Reasoning on the usage control security policies over data artifact business process models

Montserrat Estañol; Ángel Jesús Varela-Vaca; Marı́a Teresa Gómez-López; Ernest Teniente; Rafael M. Gasca

Montserrat Estañol ; Ángel Jesús Varela-Vaca ; Marı́a Teresa Gómez-López ; Ernest Teniente ; Rafael M. Gasca

Computer Science and Information Systems, Tome 19 (2022) no. 2 Cet article a éte moissonné depuis la source Computer Science and Information Systems website

Voir la notice de l'article

Résumé

The inclusion of security aspects in organizations is a crucial aspect to ensure compliance with both internal and external regulations. Business process models are a well-known mechanism to describe and automate the activities of the organizations, which should include security policies to ensure the correct performance of the daily activities. Frequently, these security policies involve complex data which cannot be represented using the standard Business Process Model Notation (BPMN). In this paper, we propose the enrichment of the BPMN with a UML class diagram to describe the data model, that is also combined with security policies defined using the UCON ABC framework annotated within the business process model. The integration of the business process model, the data model, and the security policies provides a context where more complex reasoning can be applied about the satisfiability of the security policies in accordance with the business process and data models. To do so, we transform the original models, including security policies, into the BAUML framework (an artifact-centric approach to business process modelling). Once this is done, it is possible to ensure that there are no inherent errors in the model (verification) and that it fulfils the business requirements (validation), thus ensuring that the business process and the security policies are compatible and that they are aligned with the business security requirements.

Keywords: Business Process, Security policy, Usage control model, Data artifact, Reasoning

@article{CSIS_2022_19_2_a4,
     author = {Montserrat Esta\~nol and \'Angel Jes\'us Varela-Vaca and Mar{\i}́a Teresa G\'omez-L\'opez and Ernest Teniente and Rafael M. Gasca},
     title = {Reasoning on the usage control security policies over data artifact business process models},
     journal = {Computer Science and Information Systems},
     year = {2022},
     volume = {19},
     number = {2},
     url = {http://geodesic.mathdoc.fr/item/CSIS_2022_19_2_a4/}
}

TY  - JOUR
AU  - Montserrat Estañol
AU  - Ángel Jesús Varela-Vaca
AU  - Marı́a Teresa Gómez-López
AU  - Ernest Teniente
AU  - Rafael M. Gasca
TI  - Reasoning on the usage control security policies over data artifact business process models
JO  - Computer Science and Information Systems
PY  - 2022
VL  - 19
IS  - 2
UR  - http://geodesic.mathdoc.fr/item/CSIS_2022_19_2_a4/
ID  - CSIS_2022_19_2_a4
ER  -

%0 Journal Article
%A Montserrat Estañol
%A Ángel Jesús Varela-Vaca
%A Marı́a Teresa Gómez-López
%A Ernest Teniente
%A Rafael M. Gasca
%T Reasoning on the usage control security policies over data artifact business process models
%J Computer Science and Information Systems
%D 2022
%V 19
%N 2
%U http://geodesic.mathdoc.fr/item/CSIS_2022_19_2_a4/
%F CSIS_2022_19_2_a4

Montserrat Estañol; Ángel Jesús Varela-Vaca; Marı́a Teresa Gómez-López; Ernest Teniente; Rafael M. Gasca. Reasoning on the usage control security policies over data artifact business process models. Computer Science and Information Systems, Tome 19 (2022) no. 2. http://geodesic.mathdoc.fr/item/CSIS_2022_19_2_a4/

Parcourir par

Geodesic

Parcourir par