1996
DOI: 10.1007/978-1-5041-2919-0_2
|View full text |Cite
|
Sign up to set email alerts
|

The Use of Business Process Models for Security Design in Organisations

Abstract: This paper introduces a security design method for information exchange in organisations. The method supports security authorities in the design of individual security models. An individual security model is a fully customised specification of access control information for information exchange within a particular business environment. We introduce transaction based business process models (BPMs) and utilise these models to specify need-to-know authorisations. Therefore, we allocate information from BPMs which… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
9
0

Year Published

1997
1997
2006
2006

Publication Types

Select...
4
1
1

Relationship

1
5

Authors

Journals

citations
Cited by 9 publications
(9 citation statements)
references
References 7 publications
0
9
0
Order By: Relevance
“…Conditions include tasks performed, time of day, resource availability and various other properties that can be used to describe a system's current operational state and behavior. The implications of "active", "just-in-time" or "need-to-know" authorizations have been discussed by various authors including [5,15,17]. We consider the authorizations generated from a choreography as active with respect to project membership, role, task and control flow.…”
Section: Discussion and Related Workmentioning
confidence: 99%
“…Conditions include tasks performed, time of day, resource availability and various other properties that can be used to describe a system's current operational state and behavior. The implications of "active", "just-in-time" or "need-to-know" authorizations have been discussed by various authors including [5,15,17]. We consider the authorizations generated from a choreography as active with respect to project membership, role, task and control flow.…”
Section: Discussion and Related Workmentioning
confidence: 99%
“…[32]). Many approaches adapt access control and authorization methods used in database and operation system areas to the domain of business processes and workflows (e.g., [1,5,9,30,53,58]). But the handling of security requirements of these areas need a more broaden view.…”
Section: Related Workmentioning
confidence: 99%
“…Transaction based business process models are used by Holbein et al [13,12] to derive role based access control for workflow data, i.e., information exchanged during the process execution. Their approach has been used in the MobiMed project [ 20], which aims to provide access control to data in a clinical environment.…”
Section: Related Workmentioning
confidence: 99%