Roman Pilipchuk scite author profile

Access control policies are a fundamental building block in meeting security and privacy requirements in organizations across business processes, enterprise architectures, and software architectures. Usage of different models for business processes and software makes eliciting and enforcing access control policies hard. Approaches like enterprise architecture management target complex mutual interdependencies between business and IT models but can be hard to apply. We suggest an approach to derive access control requirements from business processes and test compliance of software designs by data flow analyses. As a result, business processes and software designs are aligned w.r.t. access control requirements.

show abstract

Challenges in Aligning Enterprise Application Architectures to Business Process Access Control Requirements in Evolutional Changes

Pilipchuk

Seifermann

Heinrich

et al. 2021

View full text Add to dashboard Cite

Challenges in Aligning Enterprise Application Architectures to Business Process Access Control Requirements in Evolutional Changes

Pilipchuk

Seifermann

Heinrich

et al. 2021

View full text Add to dashboard Cite

Business processes define requirements for software systems that support business goals. Enterprise Application Architectures (EAAs) organize the structure and behavior of the required software systems. Satisfying requirements regarding the confidentiality of information that originate from the business process design is crucial to fulfill legal obligations and corporate policies. Violating these obligations and policies can lead to high fines and lost assets. There is a gap in modeling confidentiality requirements holistically across business processes and EAAs (Alpers et al., 2019). Hence, aligning EAAs with business processes by identifying violated business access control requirements (ACRs) during the architectural design phase is vital. Thereto, three challenges need to be overcome: i) define the meaning of read and write from ACRs for EAAs, ii) identify relevant parts of the EAA affected by ACRs and iii) define rules to cope with data type refinement. In this paper, we present the challenges, solutions to them and our scientific findings that we made during the development of AcsALign, which is an approach to align the EAAs to ACRs of business processes in the early design phase and evolution scenarios using the established modeling languages Business Process Model and Notation (BPMN) and Palladio Component Model (PCM). We apply our solutions in a real-world case study. Evaluation results show satisfying accuracy of the requirements extraction and architectural alignment.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Roman Pilipchuk

The Current State of the Holistic Privacy and Security Modelling Approach in Business Process and Software Architecture Modelling

Identifying Needs for a Holistic Modelling Approach to Privacy Aspects in Enterprise Software Systems

Aligning Business Process Access Control Policies with Enterprise Architecture

Challenges in Aligning Enterprise Application Architectures to Business Process Access Control Requirements in Evolutional Changes

Challenges in Aligning Enterprise Application Architectures to Business Process Access Control Requirements in Evolutional Changes

Contact Info

Product

Resources

About