loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Roman Pilipchuk 1 ; Robert Heinrich 2 and Ralf Reussner 2

Affiliations: 1 FZI Research Center for Information Technology, 10117 Berlin, Germany ; 2 Karlsruhe Institute of Technology, 76131 Karlsruhe, Germany

Keyword(s): Business Processes, Access Control, RBAC.

Abstract: IT security becomes increasingly important due to the rise of cybercrime incidents but also obligatory security and privacy laws that include confidentiality regulations. To prevent cybercriminal attacks, the business level has to identify critical business data and introduce organization-wide security standards. A close cooperation with the IT level is crucial to avoid mistakes and misunderstandings of security requirements, both may cause severe security breaches. An important building block are access control requirements (ACRs). In a costly, complex and manual role engineering process, experts have to elicit appropriate role-based access control (RBAC) policies according to business security and confidentiality models. This paper makes a first step to close this gap with an approach that automatically extracts business level ACRs from BPMN business processes to build an initial RBAC role model and establish traceability from RBAC policies to business processes. Case study results indicate that the accuracy of extracted policies is appropriate, adaptations in evolution scenarios become faster and human errors are reduced during the engineering of RBAC policies. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.140.198.43

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Pilipchuk, R.; Heinrich, R. and Reussner, R. (2021). Automatically Extracting Business Level Access Control Requirements from BPMN Models to Align RBAC Policies. In Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-491-6; ISSN 2184-4356, SciTePress, pages 300-307. DOI: 10.5220/0010184403000307

@conference{icissp21,
author={Roman Pilipchuk. and Robert Heinrich. and Ralf Reussner.},
title={Automatically Extracting Business Level Access Control Requirements from BPMN Models to Align RBAC Policies},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP},
year={2021},
pages={300-307},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010184403000307},
isbn={978-989-758-491-6},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP
TI - Automatically Extracting Business Level Access Control Requirements from BPMN Models to Align RBAC Policies
SN - 978-989-758-491-6
IS - 2184-4356
AU - Pilipchuk, R.
AU - Heinrich, R.
AU - Reussner, R.
PY - 2021
SP - 300
EP - 307
DO - 10.5220/0010184403000307
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic