Modelling Security Goals in Business Processes

Various types of security goals, such as authentication or confidentiality, can be defined as policies for process-aware information systems, typically in a manual fashion. Therefore, we foster a model-driven transformation approach from modelled security goals in the context of process models to concrete security implementations. We argue that specific types of security goals may be expressed in a graphical fashion at the business process modelling level which in turn can be transformed into corresponding access control and security policies for process-aware information systems, for instance based on service-oriented architectures. In this paper we present security policy and policy constraint models. These models are projected onto general enter- prise models and enterprise business processes in particular. We further discuss the suitability of this approach based on an example process and outline future work in order to derive security policy implementations out of the process models applicable for service-oriented architectures.

Wolter, Christian; Menzel, Michael; Meinel, Christoph (2008): Modelling Security Goals in Business Processes. Modellierung 2008. Bonn: Gesellschaft für Informatik e. V.. PISSN: 1617-5468. ISBN: 978-3-88579-221-5. pp. 197-212. Regular Research Papers. Berlin. 12.-14. März 2008

Sammlungen

P127 - Modellierung 2008
Modellierung 2008 (LNI P127)

Komplettanzeige

Modelling Security Goals in Business Processes

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen