ACCESS CONTROL MODELS FOR BUSINESS PROCESSES

Vahid R. Karimi; Donald D. Cowan

doi:10.5220/0002959904890498

ACCESS CONTROL MODELS FOR BUSINESS PROCESSES

Vahid R. Karimi, Donald D. Cowan

2010

Abstract

A business model describes certain operations of an enterprise, and an important aspect of business operations deals with the specification of access control policies, which are used to constrain the business operations by adding what should, could, or must be. We describe the use of patterns for presenting access control models and policies. Our goal is to specify access control policies such that they are based on access control models and have the capability of policy languages, thereby making the foundational blocks of these policies and operational models identical. Thus, the integration of these policies into operational models is straightforward. To show our approach, we use Role-based Access Control (RBAC), a well-known access control model, and also select a business process model whose foundational building blocks are Resources, Events, and Agents (REA). We make three main contributions: 1) the use of the same foundational building blocks and similar models to describe business processes and access control models, 2) access control policies that are based on an access control model, and 3) access control policies that are rule-based and akin to policy languages. As a result, such models are more understandable, and their future modifications are more straightforward.

Download

Paper Citation

in Harvard Style

R. Karimi V. and D. Cowan D. (2010). ACCESS CONTROL MODELS FOR BUSINESS PROCESSES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 489-498. DOI: 10.5220/0002959904890498

in Bibtex Style

@conference{secrypt10,
author={Vahid R. Karimi and Donald D. Cowan},
title={ACCESS CONTROL MODELS FOR BUSINESS PROCESSES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={489-498},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002959904890498},
isbn={978-989-8425-18-8},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - ACCESS CONTROL MODELS FOR BUSINESS PROCESSES
SN - 978-989-8425-18-8
AU - R. Karimi V.
AU - D. Cowan D.
PY - 2010
SP - 489
EP - 498
DO - 10.5220/0002959904890498