Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges

Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges

Abstract

Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in PAIS. Hence, in this paper, we display state of the art and provide a taxonomy of security policies in PAIS. Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in PAIS. We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research. Keywords-Security Policies

Grafik Top
Authors
  • Leitner, Maria
Grafik Top
Projects
Grafik Top
Shortfacts
Category
Paper in Conference Proceedings or in Workshop Proceedings (Paper)
Event Title
ARES 2011, 6th International Conference on Availability, Reliability and Security
Divisions
Workflow Systems and Technology
Event Location
Vienna
Event Type
Workshop
Event Dates
Aug 22nd - 26th 2011
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Page Range
pp. 686-691
Date
2011
Official URL
http://dx.doi.org/10.1109/ARES.2011.107
Export
Grafik Top