SecureBPMN: Modeling and Enforcing Access Control Requirements in Business Processes

By Achim D. Brucker, Isabelle Hang, Gero Lückemeyer, and Raj Ruparel.

Modern enterprise systems have to comply to regulations such as Basel III resulting in complex security requirements. These requirements need to be modeled at design-time and enforced at runtime. Moreover, modern enterprise systems are often business-process driven, i. e., the system behavior is described as high-level business processes that are executed by a business process execution engine.

Consequently, there is a need for an integrated and tool-supported methodology that allows for specifying and enforcing compliance and security requirements for business process-driven enterprise systems.

In this paper, we present a tool chain supporting both the design-time modeling as well as the run-time enforcement of security requirements for business process-driven systems.

Keywords:
Process Security, SecureBPMN, RBAC, BPMN

Please cite this work as follows:
A. D. Brucker, I. Hang, G. Lückemeyer, and R. Ruparel, SecureBPMN: Modeling and enforcing access control requirements in business processes,” in ACM symposium on access control models and technologies (SACMAT), 2012, pp. 123–126. doi: 10.1145/2295136.2295160. Author copy: http://logicalhacking.com/publications/brucker.ea-securebpmn-2012/

BibTeX
@InProceedings{ brucker.ea:securebpmn:2012,
  title          = {{SecureBPMN}: Modeling and Enforcing Access Control
                    Requirements in Business Processes},
  author         = {Achim D. Brucker and Isabelle Hang and Gero L{\"u}ckemeyer
                    and Raj Ruparel},
  booktitle      = {ACM symposium on access control models and technologies
                    (SACMAT) },
  language       = {USenglish},
  publisher      = {ACM Press },
  address        = {New York, NY, USA },
  location       = {Newark, USA},
  areas          = {security, software,bpm},
  year           = {2012},
  copyright      = {ACM},
  doi            = {10.1145/2295136.2295160},
  mycopyrighturl = {https://dl.acm.org/authorize?6705782},
  pages          = {123--126},
  keywords       = {Process Security, SecureBPMN, RBAC, BPMN},
  abstract       = {Modern enterprise systems have to comply to regulations such
                    as Basel III resulting in complex security requirements. These
                    requirements need to be modeled at design-time and enforced at
                    runtime. Moreover, modern enterprise systems are often
                    business-process driven, i. e., the system behavior is
                    described as high-level business processes that are executed
                    by a business process execution engine.
                    
                    Consequently, there is a need for an integrated and
                    tool-supported methodology that allows for specifying and
                    enforcing compliance and security requirements for business
                    process-driven enterprise systems.
                    
                    In this paper, we present a tool chain supporting both the
                    design-time modeling as well as the run-time enforcement of
                    security requirements for business process-driven systems.},
  isbn           = {978-1-4503-1295-0},
  note           = {Author copy: \url{http://logicalhacking.com/publications/brucker.ea-securebpmn-2012/}},
}