Introducing Security Access Control Policies into Legacy Business Processes

被引:1
|
作者
Giraldo, Faber D. [1 ]
Blay-Fornarino, Mireille [2 ]
Mosser, Sebastien [3 ]
机构
[1] Univ Quindio, Syst & Comp Engn, Armenia, Colombia
[2] Univ Nice Sophia Antipolis, CNRS UMR I3S 6070, Nice, France
[3] Univ Lille 1, LIFL CNRS UMR 8022, INRIA Lille Nord Europe, Villeneuve Dascq, France
来源
2011 15TH IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS (EDOC 2011) | 2011年
关键词
Security Standards; Separation of Concerns; Business Processes; Service-oriented Architecture; AUTHORIZATION;
D O I
10.1109/EDOCW.2011.11
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
Applying separation of concerns approaches into business process context generally results in several initiatives oriented to automatic generation of aspect code, generation of specific code according to the kind of concern (code for mapping roles and permissions derived from RBAC model for example), or proposition of new mechanisms as dedicated aspectual languages. Most of these initiatives only consider functional behaviours of business process, omitting special behaviours derived from quality attributes such as security, which can be modelled as concerns that must be supported in the business process. In this paper we propose the integration of cross-cuttings standardized control access policies (based on RBAC model and Oasis XACML) into legacy business processes, using a separation of concerns approach.
引用
收藏
页码:42 / 49
页数:8
相关论文
共 50 条
  • [1] Verification of Access Control Policies for REA Business Processes
    Karimi, Vahid R.
    Cowan, Donald D.
    2009 IEEE 33RD INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOLS 1 AND 2, 2009, : 1095 - 1100
  • [2] Eliciting Security Requirements for Business Processes of Legacy Systems
    Argyropoulos, Nikolaos
    Marquez Alcaniz, Luis
    Mouratidis, Haralambos
    Fish, Andrew
    Rosado, David G.
    Garcia-Rodriguez de Guzman, Ignacio
    Fernandez-Medina, Eduardo
    PRACTICE OF ENTERPRISE MODELING, POEM 2015, 2015, 235 : 91 - 107
  • [3] Blockchain Based Auditable Access Control for Business Processes With Event Driven Policies
    Akhtar, Ahmed
    Barati, Masoud
    Shafiq, Basit
    Rana, Omer
    Afzal, Ayesha
    Vaidya, Jaideep
    Shamail, Shafay
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2024, 21 (05) : 4699 - 4716
  • [4] ACCESS CONTROL MODELS FOR BUSINESS PROCESSES
    Karimi, Vahid R.
    Cowan, Donald D.
    SECRYPT 2010: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2010, : 489 - 498
  • [5] Idea to Derive Security Policies from Collaborative Business Processes
    Hu, Ji
    2009 13TH ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS (EDOCW 2009), 2009, : 243 - 246
  • [6] Security Analysis of Access Control Policies for Smart Homes
    Belfiore, Roberta Cimorelli
    Ferrara, Anna Lisa
    PROCEEDINGS OF THE 28TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, SACMAT 2023, 2023, : 99 - 106
  • [7] Access Control Model for Collaborative Business Processes
    Sanchez, M.
    Jimenez, B.
    Gutierrez, F. L.
    Paderewski, P.
    Isla-Montes, Jose-Luis
    ENGINEERING THE USER INTERFACE: FROM RESEARCH TO PRACTICE, 2009, : 117 - +
  • [8] Architecting Access Control for Business Processes in the Cloud
    Gaaloul, Khaled
    Yangui, Sami
    Tata, Samir
    Proper, Henderik A.
    2014 3RD INTERNATIONAL WORKSHOP ON ADVANCED INFORMATION SYSTEMS FOR ENTERPRISES (IWAISE'14), 2014, : 8 - 14
  • [9] Security architecture to support multiple security policies based on access control space
    Institute of Software, Chinese Academy of Sciences, Beijing 100080, China
    不详
    Tongxin Xuebao, 2006, 2 (107-112+118):
  • [10] Introducing business process into legacy information systems
    Borges, MRS
    Vincent, AF
    Penadés, MC
    Araujo, RM
    BUSINESS PROCESS MANAGEMENT, PROCEEDINGS, 2005, 3649 : 452 - 457
12345