This repository has been archived by the owner on Aug 28, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
CITATION
162 lines (151 loc) · 7.45 KB
/
CITATION
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
To cite the SecureBPMN lanuage in publications, please use
Achim D. Brucker. Integrating Security Aspects into Business Process
Models. In it - Information Technology, 55 (6), pages 239-246,
2013.
doi:10.1524/itit.2013.2004
A BibTeX entry for LaTeX users is
@Article{ brucker:securebpmn:2013,
abstract = {Modern enterprise systems are often process-driven and,
thus, rely heavily on process-aware information systems. In
such systems, high-level process-models play an important
role both for communicating business requirements between
domain experts and system experts as well as basis for the
system implementation. Since several years, enterprise
system need to fulfil an increasing number of the security
and compliance requirements. Thus, there is an increasing
demand for integrating high-level security and compliance
requirements into process models, \ie, a common language
for domain experts, system experts, and security
experts.\\\\We present a security modelling language,
called SecureBPMN, that can easily be integrated into
business process modelling languages. In this paper, we
exemplary integrate SecureBPMN into BPMN and, thus, present
a common language for describing business process models
together with their security and compliance requirements.},
abstract_de = {Moderne Unternehmensanwendungen m{\"u}ssen die Unternehmen
dabei unterst{\"u}tzen, ihre Gesch{\"a}ftsprozesse
effizient auszuf{\"u}hren. In solchen Anwendungen spielen
abstrakte Gesch{\"a}ftsprozessmodelle eine zentrale Rolle.
Die Gesch{\"a}ftsprozessmodelle werden f{\"u}r die
Kommunikation zwischen Gesch{\"a}fts- und IT-Experten
genutzt und dienen dar{\"u}ber hinaus als Basis f{\"u}r die
Implementierung der Unternehmensanwendungen. Seit einigen
Jahren m{\"u}ssen Unternehmensanwendungen einer steigenden
Anzahl von Sicherheits- und Compliance-Anforderungen
gen{\"u}gen. Hieraus ergibt sich ein gesteigerte
Bed{\"u}rfnis nach der Integration von Sicherheits- und
Compliance-Anforderungen in die
Gesch{\"a}ftsprozessmodelle.\\\\In diesem Artikel stellen
wir die Modellierungssprache SecureBPMN vor, welche es
erlaubt, Sicherheitsanforderungen im Kontext von
Gesch{\"a}ftsprozessmodelle zu spezifizieren.},
author = {Achim D. Brucker},
doi = {10.1524/itit.2013.2004},
issn = {2196-7032},
journal = {it - Information Technology},
keywords = {Management of Computing and Information Systems,
SecureBPMN, BPMN, Break-Glass, Break-the-Glass},
language = {USenglish},
month = {dec},
note = {Special Issue on ``Security in Business Processes.''},
number = {6},
pages = {239--246},
pdf = {http://www.brucker.ch/bibliography/download/2013/brucker-securebpmn-2013.pdf},
publisher = {Oldenbourg Wissenschaftsverlag},
title = {Integrating Security Aspects into Business Process
Models},
title_de = {Integration von Sicherheitsaspekten in
Gesch{\"a}ftsprozessmodelle},
url = {http://www.brucker.ch/bibliography/abstract/brucker-securebpmn-2013},
volume = {55},
year = {2013}
}
To cite the formal analysis of SecureBPMN models, please use
Achim D. Brucker, Luca Compagna, and Pierre Guilleminot. Compliance
Validation of Secure Service Compositions. In Secure and Trustworthy
Service Composition: The Aniketos Approach. Lecture Notes in
Computer Science: State of the Art Surveys (8900), pages 136-149,
Springer-Verlag, 2014.
doi:10.1145/2295136.2295160
A BibTeX entry for LaTeX users is
@InCollection{ brucker.ea:aniketos-compliance:2014,
abstract = {The Aniketos Secure Composition Framework supports the
specification of secure and trustworthy composition plans
in term of BPMN\@. The diversity of security and trust
properties that is supported by the Aniketos framework
allows, on the one hand, for expressing a large number of
security and compliance requirements. On the other hand,
the resulting expressiveness results in the risk that
high-level compliance requirements (\eg, separation of
duty) are not implemented by low-level security means (\eg,
role-based access control configurations).\\\\In this
chapter, we present the Composition Security Validation
Module (CSVM). The CSVM provides a service for checking the
compliance of secure and trustworthy composition plans to
the service designer. As proof-of-concept we created a
prototype in which the CSVM module is deployed on the SAP
NetWeaver Cloud and two CSVM Connectors are built
supporting two well-known BPMN tools: SAP NetWeaver BPM and
Activiti Designer.},
address = {Heidelberg},
author = {Achim D. Brucker and Luca Compagna and Pierre
Guilleminot},
booktitle = {Secure and Trustworthy Service Composition: The Aniketos
Approach},
doi = {10.1007/978-3-319-13518-2_10},
editor = {Achim D. Brucker and Fabiano Dalpiaz and Paolo Giorgini
and Per H{\aa}kon Meland and Erkuden {Rios}},
isbn = {978-3-319-13517-5},
keywords = {Validation, Security, BPMN, SecureBPMN, Compliance},
number = {8900},
pages = {136--149},
pdf = {http://www.brucker.ch/bibliography/download/2014/brucker.ea-aniketos-compliance-2014.pdf},
publisher = {Springer-Verlag},
series = {Lecture Notes in Computer Science: State of the Art
Surveys},
title = {Compliance Validation of Secure Service Compositions},
url = {http://www.brucker.ch/bibliography/abstract/brucker.ea-aniketos-compliance-2014},
year = {2014}
}
To cite the SecureBPMN tool-chain, please use
Achim D. Brucker, Isabelle Hang, Gero Lückemeyer, and Raj
Ruparel. SecureBPMN: Modeling and Enforcing Access Control
Requirements in Business Processes. In ACM symposium on access
control models and technologies (SACMAT). , pages 123-126, ACM
Press, 2012.
doi:10.1145/2295136.2295160
A BibTeX entry for LaTeX users is
@InProceedings{ brucker.ea:securebpmn:2012,
abstract = {Modern enterprise systems have to comply to regulations
such as Basel III resulting in complex security
requirements. These requirements need to be modeled at
design-time and enforced at runtime. Moreover, modern
enterprise systems are often business-process driven, i.
e., the system behavior is described as high-level business
processes that are executed by a business process execution
engine.\\\\Consequently, there is a need for an integrated
and tool-supported methodology that allows for specifying
and enforcing compliance and security requirements for
business process-driven enterprise systems.\\\\In this
paper, we present a tool chain supporting both the
design-time modeling as well as the run-time enforcement of
security requirements for business process-driven systems.},
address = {New York, NY, USA},
author = {Achim D. Brucker and Isabelle Hang and Gero L{\"u}ckemeyer
and Raj Ruparel},
booktitle = {ACM symposium on access control models and technologies
(SACMAT)},
copyright = {ACM},
doi = {10.1145/2295136.2295160},
isbn = {978-1-4503-1295-0},
language = {USenglish},
location = {Newark, USA},
mycopyrighturl= {http://dl.acm.org/authorize?6705782},
pages = {123--126},
pdf = {http://www.brucker.ch/bibliography/download/2012/brucker.ea-securebpmn-2012.pdf},
publisher = {ACM Press},
title = {{SecureBPMN}: Modeling and Enforcing Access Control
Requirements in Business Processes},
url = {http://www.brucker.ch/bibliography/abstract/brucker.ea-securebpmn-2012},
year = {2012}
}