Abstract
While the demand for an integrated modeling support of business processes and corresponding security properties has been repeatedly identified in research and practice, standard modeling languages do not provide native language constructs to model process-related security properties. In this paper, we are especially concerned with confidentiality and integrity of object flows. In particular, we present an UML extension called SecureObjectFlows to model confidentiality and integrity of object flows in activity models. Moreover, we discuss the semantics of secure object flows with respect to control nodes and provide a formal definition of the corresponding semantics via the Object Constraint Language (OCL).
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Damianides, M.: How does SOX change IT? Journal of Corporate Accounting & Finance 15(6) (2004)
Mishra, S., Weistroffer, H.R.: A Framework for Integrating Sarbanes-Oxley Compliance into the Systems Development Process. Communications of the Association for Information Systems (CAIS) 20(1) (2007)
National Institute of Standards and Technology: An Introduction to Computer Security: The NIST Handbook. Special Publication 800-12 (1995), http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf
National Institute of Standards and Technology: Recommended Security Controls for Federal Information Systems and Organizations. NIST Special Publication 800-53, Revision 3 (2009), http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf
Botha, R.A., Eloff, J.H.P.: Separation of Duties for Access Control Enforcement in Workflow Environments. IBM Systems Journal 40(3) (2001)
Wainer, J., Barthelmes, P., Kumar, A.: W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems (IJCIS) 12(4) (December 2003)
Object Management Group: Business Process Model and Notation (BPMN) - Version 2.0 - Beta 2 (2010), http://www.omg.org/spec/BPMN/2.0/Beta2/PDF
Object Management Group: OMG Unified Modeling Language (OMG UML), Superstructure - Version 2.3 (2010), http://www.omg.org/spec/UML/2.3/Superstructure/PDF/
Axenath, B., Kindler, E., Rubin, V.: AMFIBIA: A Meta-Model for the Integration of Business Process Modelling Aspects. In: Leymann, F., Reisig, W., Thatte, S.R., van der Aalst, W. (eds.) The Role of Business Processes in Service Oriented Architectures. Dagstuhl Seminar Proceedings, vol. 06291 (2006)
Zdun, U.: Patterns of Component and Language Integration. In: Manolescu, D., Voelter, M., Noble, J. (eds.) Pattern Languages of Program Design 5 (2006)
Object Management Group: Object Constraint Language - Version 2.2 (2010), http://www.omg.org/spec/OCL/2.2/PDF
Committee on National Security Systems: National Information Assurance (IA) - Glossary (2010), http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf
National Security Agency: Information Assurance Technical Framework (2000), http://handle.dtic.mil/100.2/ADA393328
Sandhu, R.S.: On Five Definitions of Data Integrity. In: Proceedings of the IFIP WG11.3 Working Conference on Database Security VII (1993)
Jensen, M., Feja, S.: A Security Modeling Approach for Web-Service-based Business Processes. In: 2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems, pp. 340–347. IEEE, Los Alamitos (2009)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)
Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: From UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology (TOSEM) 15(1) (January 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hoisl, B., Strembeck, M. (2011). Modeling Support for Confidentiality and Integrity of Object Flows in Activity Models. In: Abramowicz, W. (eds) Business Information Systems. BIS 2011. Lecture Notes in Business Information Processing, vol 87. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21863-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-21863-7_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21829-3
Online ISBN: 978-3-642-21863-7
eBook Packages: Computer ScienceComputer Science (R0)