| |
| |
|
|
|
|
| A Proposed Security Model for Web Enabled Business Process Management System
|
|
Full
text: |
 PDF(414.8KB) |
|
|
Source |
International Journal of Computer Science and Security (IJCSS) |
|
Table of Contents |
|
|
Download
Complete Issue PDF(2.37MB) |
|
Volume: 4 Issue: 5 |
| |
Pages: 436-496 |
|
Publication
Date: December 2010 |
|
ISSN
(Online): 1985-1553 |
|
|
|
|
|
Pages |
436 - 450 |
|
Author(s) |
|
|
|
Published
Date |
20-12-2010 |
|
Publisher |
CSC
Journals, Kuala Lumpur,
Malaysia |
|
ADDITIONAL
INFORMATION |
| Keywords Abstract References Cited by Related Articles Collaborative
Colleague |
| |
|
| |
KEYWORDS: Role Based Access Control RBAC, Business Process Management System BPMS, Caching technique |
|
|
| |
|
|
| This Manuscript is indexed in the following databases/websites:- |
|
| 1. refSeek |
| 2. Socol@r |
| 3. Directory of Open Access Journals (DOAJ) |
| 4. Docstoc |
| 5. Google Scholar |
| 6. PDFCAST |
| 7. Scribd |
| 8. Academic Journals Database |
| 9. Libsearch |
| 10. ResearchGATE |
| |
|
| |
|
|
| Many organizations in industry and civilian government start deploying Business Process Management systems (BPMS) and technology in their IT applications. This could lead to a dramatic operational efficiency improvement on their business and administrative environments. With these atmospheres, the security issue is becoming a much more important challenge in the BPMS literature. The Role-Based Access Control (RBAC) model has been accepted as a promise security model solution and standard. RBAC is able to accomplish the central administration of an organizational specific security policy. It is also able to meet the secure processing needs of many commercial and civilian government organizations. In spite of these facts, RBAC model is not reliable when applying to the BPMS without further modifications and extensions. RBAC is modified to fit with Service oriented (SRBAC), but still not reliable enough to handle BPMS.
Authors of that research proposed a security model based on SRBAC model to be more reliable when using with BPMS. Authors of that research named that proposed security model as Improved Role Based Access Control (IRBAC). The IRBAC model is directly applicable to the BPMS.
Authors defined a graphical representation and technical implementation of the IRBAC model.
This IRBAC model is tested using simple case study. The test compares between the IRBAC model and SRBAC model where IRBAC is implemented in two cases (IRBAC with caching and IRBAC with no caching). The test results show the validity and performability of the IRBAC model.
|
| |
|
| |
|
| |
| 1 |
Xu Feng ,Lin Guoyuan , Huang Hao , Xie Li;"Role-based Access Control System for Web Services"; In Proceedings of the 4th IEEE International Conference on on Computer and Information Technology ,2004
|
|
|
| 2 |
Ateniese, G., Camenisch, J., and Madeiros, B. de, “Untraceable RFID tags via insubvertible encryption”, Proceedings of the 12 ACM conference on Computer and communications security, November, pp.92-101, 2005.
|
|
|
| 3 |
Barkley, J., Beznosov, K., and Uppal, J., “Supporting Relationship in Access Control Using Role Based Access Control”, Proceedings of ACM Role-Based Access Control Workshop, Fairfax, Virginia, USA, pp. 55-65, 1999.
|
|
|
| 4 |
Bernardi, P., Gandino, F., Lamberti, F., Montrucchio, B., Rebaudengo, M., and Sanchez, E.R., “An Anti-Counterfeit Mechanism for the Application Layer in Low-Cost RFID Devices”, In International Conference on Circuits and Systems for Communications, IEEE, July, pp.207-211, 2006.
|
|
|
| 5 |
T. Neubauer, M. Klemen, and S. Biffl. Secure Business Process Management: A Roadmap. In Proceedings of the First International Conference on Availability, Reliability and Security ARES, pages 457–464. IEEE Computer Society, 2006.
|
|
|
| 6 |
T. Neubauer and J. Heurix : Objective Types for the Valuation of Secure Business Processes. In Proceedings of the Seventh IEEE/ACIS International Conference on Computer and Information Science, page 231. IEEE Computer Society, 2008.
|
|
|
| 7 |
M. Wu and Y. Fong : Applying Role-Based Access Control in Combining the Chinese and Western Medicine Systems. In Proceedings of the 19th International Conference on Systems Engineering . IEEE Computer Society, 2008.
|
|
|
| 8 |
Chen, G., and Kotz, D., “A Survey of Context-Aware Mobile Computing Research”, Technical Report 2000-381, Dept. of Computer Science, Dartmouth College, Hanover, N.H, 2000.
|
|
|
| 9 |
Dey, A. K., and Abowd, G. D., “Towards A Better Understanding of Context and Contextawareness”, GVU Technical Report GITGVU-99-22, pp.304-307, 1999.
|
|
|
| 10 |
Schilit, B. N., Adams, N., and Want, R., “Context-Aware Computing Applications”, In Proceedings Workshop on Mobile Computing Systems and Applications, IEEE, pp.85-90, December, 1994
|
|
|
| 11 |
Wolf, R., Keinz, T., and Schneider, M., “A Model for Context-dependent Access Control for Web-based Services with Role-based Approach”, Proceedings of the 14th International Workshop on Database and Expert Systems Applications, September, pp.209-214, 2003.
|
|
|
| 12 |
Heiko, K., and Hartmut, P., “RFID Security”, Information Security Technical Report, December, Volume 9, Issue 4, pp.39-50, 2004.
|
|
|
| 13 |
Li, Y.Z., Jeong, Y.S., Sun, N., and Lee, S.H., “Low-Cost Authentication Protocol of the RFID System Using Partial ID”, In Computational Intelligence and Security, IEEE, pp.1221-1224, November, 2006.
|
|
|
| 14 |
M. Sloman and E. Lupu. Security and management policy specification. Network, IEEE, 16(2):10–19, 2002.
|
|
|
| 15 |
R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Rolebased access control models. IEEE Computer, 29(2):38–47, 1996.
|
|
|
| 16 |
T. Neubauer, M. Klemen, and S. Biffl. Secure Business Process Management: A Roadmap. In ARES’06, pages 457– 464, 2006
|
|
|
| 17 |
C. Yang. Designing secure e-commerce with role-based access control. International Journal of Web Engineering and Technology, 3(1):73–95, 2007.
|
|
|
| 18 |
David F. Ferraiolo, John F. Barkley, and D. Richard Kuhn. A role based access control model and reference implementation within a corporate intranet. In ACM Transactions on Information Systems
|
|
|
| 19 |
Xin Wang, Yanchun Zhang, Hao Shi ;" Access Control for Human Tasks in Service Oriented Architecture "; in IEEE/ the Fourth International Conference on Computer and Information Technology (CIT’04);2004 IEEE Computer, 29(2):38–47, 1996.
|
|
|
| 20 |
Mathias Kohler and Andreas Schaad . ProActive Access Control for Business Processdriven Environments.in IEEE/ Annual Computer Security Applications Conference 156 .2008
|
|
|
| |
|
| |
|
| |
| |
|
| |
|
| |
| 1 |
Dr. ahmed-hassan
|
| 2 |
TechRepublic
|
| 3 |
Faculty of Computers and Information -Mansoura University
|
| 4 |
silicon.com
|
| 5 |
zdnet
|
| 6 |
China National Publications Import & Export (Group) Corporation
|
| |
|
| |
|
| |
|
| M. S. Kandil : Colleagues
|
|
| Mohamed Abu El-Soud : Colleagues
|
|
| A. E. Hassan : Colleagues
|
|
| Abd Elghafar M. Elhady : Colleagues
|
|
|
|
|
|
|
|
|
|
|
