Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Modellierung 2008, 12.-14. Maerz 2008, Berlin P-127, 197-212 (2008).

Gesellschaft fuer Informatik, Bonn


Thomas Kuehne (ed.), Wolfgang Reisig (ed.), Friedrich Steimann (ed.)

Copyright © Gesellschaft fuer Informatik, Bonn


Modelling Security Goals in Business Processes

Christian Wolter , Michael Menzel and Christoph Meinel


Various types of security goals, such as authentication or confidentiality, can be defined as policies for process-aware information systems, typically in a manual fashion. Therefore, we foster a model-driven transformation approach from modelled security goals in the context of process models to concrete security implementations. We argue that specific types of security goals may be expressed in a graphical fashion at the business process modelling level which in turn can be transformed into corresponding access control and security policies for process-aware information systems, for instance based on service-oriented architectures. In this paper we present security policy and policy constraint models. These models are projected onto general enterprise models and enterprise business processes in particular. We further discuss the suitability of this approach based on an example process and outline future work in order to derive security policy implementations out of the process models applicable for service-oriented architectures.

Full Text: PDF

Gesellschaft fuer Informatik, Bonn
ISBN 978-3-88579-221-5

Last changed 04.10.2013 18:17:00