Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges

2011 Sixth International Conference on Availability, Reliability and Security Pub Date : 2011-08-22 DOI:10.1109/ARES.2011.107

Maria Leitner

{"title":"Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges","authors":"Maria Leitner","doi":"10.1109/ARES.2011.107","DOIUrl":null,"url":null,"abstract":"Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in PAIS. Hence, in this paper, we display state of the art and provide a taxonomy of security policies in PAIS. Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in PAIS. We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2011.107","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in PAIS. Hence, in this paper, we display state of the art and provide a taxonomy of security policies in PAIS. Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in PAIS. We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.

查看原文本刊更多论文

自适应过程感知信息系统中的安全策略:现有的方法和挑战

实现安全性是自适应过程感知信息系统(PAIS)的关键挑战之一。由于自动化业务流程涉及许多参与者，使用私有和公共数据，并与外部服务通信，因此安全变得不可避免。在当前的系统中，安全性是通过访问控制模型和附加在工作流活动上的约束来实现的。然而，现有系统为安全策略提供了单独的实现(例如职责分离)，而忽略了其他约束(例如进程间约束)。缺少的是对PAIS中安全策略的系统分析。因此，在本文中，我们展示了最新的技术，并提供了PAIS中安全策略的分类。此外，还详细分析了研究面临的挑战和问题。我们将展示PAIS中仍然存在的缺点，并确定对安全性的重要要求。我们还将指出与指定、建模和更改安全策略相关的开放问题，这将为未来的研究提供路线图。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 Sixth International Conference on Availability, Reliability and Security

自引率

0.00%

发文量