Monday, 8 November 2010

Summery of: Modelling Security Goals in Business Process

Paper: Modelling security goals in Business Processes.
Authors: Christian Wolter, Michael Menzel, Christoph Meinel.
Published: 2008.


The paper, basically proposing a new technique to integrate security requirements in the modeling notation. And then modeled security goals should be transformed into enforcing security polices implementations.
The paper provides:
-       Analysis of some basic security goals (authorization, confidentiality, integrity). Providing a general security policy and various related security constraint models.
-       A discussion on applying the models to the enterprise model layers.
-       Specifying security configuration in the context of business process.
-       An example banking process with annotation to security requirements to the model. As a proof of concept.

In the introduction, authors speaks about the paper, what is it about , the field on integrating security and BPM, and the paper’s organization.

Section 2 provides detailed discussion about some basic security goals and provides conceptual models. It gives an interpretation in BPM terms to some security goals (confidentiality, integrity, Authentication, Authorization, Auditing, Availability). Then it provides a constraint model to the first 4.

Section 3 outline dependencies between security goals and enterprise architecture model. It first talks about the Enterprise Architecture modeling, then how to extend the BPM layer and how to integrate the security goals in the model. It also provides a nice drawing showing and explaining how security goals can be modeled.
Section 4 compares the approach with some related work.

Section 5 discusses the potential benefits of he approach and outlines some future work that can be done.

This paper provided a modeling extension to express security requirements at the business process level, which is generic and could be applied to any modeling notation.

No comments:

Post a Comment