Authors: Christian Wolter,
Michael Menzel, Christoph Meinel.
Published: 2008.
The paper, basically proposing a new
technique to integrate security requirements in the modeling notation. And then
modeled security goals should be transformed into enforcing security polices
implementations.
The paper provides:
-
Analysis of some basic security
goals (authorization, confidentiality, integrity). Providing a general security
policy and various related security constraint models.
-
A discussion on applying the
models to the enterprise model layers.
-
Specifying security
configuration in the context of business process.
-
An example banking process with
annotation to security requirements to the model. As a proof of concept.
In the introduction, authors speaks about
the paper, what is it about , the field on integrating security and BPM, and
the paper’s organization.
Section 2 provides detailed discussion
about some basic security goals and provides conceptual models. It gives an
interpretation in BPM terms to some security goals (confidentiality, integrity,
Authentication, Authorization, Auditing, Availability). Then it provides a
constraint model to the first 4.
Section 3 outline dependencies between
security goals and enterprise architecture model. It first talks about the Enterprise
Architecture modeling, then how to extend the BPM layer and how to integrate
the security goals in the model. It also provides a nice drawing showing and
explaining how security goals can be modeled.
Section 4 compares the approach with some
related work.
Section 5 discusses the potential benefits
of he approach and outlines some future work that can be done.
This paper provided a modeling extension to
express security requirements at the business process level, which is generic and
could be applied to any modeling notation.
No comments:
Post a Comment