Security Policy Integration and Life Cycle Management in Process-aware Information Systems

Security Policy Integration and Life Cycle Management in Process-aware Information Systems

Abstract

Process-aware Information Systems (PAIS) are information systems that manage and execute operational processes involving people, resources, and applications in a process-oriented way. To satisfy business needs, PAIS cover a set of requirements: they manage a multitude of participants, resources, and private and public information, and provide means for intra- and inter-organizational business processes. PAIS implementations range from information systems with process support (e.g., databases or document management systems) to application-specific implementations and generic solutions such as workflow systems. With the different forms and requirements of PAIS, it is imminent that security becomes a central concern. Although research has started to investigate security in PAIS, current state of research and practice is unbalanced. For example, there is a missing agreement on technology and controls. A reason is that PAIS research has centered on the development of core features of PAIS so far and neglected to thrive and foster security techniques. As the design and implementation of security policies is a fundamental key to a successful implementation of secure software systems, this thesis centers on the integration of security policies in PAIS. This thesis aimed at providing an integrated view on security policies in PAIS. Particularly, we investigated the security policy life cycle in combination with the business process life cycle. Together, the integrated view contributes to the implementation of security policies in business processes which further strengthens the IT security and compliance management in organizations. In the thesis, techniques were analyzed and provided on how to design and model, to enact and enforce, and to evaluate security policies in business processes. One main contribution is an Role-based Access Control (RBAC) model that incorporates structural aspects that are typically represented in business processes.

Grafik Top
Authors
  • Leitner, Maria
Grafik Top
Projects
Grafik Top
Shortfacts
Category
Thesis (PhD)
Divisions
Workflow Systems and Technology
Subjects
Computersicherheit
Angewandte Informatik
Date
2015
Official URL
http://othes.univie.ac.at/36146/
Export
Grafik Top