Results 1 - 10
of
10
Extending access control models with break-glass
- ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES
, 2009
"... Access control models are usually static, i. e., permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access control, i. e., the underlying policy, is needed. Break-glass is one approach for su ..."
Abstract
-
Cited by 21 (6 self)
- Add to MetaCart
(Show Context)
Access control models are usually static, i. e., permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access control, i. e., the underlying policy, is needed. Break-glass is one approach for such a flexible support of policies which helps to prevent system stagnation that could harm lives or otherwise result in losses. Today, breakglass techniques are usually added on top of standard access control solutions in an ad-hoc manner and, therefore, lack an integration into the underlying access control paradigm and the systems ’ access control enforcement architecture. We present an approach for integrating, in a fine-grained manner, break-glass strategies into standard access control models and their accompanying enforcement architecture. This integration provides means for specifying break-glass policies precisely and supporting model-driven development techniques based on such policies.
SecureBPMN: Modeling and Enforcing Access Control Requirements in Business Processes
"... Modern enterprise systems have to comply to regulations such as Basel III resulting in complex security requirements. These requirements need to be modeled at design-time and enforced at runtime. Moreover, modern enterprise systems are often business-process driven, i. e., the system behavior is des ..."
Abstract
-
Cited by 13 (5 self)
- Add to MetaCart
(Show Context)
Modern enterprise systems have to comply to regulations such as Basel III resulting in complex security requirements. These requirements need to be modeled at design-time and enforced at runtime. Moreover, modern enterprise systems are often business-process driven, i. e., the system behavior is described as high-level business processes that are executed by a business process execution engine. Consequently, there is a need for an integrated and toolsupported methodology that allows for specifying and enforcing compliance and security requirements for business process-driven enterprise systems. In this paper, we present a tool chain supporting both the design-time modeling as well as the run-time enforcement of security requirements for business process-driven systems.
Secure and compliant implementation of business process-driven systems
- in Joint Workshop on Security in Business Processes (SBP), ser. Lecture
"... Abstract. Today’s businesses are inherently process-driven. Consequently, the use of business-process driven systems, usually implemented on top of service-oriented or cloud-based infrastructures, is increasing. At the same time, the demand on the security, privacy, and compliance of such systems is ..."
Abstract
-
Cited by 7 (5 self)
- Add to MetaCart
(Show Context)
Abstract. Today’s businesses are inherently process-driven. Consequently, the use of business-process driven systems, usually implemented on top of service-oriented or cloud-based infrastructures, is increasing. At the same time, the demand on the security, privacy, and compliance of such systems is increasing as well. As a result, the costs—with respect to computational effort at runtime as well as financial costs—for operating business-process driven systems increase steadily. In this paper, we present a method for statically checking the security and conformance of the system implementation, e. g., on the source code level, to requirements specified on the business process level. As the compliance is statically guaranteed—already at design-time—this method reduces the number of run-time checks for ensuring the security and compliance and, thus, improves the runtime performances. Moreover, it reduces the costs of system audits, as there is no need for analyzing the generated log files for validating the compliance to the properties that are already statically guaranteed.
Multi-View Modeling to Support Embedded Systems Engineering in SysML
"... Abstract. Embedded systems engineering problems often involve many domains, each with their own experts and tools. To help these experts with analysis and decision making in their domain, it is desirable to present them with a view of the system that is tailored to their par-ticular task. In this pa ..."
Abstract
-
Cited by 5 (0 self)
- Add to MetaCart
(Show Context)
Abstract. Embedded systems engineering problems often involve many domains, each with their own experts and tools. To help these experts with analysis and decision making in their domain, it is desirable to present them with a view of the system that is tailored to their par-ticular task. In this paper, a model integration framework is demon-strated to address issues associated with multi-view modeling. The Sys-tems Modeling Language (OMG SysMLTM) is used as a general lan-guage to represent a common model for the system as well as the de-pendencies between the different domain-specific tools and languages. To maintain consistency between these domain-specific views, model trans-formations are defined that map the interdependent constructs to and from a common SysML model. The approach is illustrated by means of a mechatronic design problem involving views in multiple domain-specific tools, namely EPLAN FluidTM (to create production ready layouts) and Modelica R © (for dynamic system analysis). 1
Enabling Multi-View Modeling With SysML Profiles and Model Transformations
"... Abstract: Due to increases in system complexity, systems engineering problems often involve many domains, each with their own experts and tools. To help these experts with analysis and decision making, it is desirable to present them with a view of the system that is tailored to their particular tas ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
Abstract: Due to increases in system complexity, systems engineering problems often involve many domains, each with their own experts and tools. To help these experts with analysis and decision making, it is desirable to present them with a view of the system that is tailored to their particular task. In this paper, a model integration framework, based on Models Based Systems Engineering, is demonstrated to address issues associated with multi-view modeling. One important issue discussed in particular is the problem of maintaining consistency between the multiple models and views. The Systems Modeling Language (OMG SysMLTM) is proposed as a general language to represent the dependencies between the multiple views. Metamodels and graph transformations are defined to map between the views and maintain consistency between them. The integration is achieved in a user-interactive and continuous manner based on declarative transformation rules. The approach is illustrated by applying it to an example problem of an Electrical CAD subsystem of a mechatronic system.
