Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Business & Information Systems Engineering
Erschienen in: Business & Information Systems Engineering 4/2014

01.08.2014 | Research Paper

Modeling Support for Role-Based Delegation in Process-Aware Information Systems

verfasst von: Dr. Sigrid Schefer-Wenzl, Prof. Dr. Mark Strembeck

Erschienen in: Business & Information Systems Engineering | Ausgabe 4/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

In the paper, an integrated approach for the modeling and enforcement of delegation policies in process-aware information systems is presented. In particular, a delegation extension for process-related role-based access control (RBAC) models is specified. The extension is generic in the sense that it can be used to extend process-aware information systems or process modeling languages with support for process-related RBAC delegation models. Moreover, the detection of delegation-related conflicts is discussed and a set of pre-defined resolution strategies for each potential conflict is provided. Thereby, the design-time and runtime consistency of corresponding RBAC delegation models can be ensured. Based on a formal metamodel, UML2 modeling support for the delegation of roles, tasks, and duties is provided. A corresponding case study evaluates the practical applicability of the approach with real-world business processes. Moreover, the approach is implemented as an extension to the BusinessActivity library and runtime engine.
Vorheriger Artikel The Business Value of Process Flexibility
Nächster Artikel Industry 4.0

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren
Weitere Produktempfehlungen anzeigen
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
We assume that each subject can (at the subject’s discretion) activate the roles that are directly assigned to this subject as well as the junior-roles of its directly assigned roles (see, e.g., Ferraiolo et al. 1999; Sandhu et al. 1996)
 
