Thursday, 8 April 2010

Definitions for security requirements in BPM terminology

while reading in a paper about Security for Workflow, i found an interesting definitions for security requirements in regards to the BPM terminology.

Vijay Atluri in his paper "Security for Workflow Systems" thinks that the security requirements for Workflows are:

Confidentiality:
This refers to unauthorized disclosure of information including the specification, and the workflow instances during its execution.

Integrity
:
Refers to the unauthorized modification of information, again including the specification as well as the data manipulated during the execution of a workflow instance.

Availability
:
Refers to making the data and resources available to the agents responsible for executing the tasks in a workflow.

Authentication
:
Refers to reliably verifying the identity of the task execution agents

Authorization
:
Refers to enforcing access control to ensure confidentiality and integrity

Audit
:
Refers to recording information about who has performed which actions at what time within the workflow, which can later be analyzed to detect suspicious behavior and misuse of authority.

Anonymity
:
Refers to keeping the agents anonymous from other agents executing the workflow. This may be needed especially when agents with conflict-of-interest execute different tasks within a workflow.

Separation of duties:
These are additional constraints associated with the workflow to reduce the risk of fraud.

Reference:
Security for Workflow Systems, Vijay Atluri, Rutgers University, 2002.

No comments:

Post a Comment