Source: M. Leitner. Security policies in adaptive process-aware
information systems: Existing approaches and challenges. In ARES 2011,
6th International Conference on Availability, Reliability and Security,
New York City, 2011. Institute of Electrical and Electronics Engineers
(IEEE).
The paper provided 6 challenges that are facing security policies in PAIS, and also provided a requirement that if fulfilled then the challenge will be solved. the following are summary of the challenges and the requirements to solve the challenges.
1) Policy Modeling:
2) Process Modeling:
Problems: Imagine a PAIS within the health care domain. There are a lot of guidelines that have to be included in the processes such as medical guidelines, public health guidelines, law, and budget restrictions. However, all guidelines have to be integrated in the processes. But which guidelines can be specified as security policies?
Problems: Policies can be administered at build and run time. The inherent approach does not support all constraints such as inter-process constraints. Imagine, a large system with about 500 roles, 1500 activities, and 500 security policies. Associating each policy to many activities is troublesome and inefficient. At this point it gets difficult: How can policies be associated with activities? Which criteria should be considered?
Problems: When a process changes such as add, delete, or move an activity all associated constraints have to be checked for correctness.
Problems: Approaches focus mostly on build time strategies where policies are set and checked for conflicts. However, policies such as authorization con- straints or legal regulations evolve over time.
Problems: Current systems neither provide inter- process security policies nor enable a semantical support. However, the interaction between process instances becomes more importan.
The paper provided 6 challenges that are facing security policies in PAIS, and also provided a requirement that if fulfilled then the challenge will be solved. the following are summary of the challenges and the requirements to solve the challenges.
** all information below is quoted directly from the source paper, non of this is in my own words **
Challenge 1: Modeling Security Policies
1) Policy Modeling:
Problems: While an imperative approach is very strict and definite, it may not be reasonable for certain domains where ad hoc decisions based on circumstances have to be made. In terms of security, a security expert has to examine all possibilities and specify all policies in advance in the declarative model. Especially in large systems, it is difficult to oversee all regulations, possible vulnerabilities, or risks for all processes. This might be demanding in a declarative model because all potential occurrences have to be examined.
Requirements: It is important to consider the policy modeling approach depending on the domain of the PAIS. A declarative approach presents a more flexible way for integrating ad hoc changes. However, enforcing security can be difficult because potential process paths have to be analyzed and the risks of threats minimized. An imperative modeling type enables a stringent security policy definition (e.g. authorization) and is therefore more solid because not all potential pathways have to be foreseen.
2) Process Modeling:
Problems: Current commercial systems mostly use attached and inherent process modeling but research proto- types tend to focus on a separate policy implementation. This distinction leads to various research scenarios.
Requirements: In general, it should be possible to separate the process model and the security policies from each other. Then, the checks for inconsistencies are more efficient in a repository (than e.g. going through each activity in a process). A repository supports also the administration of policies such as adding, updating or deleting which is essential due to continuously changing business requirements. Furthermore, separating process models from policies facilitates the evolution of processes. If the policies are not included in the data and control flow of the model, the process models can be significantly reduced to a minimal set of tasks.
3) Modeling Extensions:
Problems: Current approaches provide only some security function modeling and are at a very early stage. They neither provide patterns for all security policies nor specify a standardized vocabulary for enforcing security in PAIS. Current proposals use different symbols or text to display security. Modeling security policies in PAIS might include further challenges such as visualization. Imagine a large process model: Is it possible to present security-critical information in large models?
Requirements: It is necessary to identify the require- ments to enable security modeling extensions for standard notations. We require to investigate how to display semantical or technical security features. In large process models, the model should be kept simple and complexity should not increase due to security extensions.
Challenge 2: Separating Security Policies from other Constraints:
Problems: Imagine a PAIS within the health care domain. There are a lot of guidelines that have to be included in the processes such as medical guidelines, public health guidelines, law, and budget restrictions. However, all guidelines have to be integrated in the processes. But which guidelines can be specified as security policies?
Requirements: Security guidelines originate from various sources and have to be incorporated in PAIS. Security policies in PAIS should be related to the security objectives confidentiality, integrity, and availability. For example, the guideline “A surgery can only be performed with two doctors” is user- centric and relates to availability. Therefore, the rule can be categorized as a security policy in PAIS. This approach can be extended to other security principles (e.g. privacy).
Challenge 3: Mapping Policies to Process Activities:
Problems: Policies can be administered at build and run time. The inherent approach does not support all constraints such as inter-process constraints. Imagine, a large system with about 500 roles, 1500 activities, and 500 security policies. Associating each policy to many activities is troublesome and inefficient. At this point it gets difficult: How can policies be associated with activities? Which criteria should be considered?
Requirements: Ideally, there should be a mechanism that maps the security policies to process activities. However, to be able to handle the mapping, we need to know which rules should be associated with which activity. We demand an easy and manageable association of activities and policies at a fair level of complexity. Furthermore, we also require that scalability should be supported.
Challenge 4: Process Evolution:
Problems: When a process changes such as add, delete, or move an activity all associated constraints have to be checked for correctness.
Requirements: When a process changes, the corresponding policies (e.g. authorization constraints) should be validated. Because workflows can change at build and run time it is important to develop mechanisms to manage both scenarios. It should be possible to change an activity and to further maintain the security of the activity at the same level regardless of e.g. the changed control flow or data flow.
Challenge 5: Policy Evolution:
Problems: Approaches focus mostly on build time strategies where policies are set and checked for conflicts. However, policies such as authorization con- straints or legal regulations evolve over time.
Requirements: There is a need for administration of security policies such as adding, deleting, or updating rules. We require to enable an easy handling and maintenance of security policies at build, run, and change time. Therefore, security policies and process models should be administered separately.
Challenge 6: Inter-process Security Policies:
Problems: Current systems neither provide inter- process security policies nor enable a semantical support. However, the interaction between process instances becomes more importan.
Requirements: In PAIS, there is a growing need of more interaction between process instances. In particular, security policies should be enforced over multiple instances. When enabling interaction between instances, designers and practitioners have to tackle another challenge: How to model, implement, and enforce inter-instance constraints at a fair level of complexity.