Responsibility-driven design and development of process-aware security policies

Maria Leitner, Stefanie Rinderle-Ma, Juergen Mangler

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

Process-Aware Information Systems (PAIS) enable the automated support of business processes that are executed by a combination of human actors and systems. As processes typically require access to sensitive data, security policies are of high importance. Typically security policies in PAIS range from access rules and authorization constraints to context policies (location, time) and are scattered over the multitude of heterogeneous PAIS components, i.e. process models, repositories, organizational structures, etc. Currently, different approaches for modeling and enforcing security policies exist that assume a set of explicitly defined security policies. Because of aforementioned heterogeneity, these approaches are suboptimal for PAIS. In order to improve upon existing approaches we present a security policy data model and design methodology, based on the concept of responsibilities, permissions and constraints. The goal is to not only unify diverse security policies in different PAIS subsystems, but also to make security policies independent of these subsystems to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.

Original languageEnglish
Title of host publicationProceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Pages334-341
Number of pages8
DOIs
StatePublished - 2011
Externally publishedYes
Event2011 6th International Conference on Availability, Reliability and Security, ARES 2011 - Vienna, Austria
Duration: 22 Aug 201126 Aug 2011

Publication series

NameProceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Conference

Conference2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Country/TerritoryAustria
CityVienna
Period22/08/1126/08/11

Keywords

  • Process Aware Information Systems
  • Security policy design
  • Security policy development

Fingerprint

Dive into the research topics of 'Responsibility-driven design and development of process-aware security policies'. Together they form a unique fingerprint.

Cite this