Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Wearable Device Technology in Healthcare—Exploring Constraining and Enabling Factors Kapitel lesen Erstes Kapitel lesen

2020 | OriginalPaper | Buchkapitel

Process Driven Access Control and Authorization Approach

verfasst von : John Paul Kasse, Lai Xu, Paul de Vrieze, Yuewei Bai

Erschienen in: Fourth International Congress on Information and Communication Technology

Verlag: Springer Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Compliance to regulatory requirements is key to successful collaborative business process execution. The review of the EU General Data Protection Regulation (GDPR) brought to the fore the need to comply with data privacy. Access control and authorization mechanisms in workflow management systems based on roles, tasks, and attributes do not sufficiently address the current complex and dynamic privacy requirements in collaborative business process environments due to diverse policies. This paper proposes process driven authorization as an alternative approach to data access control and authorization where access is granted based on a legitimate need to accomplish a task in the business process. Due to vast sources of regulations, a mechanism to derive and validate a composite set of constraints free of conflicts and contradictions is presented. An extended workflow tree language is also presented to support constraint modeling. An industry case pick and pack process is used for illustration.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel q-LMF: Quantum Calculus-Based Least Mean Fourth Algorithm
Nächstes Kapitel Comprehensive Exploration of Game Reviews Extraction and Opinion Mining Using NLP Techniques
Literatur
1.
E. Bertino, C. Bettini, E. Ferrari, P. Samarati, An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231 (1998)CrossRef
2.
E. Bertino, E. Ferrari, V. Atluri, The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)CrossRef
3.
G. Karjoth, Aligning security and business objectives for process-aware information systems, in Proceedings 5th ACM Conference Data Applied Security Privacy—CODASPY’15 (2015) pp. 243–243
4.
S. Sadiq, G. Governatori, Managing regulatory compliance in business processes. Handb. Bus. Process Manag. 2, 159–175 (2010)CrossRef
5.
K. Tan, J. Crampton, C.A. Gunter, The consistency of task-based authorization constraints in workflow systems, in Proceedings 17th IEEE Computer Security Foundations Workshop, (2004) pp. 155–169
6.
J.P. Kasse, L. Xu, P.T. de Vrieze, The need for compliance verification in collaborative business processes (2018)
7.
O.M.G. Omg, Business Process Model and Notation (BPMN) Version 2.0, in Business, vol. 50 (2011), p. 170
8.
M. Salnitri, F. Dalpiaz, P. Giorgini, Modeling and verifying security policies in business processes, in Lecture Notes in Business Information Processing, vol. 175 (LNBIP, 2014), pp. 200–214
9.
G. Monakova, A.D. Brucker, A. Schaad, Security and safety of assets in business processes, in Proceedings of the 27th Annual ACM Symposium on Applied Computing—SAC’12 (2012) p. 1667
10.
J. Müller, Security mechanisms for workflows in service-oriented architectures (2015)
11.
G. Koliadis, Verifying semantic business process models in inter-operation, in IEEE International Conference on Services Computing (2007)
12.
J.P. Kasse, L. Xu, P. de Vrieze, A comparative assessment of collaborative business process verification approaches, vol. 506 (2017)
13.
D. Basin, E.T.H. Zurich, Optimal workflow-aware authorizations, in Proceedings of the 17th ACM Symposium Access Control Models and Technologies ACM (2011) pp. 93–102
14.
A.M. Awad, A Compliance Management Framework for Business Process Models. Ph.D. thesis (2010)
15.
D. Nikovski, B. Akihiro, Workflow trees for representation and mining of implicitly concurrent business processes, in ICEIS 2008—Proceedings of the 10th International Conference on Enterprise Information Systems (ISAS), vol. 2 (2008), pp. 30–36
16.
J. Crampton, G. Gutin, Constraint expressions and workflow satisfiability, in Proceedings of the 18th ACM Symposium Access Control Models and Technologies ACM (2013), pp. 73–84
17.
D.R. dos Santos, S.E. Ponta, S. Ranise, Modular synthesis of enforcement mechanisms for the workflow satisfiability problem, in Proceedings of the 21st ACM Symposium Access Control Models and Technologies—SACMAT’16 (2016), pp. 89–99
18.
M.C. Mont, R. Thyne, Privacy policy enforcement in enterprises with identity management solutions. J. Comput. Secur. 16(2), 133–163 (2008)CrossRef
19.
M.C. Mont, R. Thyne, A systemic approach to automate privacy policy enforcement in enterprises, in International Workshop on Privacy Enhancing Technologies (2006), pp. 118–134
Metadaten
Titel
Process Driven Access Control and Authorization Approach
verfasst von
John Paul Kasse
Lai Xu
Paul de Vrieze
Yuewei Bai
Copyright-Jahr
2020
Verlag
Springer Singapore
Buch
Fourth International Congress on Information and Communication Technology

Print ISBN: 978-981-15-0636-9

Electronic ISBN: 978-981-15-0637-6

Copyright-Jahr: 2020

DOI
https://doi.org/10.1007/978-981-15-0637-6_26