Supporting Agile Development of Authorization Rules for SME Applications

Bartsch, Steffen; Sohr, Karsten; Bormann, Carsten

doi:10.1007/978-3-642-03354-4_35

Cited by 7 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to support the authorization policy development, Bartsch (2008) introduce a simple and readable authorization rules language implemented in a Ruby on Rails (http://www. rubyonrails.org) authorization plug-in that is employed in workflow application.…”

Section: Discussionmentioning

confidence: 99%

Towards a Flexible and Adaptable Modeling of Business Processes

Bekki

Belachir

2011

International Journal of Information Technology and Web Engineering

View full text Add to dashboard Cite

This article proposes a flexible way in business process modeling and managing. Today, business process needs to be more flexible and adaptable. The regulations and policies in organizations, as origins of change, are often expressed in terms of business rules. The ECA (Event-condition-action) rule is a popular way to incorporate flexibility into a process design. To raise the flexibility in the business processes, the authors consider governing any business activity through ECA rules based on business rules. For adaptability, the separation of concerns supports adaptation in several ways. To cope with flexibility and adaptability, the authors propose a new multi concern rule based model. For each concern, each business rule is formalized using their CECAPENETE formalism (Concern -Event-Condition-Action-Post condition-check Execution-Number of check -Else-Trigger-else Event). Then, the rules based process is translated into a graph of rules that is analyzed in terms of relations between concerns, reliably and flexibility.

show abstract

Section: Discussionmentioning

confidence: 99%

Towards a Flexible and Adaptable Modeling of Business Processes

Bekki

Belachir

2011

International Journal of Information Technology and Web Engineering

View full text Add to dashboard Cite

show abstract

“…[10]). The special requirements of the targeted environment with regard to security engineering are also analyzed by Bartsch et al in [4] addressing authorization rules for SME applications providing a dedicated DSML and a corresponding enforcement implementation.…”

Section: Creation Of Security Conceptmentioning

confidence: 99%

“…Those projects are confronted with scarce resources, especially on expert knowledge outside the organization's core competences. Hence, security engineering activities have to be addressed on the basis of restricted knowledge, delivering quick results and a flexible integration in existing tool chains and processes [4]. A vital part of the security engineering activities in these projects is the assessment and treatment of IT security risks [2].…”

Section: Introductionmentioning

confidence: 99%

Lightweight Modeling and Analysis of Security Concepts

Eichler¹

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.Modeling results from risk assessment and the selection of safeguards is an important activity in information security management. Many approaches for this activity focus on an organizational perspective, are embedded in heavyweight processes and tooling and require extensive preliminaries. We propose a lightweight approach introducing SeCoML -a readable language on top of an established methodology within an open framework. Utilizing standard tooling for creation, management and analysis of SeCoML models our approach supports security engineering and integrates well in different environments. Also, we report on early experiences of the language's use.Keywords: Risk Assessment, Information Security Management, Security Engineering, DSML IntroductionFlexibility and adaptability are key drivers for success of today's enterprises. Therefore smart and tailored processes and applications are crucial, especially for small and medium sized enterprises (SME) [22]. The execution of information technology (IT) related projects to develop or adapt applications to the needs of the organization, the integration of applications to better support business processes, and the adaptation of IT-supported business processes to changing needs in the market is a recurring task in order to provide the necessary infrastructure. Those projects are confronted with scarce resources, especially on expert knowledge outside the organization's core competences. Hence, security engineering activities have to be addressed on the basis of restricted knowledge, delivering quick results and a flexible integration in existing tool chains and processes [4]. A vital part of the security engineering activities in these projects is the assessment and treatment of IT security risks [2]. To conduct risk assessment and risk treatment

show abstract

Policy override in practice: model, evaluation, and decision support

Bartsch

2012

Security Comm. Networks

View full text Add to dashboard Cite

Supporting Agile Development of Authorization Rules for SME Applications

Cited by 7 publications

References 15 publications

Towards a Flexible and Adaptable Modeling of Business Processes

Towards a Flexible and Adaptable Modeling of Business Processes

Lightweight Modeling and Analysis of Security Concepts

Policy override in practice: model, evaluation, and decision support

Contact Info

Product

Resources

About