Literatur
Atluri V, Warner J (2005) Supporting conditional delegation in secure workflow management systems. In: Proceedings of the 10th ACM symposium on access control models and technologies (SACMAT), pp 49–58
Barka E, Sandhu R (2000a) A role-based delegation model and some extensions. In: Proceedings of the 23rd national information systems security conference (NISSEC)
Barka E, Sandhu R (2000b) Framework for role-based delegation models. In: Proceedings of the 16th annual computer security applications conference (ACSAC)
Basin D, Doser J, Lodderstedt T (2006) Model driven security: from UML models to access control Infrastructure. ACM Transactions on Software Engineering and Methodolocy 15(1):39–91 CrossRef
Botha RA, Eloff JH (2001) Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3):666–682 CrossRef
Casati F, Castano S, Fugini M (2001) Managing workflow authorization constraints through active database technology. Information Systems Frontiers 3(3):319–338 CrossRef
Cole J, Derrick J, Milosevic Z, Raymond K (2001) Author obliged to submit paper before 4 July: policies in an enterprise specification. In: Proceedings of the International workshop on policies for distributed systems and networks (POLICY), pp 1–17 CrossRef
Corbin J, Strauss A (2008) Basics of qualitative research: techniques and procedures for developing grounded theory. Sage, Thousand Oaks
Crampton J, Khambhammettu H (2008a) Delegation and satisfiability in workflow systems. In: Proceedings of the 13th ACM symposium on access control models and technologies (SACMAT), pp 31–40 CrossRef
Crampton J, Khambhammettu H (2008b) Delegation in role-based access control. International Journal of Information Security 7(2):123–136 CrossRef
Crampton J, Khambhammettu H (2008c) On delegation and workflow execution models. In: Proceedings of the 2008 ACM symposium on applied computing (SAC)
Dumas M, Rosa ML, Mendling J, Maesaku R, Hajo AR, Semenenko N (2012) Understanding business process models: the costs and benefits of structuredness. In: Proceedings of the 24th International conference on advanced information systems engineering (CAiSE)
Ferraiolo D, Barkley J, Kuhn D (1999) A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security (TISSEC) 2(1)
Ferraiolo DF, Kuhn DR, Chandramouli R (2007) Role-based access control, 2nd edn. Artech House, Norwood
Gaaloul K, Charoy F (2009) Task delegation based access control models for workflow systems. In: Proceedings of the 9th IFIP conference on e-business, e-services, and e-society (I3E)
Gaaloul K, Zahoor E, Charoy F, Godart C (2010) Dynamic authorisation policies for event-based task delegation. In: Proceedings of the 22nd International conference on advanced information systems engineering (CAiSE)
Gaaloul K, Proper E, Charoy F (2011) An extended RBAC model for task delegation in workflow systems. In: Proceedings of the workshops on business informatics research
Georgiadis CK, Mavridis I, Pangalos G, Thomas RK (2001) Flexible team-based access control using contexts. In: Proceedings of the 6th ACM symposium on access control models and technologies (SACMAT), pp 21–27
Ghorbel-Talbi MB, Cuppens F, Cuppens-Boulahia N (2010) Negotiating and delegating obligations. In: Proceedings of the International conference on management of emergent digital ecosystems (MEDES)
Ghorbel-Talbi MB, Cuppens F, Cuppens-Boulahia N, Metayer DL, Piolle G (2011) Delegation of obligations and responsibility. In: Proceedings of the International information security and privacy conference (SEC)
Hasebe K, Mabuchi M, Matsushita A (2010) Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM symposium on access control models and technologies (SACMAT), pp 109–118 CrossRef
Hoisl B, Sobernig S, Strembeck M (2014) Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach. Software and Systems Modeling 2:513–548 CrossRef
Hove SE, Anda B (2005) Experiences from conducting semi-structured interviews in empirical software engineering research. In: Proceedings of the 11th IEEE International software metrics symposium (METRICS)
Joshi JBD, Bertino E (2006) Fine-grained role-based delegation in presence of the hybrid role hierarchy. In: Proceedings of the 11th ACM symposium on access control models and technologies (SACMAT), pp 81–90
Jürjens J (2005) Sound methods and effective tools for model-based security engineering with UML. In: Proceedings of the 27th International conference on software engineering (ICSE)
Mouratidis H, Jürjens J (2010) From goal-driven security requirements engineering to secure design. International Journal of Intelligent Systems 25(8):813–840 CrossRef
Neumann G, Sobernig S (2009) XOTcl 2.0 – a ten-year retrospective and outlook. In: Proceedings of the sixteenth annual Tcl/Tk conference
Neumann G, Sobernig S (2011) An overview of the next scripting toolkit. In: Proceedings of the 18th annual Tcl/Tk conference
Neumann G, Zdun U (2000) XOTcl, an object-oriented scripting language. In: Proceedings of Tcl2k: the 7th USENIX Tcl/Tk conference
Oh S, Park S (2003) Task-role-based access control model. Information Systems 28(6):533–562 CrossRef
Ousterhout J (1990) Tcl: an embeddable command language. In: Proceedings of the winter USENIX conference
Ravichandran A, Yoon J (2006) Trust management with delegation in grouped peer-to-peer communities. In: Proceedings of the 11th ACM symposium on access control models and technologies (SACMAT), pp 71–80
Recker J, Indulska M, Rosemann M, Green P (2006) How good is BPMN really? Insights from theory and practice. In: 14th European conference on information systems
Rodriguez A, de Guzman IGR (2007) Obtaining use case and security use cases from secure business process through the MDA approach. In: Proceedings of the international workshop on security in information systems (WOSIS)
Rodriguez A, Fernandez-Medina E, Piattini M (2006) Towards a UML 2.0 extension for the modeling of security requirements in business processes. In: Proceedings of the international conference on trust and privacy in digital business (TrustBus)
Runeson P, Höst M (2009) Guidelines for conducting and reporting case study research in software engineering. Empirical Software Engineering 14(2):131–164 CrossRef
Russell N, Hofstede AHMT, Edmond D (2005) Workflow resource patterns: identification, representation and tool support. In: Proceedings of the 17th conference on advanced information systems engineering (CAiSE’05). Lecture notes in computer science, vol 3520. Springer, Heidelberg, pp 216–232 CrossRef
