic information services
Decision Support Systems
| Hi-index | 0.00 |
The Business Process Modeling Notation (BPMN) has become a defacto standard for describing processes in an accessible graphical notation. The eXtensible Access Control Markup Language (XACML) is an OASIS standard to specify and enforce platform independent access control policies. In this paper we define a mapping between the BPMN and XACML metamodels to provide a model-driven extraction of security policies from a business process model. Specific types of organisational control and compliance policies that can be expressed in a graphical fashion at the business process modeling level can now be transformed into the corresponding task authorizations and access control policies for process-aware information systems. As a proof of concept, we extract XACML access control policies from a security augmented banking domain business process. We present an XSLT converter that transforms modeled security constraints into XACML policies that can be deployed and enforced in a policy enforcement and decision environment. We discuss the benefits of our modeling approach and outline how XACML can support task-based compliance in business processes.