Introducing Security Access Control Policies into Legacy Business Processes

被引：1

作者：

Giraldo, Faber D. ^{[1
]}

Blay-Fornarino, Mireille ^{[2
]}

Mosser, Sebastien ^{[3
]}

机构：

[1] Univ Quindio, Syst & Comp Engn, Armenia, Colombia

[2] Univ Nice Sophia Antipolis, CNRS UMR I3S 6070, Nice, France

[3] Univ Lille 1, LIFL CNRS UMR 8022, INRIA Lille Nord Europe, Villeneuve Dascq, France

来源：

2011 15TH IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS (EDOC 2011) | 2011年

关键词：

Security Standards; Separation of Concerns; Business Processes; Service-oriented Architecture; AUTHORIZATION;

D O I：

10.1109/EDOCW.2011.11

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

Applying separation of concerns approaches into business process context generally results in several initiatives oriented to automatic generation of aspect code, generation of specific code according to the kind of concern (code for mapping roles and permissions derived from RBAC model for example), or proposition of new mechanisms as dedicated aspectual languages. Most of these initiatives only consider functional behaviours of business process, omitting special behaviours derived from quality attributes such as security, which can be modelled as concerns that must be supported in the business process. In this paper we propose the integration of cross-cuttings standardized control access policies (based on RBAC model and Oasis XACML) into legacy business processes, using a separation of concerns approach.

引用

页码：42 / 49

页数：8

共 50 条

[21] Blockchain Based Auditable Access Control for Distributed Business Processes
Akhtar, Ahmed
Shafiq, Basit
Vaidya, Jaideep
Afzal, Ayesha
Shamail, Shafay
Rana, Omer
2020 IEEE 40TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS (ICDCS), 2020, : 12 - 22
[22] Across-step access control in E-business security
Liu, Guohua
Yi, Chuanjiang
Liu, Weihua
Fifth Wuhan International Conference on E-Business, Vols 1-3: INTEGRATION AND INNOVATION THROUGH MEASUREMENT AND MANAGEMENT, 2006, : 453 - 458
[23] A MAS security framework implementing reputation based policies and owners access control
Vitabile, S.
Milici, G.
Scolaro, S.
Sorbello, F.
Pilato, G.
20TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 2, PROCEEDINGS, 2006, : 746 - +
[24] A New Hybrid Access Control Model for Security Policies in Multimodal Applications Environments
Ben Attia, Hasiba
Kahloul, Laid
Benharzallah, Saber
JOURNAL OF UNIVERSAL COMPUTER SCIENCE, 2018, 24 (04) : 392 - 416
[25] Detection of Multiple-Duty-Related Security Leakage in Access Control Policies
Hwang, JeeHyun
Xie, Tao
Hu, Vincent C.
2009 THIRD IEEE INTERNATIONAL CONFERENCE ON SECURE SOFTWARE INTEGRATION AND RELIABILITY IMPROVEMENT, PROCEEDINGS, 2009, : 65 - 74
[26] Introducing decision-aware business processes
Yousfi, Alaaeddine
Dey, Anind K.
Saidi, Rajaa
Hong, Jin-Hyuk
COMPUTERS IN INDUSTRY, 2015, 70 : 13 - 22
[27] Integrating privacy policies into business processes
Chinosi, Michele
Trombetta, Alberto
WOSIS 2008: SECURITY IN INFORMATION SYSTEMS, PROCEEDINGS, 2008, : 13 - 25
[28] Integrating Privacy Policies into Business Processes
Chinosi, Michele
Trombetta, Alberto
JOURNAL OF RESEARCH AND PRACTICE IN INFORMATION TECHNOLOGY, 2009, 41 (02): : 155 - 170
[29] Introducing Agile Controllability in Temporal Business Processes
Posenato, Roberto
Franceschetti, Marco
Combi, Carlo
Eder, Johann
ENTERPRISE, BUSINESS-PROCESS AND INFORMATION SYSTEMS MODELING, BPMDS 2024, EMMSAD 2024, 2024, 511 : 87 - 99
[30] Aligning legacy information systems to business processes
Kardasis, P
Loucopoulos, P
ADVANCED INFORMATION SYSTEMS ENGINEERING, 1998, 1413 : 25 - 39

← 1 2 3 4 5 →