Sandhu R, Coyne E, Feinstein H, Youman C (1996) Role-based access control models. IEEE Computer 29(2):38–47 CrossRef
Schaad A (2001) Detecting conflicts in a role-based delegation model. In: Proceedings of the 17th annual computer security applications conference (ACSAC), pp 117–126
Schaad A, Moffett JD (2002) Delegation of obligations. In: Proceedings of the 3rd International workshop on policies for distributed systems and networks (POLICY)
Schefer S, Strembeck M (2011a) Modeling process-related duties with extended UML activity and interaction diagrams. Electronic Communications of the EASST, 37
Schefer S, Strembeck M (2011b) Modeling support for delegating roles, tasks, and duties in a process-related RBAC context. In: International workshop on information systems security engineering (WISSE). Lecture notes in business information processing. Springer, Heidelberg
Schefer S, Strembeck M, Mendling J, Baumgrass A (2011) Detecting and resolving conflicts of mutual-exclusion and binding constraints in a business process context. In: Proceedings of the 19th International conference on cooperative information systems (CoopIS). Lecture notes in computer science, vol 7044. Springer, Heidelberg
Schefer-Wenzl S, Strembeck M, Baumgrass A (2012) An approach for consistent delegation in process-aware information systems. In: Proceedings of the 15th International conference on business information systems (BIS). Lecture notes in business information processing, vol 117. Springer, Heidelberg
Schefer-Wenzl S, Sobernig S, Strembeck M (2013) Evaluating a UML-based modeling framework for process-related security properties: a qualitative multi-method study. In: Proceedings of the 21st European conference on information systems (ECIS), Utrecht
Schmidt DC (2006) Model-driven engineering – guest editor’s introduction. IEEE Computer 39(2):25–31 CrossRef
Selic B (2003) The pragmatics of model-driven development. IEEE Software 20(5):19–25 CrossRef
Shang Q, Wang X (2008) Constraints for permission-based delegations. In: Proceedings of the 8th IEEE International conference on computer and information technology workshops (CITWORKSHOPS), pp 216–223
Sloman MS (1994) Policy driven management for distributed systems. Journal of Network and Systems Management 2(4):333–360 CrossRef
Sohr K, Kuhlmann M, Gogolla M, Hu H, Ahn GJ (2012) Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL. Information and Software Technology 54(12):1396–1417 CrossRef
Stahl T, Völter M (2006) Model-driven software development. Wiley, New York
Strembeck M (2005) Embedding policy rules for software-based systems in a requirements context. In: Proceedings of the 6th IEEE International workshop on policies for distributed systems and networks (POLICY)
Strembeck M (2010) Scenario-driven role engineering. IEEE Security & Privacy 8(1):28–35 CrossRef
Strembeck M, Mendling J (2010) Generic algorithms for consistency checking of mutual-exclusion and binding constraints in a business process context. In: Proceedings of the 18th International conference on cooperative information systems (CoopIS). Lecture notes in computer science, vol 6426. Springer, Heidelberg
Strembeck M, Mendling J (2011) Modeling process-related RBAC models with extended UML activity models. Information and Software Technology 53(5):456–483 CrossRef
Tan K, Crampton J, Gunter CA (2004) The consistency of task-based authorization constraints in workflow systems. In: Proceedings of the 17th IEEE workshop on computer security foundations
Thomas RK, Sandhu RS (1997) Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP TC11 WG11.3 11th International conference on database security XI: status and prospects, pp 166–181
Vondal F (2012) Modellierung von Delegation in prozessbezogenen RBAC-Modellen – Eine Fallstudie. Bachelor thesis, WU Vienna
Wainer J, Barthelmess P, Kumar A (2003) W-RBAC – a workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems 12(4):455 CrossRef
Wainer J, Kumar A, Barthelmess P (2007) DW-RBAC: a formal security model of delegation and revocation in workflow systems. Information Systems 32(3):365–384 CrossRef
Warner J, Atluri V (2006) Inter-instance authorization constraints for secure workflow management. In: Proceedings of the 11th ACM symposium on access control models and technologies (SACMAT), pp 190–199
Weske M (2012) Business process management: concepts, languages, architectures, 2nd edn. Springer, Heidelberg CrossRef
Wolter C, Schaad A, Meinel C (2008) A transformation approach for security enhanced business processes. In: Proceedings of the IASTED International conference on software engineering
Wolter C, Menzel M, Schaad A, Miseldine P, Meinel C (2009) Model-driven business process security requirement specification. Journal of Systems Architecture 55(4):211–223 CrossRef
Zdun U, Strembeck M, Neumann G (2007) Object-based and class-based composition of transitive mixins. Information and Software Technology 49(8):871–891 CrossRef
Zhang L, Ahn GJ, Chu BT (2003a) A rule-based framework for role-based delegation and revocation. ACM Transations on Information System Security 6(3):404–441 CrossRef
Zhang X, Oh S, Sandhu R (2003b) PBDM: a flexible delegation model in RBAC. In: Proceedings of the 8th ACM symposium on access control models and technologies (SACMAT), pp 149–157
Zhao G, Chadwick D, Otenko S (2007) Obligations for role based access control. In: Proceedings of the 21st International conference on advanced information networking and applications workshops (AINAW), pp 424–431 CrossRef
zur Muehlen M, Indulska M (2010) Modeling languages for business processes and business rules: a representational analysis. Information Systems 35(4):379–390 CrossRef
Metadaten
Titel
Modeling Support for Role-Based Delegation in Process-Aware Information Systems
verfasst von
Dr. Sigrid Schefer-Wenzl
Prof. Dr. Mark Strembeck
Publikationsdatum
01.08.2014
Verlag
Springer Fachmedien Wiesbaden
Erschienen in
Business & Information Systems Engineering / Ausgabe 4/2014
Print ISSN: 2363-7005
Elektronische ISSN: 1867-0202
DOI
https://doi.org/10.1007/s12599-014-0343-3

Weitere Artikel der Ausgabe 4/2014

Business & Information Systems Engineering 4/2014 Zur Ausgabe

Research Paper

The Business Value of Process Flexibility

Catchword

Industry 4.0

Research Paper

Exploring the Interplay of the Design and Emergence of Business Processes as Organizational Routines

Profile

Interview with Reinhard Schütte on “Managing Large-Scale BPM Projects”

Discussion

Digital Life as a Topic of Business and Information Systems Engineering?

Imprint

Imprint

Premium Partner

    Bildnachweise