Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
An extended Petri net model for supporting workflow in a multilevel secure environment
Proceedings of the tenth annual IFIP TC11/WG11.3 international conference on Database security: volume X : status and prospects: status and prospects
Towards a task-based paradigm for flexible and adaptable access control in distributed applications
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
SecureFlow: a secure Web-enabled workflow management system
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Specification and implementation of exceptions in workflow management systems
ACM Transactions on Database Systems (TODS)
A semantic-based execution model for multilevel secure workflows
Journal of Computer Security
Enforcing mandatory and discretionary security in workflow management systems
Journal of Computer Security - Special issue on database security
Exception Handling in Workflow Management Systems
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Authorization and Access Control of Application Data in Workflow Systems
Journal of Intelligent Information Systems - Special issue: A survey of research questions for intelligent information systems in education
Exception Handling in Workflow Systems
Applied Intelligence
Managing Workflow Authorization Constraints through Active Database Technology
Information Systems Frontiers
Secure Disconnected Agent Interaction for Electronic Commerce Activities Using CapBasED-AMS
Information Technology and Management
AutoWF: a secure web workflow system using autonomous objects
Data & Knowledge Engineering
Wrappers-a mechanism to support state-based authorisation in Web applications
Data & Knowledge Engineering - Data and applications security
Distributed and Parallel Databases
A Scheme to Specify and Implement Ad-Hoc Recovery in Workflow Systems
EDBT '98 Proceedings of the 6th International Conference on Extending Database Technology: Advances in Database Technology
A Multilevel Secure Workflow Management System
CAiSE '99 Proceedings of the 11th International Conference on Advanced Information Systems Engineering
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Verifying Workflow Processes against Organization Security Policies
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Modeling Secure and Fair Electronic Commerce
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Prototype Secure Workflow Server
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Napoleon: A Recipe for Workflow
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
COOPIS '96 Proceedings of the First IFCIS International Conference on Cooperative Information Systems
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
Secure role-based workflow models
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Task-role-based access control model
Information Systems
Security Analysis of Electronic Business Processes
Electronic Commerce Research
Tucupi: a flexible workflow system based on overridable constraints
Proceedings of the 2004 ACM symposium on Applied computing
An access control framework for business processes for web services
Proceedings of the 2003 ACM workshop on XML security
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
CITC5 '04 Proceedings of the 5th conference on Information technology education
Modeling and Analyzing of Workflow Authorization Management
Journal of Network and Systems Management
System Recovery through Dynamic Regeneration of Workflow Specification
ISORC '05 Proceedings of the Eighth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing
Chinese wall security for decentralized workflow management systems
Journal of Computer Security - Special issue on ACM conference on computer and communications security, 2001
Specification and validation of process constraints for flexible workflows
Information Systems
Modelling Inter-organizational Workflow Security in a Peer-to-Peer Environment
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Data & Knowledge Engineering - Special issue: Quality in conceptual modeling
Secure Business Process Management: A Roadmap
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Inter-instance authorization constraints for secure workflow management
Proceedings of the eleventh ACM symposium on Access control models and technologies
Specifying Selected Security Features of Inter-Organizational Workflows
CIMCA '05 Proceedings of the International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce Vol-2 (CIMCA-IAWTIC'06) - Volume 02
Security requirement analysis of business processes
Electronic Commerce Research
Access Control and Authorization Constraints for WS-BPEL
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Security Conscious Web Service Composition
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Dynamic Regeneration of Workflow Specification with Access Control Requirements in MANET
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Secrets and Lies
A BPMN Extension for the Modeling of Security Requirements in Business Processes
IEICE - Transactions on Information and Systems
Modelling, specifying and implementing workflow security in Cyberspace
Journal of Computer Security
Integration and verification of semantic constraints in adaptive process management systems
Data & Knowledge Engineering
Business Process Management: Concepts, Languages, Architectures
Business Process Management: Concepts, Languages, Architectures
SOA and Web Services: New Technologies, New Standards - New Attacks
ECOWS '07 Proceedings of the Fifth European Conference on Web Services
Delegation in role-based access control
International Journal of Information Security
