The Rational Unified Process: An Introduction, Second Edition
The Rational Unified Process: An Introduction, Second Edition
Managing Information Security Risks: The Octave Approach
Managing Information Security Risks: The Octave Approach
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Enterprise Java 2 Security: Building Secure and Robust J2EE Applications
Enterprise Java 2 Security: Building Secure and Robust J2EE Applications
Security challenges for enterprise Java in an e-business environment
IBM Systems Journal
IBM Systems Journal
Management of the service-oriented-architecture life cycle
IBM Systems Journal
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
A Rule-Based Framework Using Role Patterns for Business Process Compliance
RuleML '08 Proceedings of the International Symposium on Rule Representation, Interchange and Reasoning on the Web
Web Services-Based Security Requirement Elicitation
IEICE - Transactions on Information and Systems
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
An MDA-Based Environment for Generating Access Control Policies
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
An information security ontology incorporating human-behavioural implications
Proceedings of the 2nd international conference on Security of information and networks
The practical application of a process for eliciting and designing security in web service systems
Information and Software Technology
A transformation approach for security enhanced business processes
SE '08 Proceedings of the IASTED International Conference on Software Engineering
An XACML extension for business process-centric access control policies
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
The new supply chain's frontier: Information management
International Journal of Information Management: The Journal for Information Professionals
| Hi-index | 0.00 |
Business-driven development and management of secure applications and solutions is emerging as a key requirement in the realization of an on demand enterprise. In a given enterprise, individuals acting in various roles contribute to the modeling, development, deployment, and management of the security aspects of a business application. We look at the business-application life cycle and propose a policy-driven approach overlaid on a model-driven paradigm for addressing security requirements. Our approach suggests that security policies are to be modeled using policies and rule templates associated with business processes and models, designed and implemented through infrastructure-managed or application-managed environments based on modeled artifacts, deployed into an infrastructure and potentially customized to meet the security requirements of the consumer, and monitored and managed to reflect a consistent set of policies across the enterprise and all layers of its application infrastructure. We use a pragmatic approach to identify intersection points between the platform-independent modeling of security policies and their concrete articulation and enforcement. This approach offers a way to manage and monitor systems behavior for adherence and compliance to policies. Monitoring may be enabled through both information technology (IT) and business dashboards. Systematic approaches to connect business artifacts to implementation artifacts help implement business policies in system implementations. Best practices and security usage patterns influence the design of reusable and customizable templates. Because interoperability and portability are important in service-oriented architecture (SOA) environments, we list enhancements to standards (e.g., Business Process Execution Language [BPEL], Unified Modeling LanguageTM [UML®]) that must be addressed to achieve an effective life cycle.