A Framework for Secure Service Composition
"... Abstract—Modern applications are inherently heterogeneous: they are built by composing loosely coupled services that are, usually, offered and operated by different service providers. While this approach increases the flexibility of the composed applications, it makes the implementation of security ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Abstract—Modern applications are inherently heterogeneous: they are built by composing loosely coupled services that are, usually, offered and operated by different service providers. While this approach increases the flexibility of the composed applications, it makes the implementation of security and trustworthiness requirements difficult. As the number of security requirements is increasing dramatically, there is a need for new approaches that integrate security requirements right from the beginning while composing service-based applications. In this paper, we present a framework for secure service composition using a model-based approach for specifying, building, and executing composed services. As a unique feature, this framework integrates security requirements as a first class citizen and, thus, avoids the “security as an afterthought ” paradigm. I.
Metamodeling or Profiling: a Practical Case in the Web Engineering Domain
"... Abstract. Model Driven Development (MDD) provides several choices for the definition of modeling languages. The definition of a complete metamodel and the customization of a given metamodel using profiles are common approaches. In our opinion neither of these approaches is better than the other, and ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Model Driven Development (MDD) provides several choices for the definition of modeling languages. The definition of a complete metamodel and the customization of a given metamodel using profiles are common approaches. In our opinion neither of these approaches is better than the other, and the choice should depend on the characteristics of each project. This paper describes our experiences defining a graphical notation for the characterization of web navigational maps based on a MOF metamodel and a UML profile. The advantages and drawbacks of both approaches are examined, as well as the solution selected for our project.
Using SecureBPMN for Modelling Security-Aware Service Compositions
, 2014
"... Abstract. Today, many systems are built by orchestrating existing services, custom developed services, as well as interaction with users. These orchestrations, also called composition plans, are often described using high-level modelling languages that allow for simplifying 1) the implementation of ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Today, many systems are built by orchestrating existing services, custom developed services, as well as interaction with users. These orchestrations, also called composition plans, are often described using high-level modelling languages that allow for simplifying 1) the implementation of systems by using generic execution engines and 2) the adaption of deployed systems to changing business needs. Thus, composition plans play an important role for both communicating business requirements between domain experts and system experts, and serving as a basis for the system implementation. At the same time, ICT systems need to fulfil an increasing number of security and compliance requirements. Thus, there is a demand for integrating security and compliance requirements into composition plans. We present SecureBPMN, a language for modelling security properties that can easily be integrated into languages used for describing service orchestrations. Moreover, we integrate SecureBPMN into BPMN and, thus, present a common language for describing service orchestration (in terms of business process models) together with their security and compliance requirements.
Information Technology Integration von Sicherheitsaspekten in Geschäftsprozessmodelle Integrating Security Aspects into Business Process Models
"... MS-ID: Heft: 55/6 (2013) Abstract Modern enterprise systems are often process-driven and, thus, rely heavily on process-aware information systems. In such systems, high-level process-models play an important role both for communicating business requirements between domain experts and system experts ..."
Abstract
- Add to MetaCart
(Show Context)
MS-ID: Heft: 55/6 (2013) Abstract Modern enterprise systems are often process-driven and, thus, rely heavily on process-aware information systems. In such systems, high-level process-models play an important role both for communicating business requirements between domain experts and system experts as well as basis for the system implementation. Since several years, enterprise system need to fulfil an increasing number of the security and compliance requirements. Thus, there is an increasing demand for integrating high-level security and compliance requirements into process models, i. e., a common language for domain experts, system experts, and security experts. We present a security modelling language, called SecureBPMN, that can easily be integrated into business process modelling languages. In this paper, we exemplary integrate SecureBPMN into BPMN and, thus, present a common language for describing business process models together with their security and compliance requirements.
