Security and safety of assets in business processes
Proceedings of the 27th Annual ACM Symposium on Applied Computing
SecureBPMN: modeling and enforcing access control requirements in business processes
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Future Generation Computer Systems
Hi-index | 0.00 |
Modern enterprise systems need to comply to complex security policies. Due to legal regulations such as Basel II or \acs{hipaa}, the enforcement of these security policies needs to be carefully monitored and analyzed. The monitoring of complex and often dynamic access control requirements results in a vast amount of information that needs to be analyzed both in case of incidents and during regular audits. We present an extensible framework for managing and analyzing security policies during their whole life cycle. Our framework integrates versioning of policies and log files with policy animation, static analysis, and debugging techniques. For example, this combination allows for comparing different versions of security policies or the replaying and animation of system traces based on log files.