Conformance checking of service behavior
ACM Transactions on Internet Technology (TOIT)
Constraint based role based access control in the SECTET-framework: A model-driven approach
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Avoiding Policy-based Deadlocks in Business Processes
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Defining Secure Business Processes with Respect to Multiple Objectives
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Delegation and satisfiability in workflow systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
Deploying access control in distributed workflow
AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
A Workflow-Based Access Control Framework for e-Health Applications
AINAW '08 Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - Workshops
Objective Types for the Valuation of Secure Business Processes
ICIS '08 Proceedings of the Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008)
Data & Knowledge Engineering
Consent-Based Workflows for Healthcare Management
POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
A Secure Task Delegation Model for Workflows
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
The implementation and evaluation of a recovery system for workflows
Journal of Network and Computer Applications
Towards comprehensive support for organizational mining
Decision Support Systems
Business Provenance --- A Technology to Increase Traceability of End-to-End Operations
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part I on On the Move to Meaningful Internet Systems:
Secure Workflow Development from Early Requirements Analysis
ECOWS '08 Proceedings of the 2008 Sixth European Conference on Web Services
Secure Web Service Workflow Execution
Electronic Notes in Theoretical Computer Science (ENTCS)
Managing access and flow control requirements in distributed workflows
AICCSA '08 Proceedings of the 2008 IEEE/ACS International Conference on Computer Systems and Applications
A Security Modeling Approach for Web-Service-Based Business Processes
ECBS '09 Proceedings of the 2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems
Using Stateful Activities to Facilitate Monitoring and Repair in Workflow Choreographies
SERVICES '09 Proceedings of the 2009 Congress on Services - I
Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance
Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance
Effect of Using Automated Auditing Tools on Detecting Compliance Failures in Unmanaged Processes
BPM '09 Proceedings of the 7th International Conference on Business Process Management
Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
An UML profile for the modelling of mobile business processes and workflows
Proceedings of the 5th International ICST Mobile Multimedia Communications Conference
KNIME - the Konstanz information miner: version 2.0 and beyond
ACM SIGKDD Explorations Newsletter
Security for Web Services and Service-Oriented Architectures
Security for Web Services and Service-Oriented Architectures
Specification, Verification and Explanation of Violation for Data Aware Compliance Rules
ICSOC-ServiceWave '09 Proceedings of the 7th International Joint Conference on Service-Oriented Computing
Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance
Electronic Notes in Theoretical Computer Science (ENTCS)
Workshop-Based Risk Assessment for the Definition of Secure Business Processes
EKNOW '10 Proceedings of the 2010 Second International Conference on Information, Process, and Knowledge Management
Security in business process engineering
BPM'03 Proceedings of the 2003 international conference on Business process management
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Modeling control objectives for business process compliance
BPM'07 Proceedings of the 5th international conference on Business process management
Mobile gSET—secure business workflows for Mobile-Grid clients
Concurrency and Computation: Practice & Experience - Economic Models and Algorithms for Grid Systems
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
On enabling data-aware compliance checking of business process models
ER'10 Proceedings of the 29th international conference on Conceptual modeling
CEC '10 Proceedings of the 12th IEEE International Conference on Commerce and Enterprise Computing
Secure Business Processes in Service-Oriented Architectures -- A Requirements Analysis
ECOWS '10 Proceedings of the 2010 Eighth IEEE European Conference on Web Services
Capability-Role-Based Delegation in Workflow Systems
EUC '10 Proceedings of the 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Satisfaction and coherence of deadline constraints in inter-organizational workflows
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Identifying relevant studies in software engineering
Information and Software Technology
Process Mining: Discovery, Conformance and Enhancement of Business Processes
Process Mining: Discovery, Conformance and Enhancement of Business Processes
Principles of Information Security
Principles of Information Security
Monitoring business constraints with linear temporal logic: an approach based on colored automata
BPM'11 Proceedings of the 9th international conference on Business process management
Event-based monitoring of process execution violations
BPM'11 Proceedings of the 9th international conference on Business process management
Vulnerability Analysis in SOA-Based Business Processes
IEEE Transactions on Services Computing
Introducing Security Access Control Policies into Legacy Business Processes
EDOCW '11 Proceedings of the 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops
AW-RBAC: Access Control in Adaptive Workflow Systems
ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
Monitoring business process compliance using compliance rule graphs
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
Flexible workflow incorporated with RBAC
CSCWD'05 Proceedings of the 9th international conference on Computer Supported Cooperative Work in Design II
A service-oriented workflow language for robust interacting applications
OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I
Balancing flexibility and security in adaptive process management systems
OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I
CoopFlow: a framework for inter-organizational workflow cooperation
OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I
OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I
Towards secure electronic workflows
EuroPKI 2006 Proceedings of the Third European conference on Public Key Infrastructure: theory and Practice
Trust-Based secure workflow path construction
ICSOC'05 Proceedings of the Third international conference on Service-Oriented Computing
Model checking of security-sensitive business processes
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Workflow resource patterns: identification, representation and tool support
CAiSE'05 Proceedings of the 17th international conference on Advanced Information Systems Engineering
Recovering from malicious attacks in workflow systems
DEXA'05 Proceedings of the 16th international conference on Database and Expert Systems Applications
Data–driven process control and exception handling in process management systems
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
A declarative approach for flexible business processes management
BPM'06 Proceedings of the 2006 international conference on Business Process Management Workshops
Realizing model driven security for inter-organizational workflows with WS-CDL and UML 2.0
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
Mining staff assignment rules from event-based data
BPM'05 Proceedings of the Third international conference on Business Process Management
SP 800-115. Technical Guide to Information Security Testing and Assessment
SP 800-115. Technical Guide to Information Security Testing and Assessment
Systematic mapping studies in software engineering
EASE'08 Proceedings of the 12th international conference on Evaluation and Assessment in Software Engineering
On the exploitation of process mining for security audits: the conformance checking case
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors
ACM Transactions on Information and System Security (TISSEC)
On enabling integrated process compliance with semantic constraints in process management systems
Information Systems Frontiers
The maturity of maturity model research: A systematic mapping study
Information and Software Technology
Systematic literature studies: database searches vs. backward snowballing
Proceedings of the ACM-IEEE international symposium on Empirical software engineering and measurement
A decade of business process management conferences: personal reflections on a developing discipline
BPM'12 Proceedings of the 10th international conference on Business Process Management
Definition and enactment of instance-spanning process constraints
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Editorial: Systematic literature reviews in software engineering
Information and Software Technology
A systematic review of systematic review process research in software engineering
Information and Software Technology
An Analysis and Evaluation of Security Aspects in the Business Process Model and Notation
ARES '13 Proceedings of the 2013 International Conference on Availability, Reliability and Security
Hi-index | 0.00 |
Context: Security in Process-Aware Information Systems (PAIS) has gained increased attention in current research and practice. However, a common understanding and agreement on security is still missing. In addition, the proliferation of literature makes it cumbersome to overlook and determine state of the art and further to identify research challenges and gaps. In summary, a comprehensive and systematic overview of state of the art in research and practice in the area of security in PAIS is missing. Objective: This paper investigates research on security in PAIS and aims at establishing a common understanding of terminology in this context. Further it investigates which security controls are currently applied in PAIS. Method: A systematic literature review is conducted in order to classify and define security and security controls in PAIS. From initially 424 papers, we selected in total 275 publications that related to security and PAIS between 1993 and 2012. Furthermore, we analyzed and categorized the papers using a systematic mapping approach which resulted into 5 categories and 12 security controls. Results: In literature, security in PAIS often centers on specific (security) aspects such as security policies, security requirements, authorization and access control mechanisms, or inter-organizational scenarios. In addition, we identified 12 security controls in the area of security concepts, authorization and access control, applications, verification, and failure handling in PAIS. Based on the results, open research challenges and gaps are identified and discussed with respect to possible solutions. Conclusion: This survey provides a comprehensive review of current security practice in PAIS and shows that security in PAIS is a challenging interdisciplinary research field that assembles research methods and principles from security and PAIS. We show that state of the art provides a rich set of methods such as access control models but still several open research challenges remain.