Home // ICSEA 2012, The Seventh International Conference on Software Engineering Advances // View article

ESAC-BPM: Early Security Access Control in Business Process Management

Authors:
Mahmoud F. Ayoub
Riham Hassan
Hicham G. Elmongui

Keywords: Business process management, security data access control, business rule activities

Abstract:
Business process modeling notations do not provide explicit means to model security aspects such as access control, integrity and confidentiality. Business analysts who are not typically security experts are incapable of modeling security aspects that could not be modeled in business process modeling notations. In this paper, we propose systematic means to model access control explicitly in business process models. More specifically, we used Business Process Modeling Notation (BPMN) as a graphical notation to represent processes. Our proposed technique exploits BPMN by employing business rule activities to carry the access control logic as If-Then rules with conflict detection capabilities. We prove the validity of ESAC-BPM formally. Further, we demonstrate the technique using a case study for a reservation process for a movie store by telephone, that needs data access control policies to be applied on the process model.

Pages: 650 to 655

Copyright: Copyright (c) IARIA, 2012

Publication date: November 18, 2012

Published in: conference

ISSN: 2308-4235

ISBN: 978-1-61208-230-1

Location: Lisbon, Portugal

Dates: from November 18, 2012 to November 23, 2012