Role-Based Access Control Models
Computer
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Notable design patterns for domain-specific languages
Journal of Systems and Software
IEEE Intelligent Systems
A Meta Model for Structured Workflows Supporting Workflow Transformations
ADBIS '02 Proceedings of the 6th East European Conference on Advances in Databases and Information Systems
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
The Pragmatics of Model-Driven Development
IEEE Software
Web Service Conversation Modeling: A Cornerstone for E-Business Automation
IEEE Internet Computing
Using trust and risk in role-based access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
Model-Driven Trust Negotiation for Web Services
IEEE Internet Computing
Service-Oriented Computing: Key Concepts and Principles
IEEE Internet Computing
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
When and how to develop domain-specific languages
ACM Computing Surveys (CSUR)
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
How to Break Access Control in a Controlled Manner
CBMS '06 Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems
Queue - Compliance
Feature-based survey of model transformation approaches
IBM Systems Journal - Model-driven software development
Model-Driven Software Development: Technology, Engineering, Management
Model-Driven Software Development: Technology, Engineering, Management
AO4BPEL: An Aspect-oriented Extension to BPEL
World Wide Web
XACML Policy Integration Algorithms
ACM Transactions on Information and System Security (TISSEC)
An environment for flexible advanced compensations of Web service transactions
ACM Transactions on the Web (TWEB)
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
Policy decomposition for collaborative access control
Proceedings of the 13th ACM symposium on Access control models and technologies
Context-aware role-based access control in pervasive computing systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
A Security Modeling Approach for Web-Service-Based Business Processes
ECBS '09 Proceedings of the 2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems
An approach for the systematic development of domain-specific languages
Software—Practice & Experience
A Taxonomy of Model Transformation
Electronic Notes in Theoretical Computer Science (ENTCS)
Scenario-Driven Role Engineering
IEEE Security and Privacy
On business process model transformations
ER'00 Proceedings of the 19th international conference on Conceptual modeling
Rule-Based Coordination of Distributed Web Service Transactions
IEEE Transactions on Services Computing
An Integrated Workbench for Model-Based Engineering of Service Compositions
IEEE Transactions on Services Computing
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
WS-Aggregation: distributed aggregation of web services data
Proceedings of the 2011 ACM Symposium on Applied Computing
Test Coverage of Data-Centric Dynamic Compositions in Service-Based Systems
ICST '11 Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
An integrated approach for identity and access management in a SOA context
Proceedings of the 16th ACM symposium on Access control models and technologies
Rumpole: a flexible break-glass access control model
Proceedings of the 16th ACM symposium on Access control models and technologies
A transformation contract to generate aspects from access control policies
Software and Systems Modeling (SoSyM)
A semantic approach for business process model abstraction
CAiSE'11 Proceedings of the 23rd international conference on Advanced information systems engineering
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
Balancing flexibility and security in adaptive process management systems
OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I
Modeling composition in dynamic programming environments with model transformations
SC'06 Proceedings of the 5th international conference on Software Composition
Deriving a unified fault taxonomy for event-based systems
Proceedings of the 6th ACM International Conference on Distributed Event-Based Systems
On the parameterized complexity of the workflow satisfiability problem
Proceedings of the 2012 ACM conference on Computer and communications security
Identifying incompatible service implementations using pooled decision trees
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Supporting entailment constraints in the context of collaborative web applications
Proceedings of the 28th Annual ACM Symposium on Applied Computing
ICWE'13 Proceedings of the 13th international conference on Web Engineering
Hi-index | 0.00 |
Context: A distributed business process is executed in a distributed computing environment. The service-oriented architecture (SOA) paradigm is a popular option for the integration of software services and execution of distributed business processes. Entailment constraints, such as mutual exclusion and binding constraints, are important means to control process execution. Mutually exclusive tasks result from the division of powerful rights and responsibilities to prevent fraud and abuse. In contrast, binding constraints define that a subject who performed one task must also perform the corresponding bound task(s). Objective: We aim to provide a model-driven approach for the specification and enforcement of task-based entailment constraints in distributed service-based business processes. Method: Based on a generic metamodel, we define a domain-specific language (DSL) that maps the different modeling-level artifacts to the implementation-level. The DSL integrates elements from role-based access control (RBAC) with the tasks that are performed in a business process. Process definitions are annotated using the DSL, and our software platform uses automated model transformations to produce executable WS-BPEL specifications which enforce the entailment constraints. We evaluate the impact of constraint enforcement on runtime performance for five selected service-based processes from existing literature. Results: Our evaluation demonstrates that the approach correctly enforces task-based entailment constraints at runtime. The performance experiments illustrate that the runtime enforcement operates with an overhead that scales well up to the order of several ten thousand logged invocations. Using our DSL annotations, the user-defined process definition remains declarative and clean of security enforcement code. Conclusion: Our approach decouples the concerns of (non-technical) domain experts from technical details of entailment constraint enforcement. The developed framework integrates seamlessly with WS-BPEL and the Web services technology stack. Our prototype implementation shows the feasibility of the approach, and the evaluation points to future work and further performance optimizations.