Thursday, 23 December 2010

Annotated Bib.: Security in Business Process Engineering



[1] M. Backes, B. Pfitzmann, and M. Waidner. Security in business process engineering. In W. M. P. van der Aalst, A. H. M. ter Hofstede, and M. Weske, editors, Business Process Management, volume 2678 of Lecture Notes in Computer Science, pages 168–183. Springer, 2003. 

The paper starts by showing that security is usually neglected in the modelling phase and only integrated in an ad-hoc manner later on, then it goes on showing how problematic this approach is, and how that security should be considered earlier as it will make it clearer, easier, and will produce less errors.
The paper then discusses the trust models, and how they can be applied to BPM, it also give an example to illustrate the need of integrating security (specially cryptography) in early stagiest of BPM. The example used was "Certified Mail System". The paper then went in to technical details in showing what security requirements are needed in such example; it was focusing more on the cryptographic requirements, and little on Trust.
Then it goes on showing in detailed technical way how would considering security requirements from the beginning help in building butter system.
It finally ends with comparing this work with other works done by others, and showing how considering cryptography from the beginning was useful in this example.

Relation to the research on hand, this paper shows the importance of early consideration of security, instead of an ad-hoc way. It also add to the review on what work is done in integrating security in to BPM. Also it gave a brief discussion about trust and trust-models, and showed that this might be important to BPM and it need to be integrated.

No comments:

Post a Comment