Home   >   CSC-OpenAccess Library   >    Manuscript Information
A Proposed Security Model for Web Enabled Business Process Management System
M. S. Kandil, Mohamed Abu El-Soud , A. E. Hassan , Abd Elghafar M. Elhady
Pages - 436 - 450     |    Revised - 30-11-200     |    Published - 20-12-2010
Volume - 4   Issue - 5    |    Publication Date - December 2010  Table of Contents
Role Based Access Control RBAC, Business Process Management System BPMS, Caching technique
Many organizations in industry and civilian government start deploying Business Process Management systems (BPMS) and technology in their IT applications. This could lead to a dramatic operational efficiency improvement on their business and administrative environments. With these atmospheres, the security issue is becoming a much more important challenge in the BPMS literature. The Role-Based Access Control (RBAC) model has been accepted as a promise security model solution and standard. RBAC is able to accomplish the central administration of an organizational specific security policy. It is also able to meet the secure processing needs of many commercial and civilian government organizations. In spite of these facts, RBAC model is not reliable when applying to the BPMS without further modifications and extensions. RBAC is modified to fit with Service oriented (SRBAC), but still not reliable enough to handle BPMS. Authors of that research proposed a security model based on SRBAC model to be more reliable when using with BPMS. Authors of that research named that proposed security model as Improved Role Based Access Control (IRBAC). The IRBAC model is directly applicable to the BPMS. Authors defined a graphical representation and technical implementation of the IRBAC model. This IRBAC model is tested using simple case study. The test compares between the IRBAC model and SRBAC model where IRBAC is implemented in two cases (IRBAC with caching and IRBAC with no caching). The test results show the validity and performability of the IRBAC model.
1 Google Scholar 
2 Academic Journals Database 
3 CiteSeerX 
4 refSeek 
5 Socol@r  
6 ResearchGATE 
7 Libsearch 
8 Scribd 
9 SlideShare 
11 PdfSR 
Schilit, B. N., Adams, N., and Want, R., “Context-Aware Computing Applications”, In Proceedings Workshop on Mobile Computing Systems and Applications, IEEE, pp.85-90, December, 1994
Ateniese, G., Camenisch, J., and Madeiros, B. de, “Untraceable RFID tags via insubvertible encryption”, Proceedings of the 12 ACM conference on Computer and communications security, November, pp.92-101, 2005.
Barkley, J., Beznosov, K., and Uppal, J., “Supporting Relationship in Access Control Using Role Based Access Control”, Proceedings of ACM Role-Based Access Control Workshop, Fairfax, Virginia, USA, pp. 55-65, 1999.
Bernardi, P., Gandino, F., Lamberti, F., Montrucchio, B., Rebaudengo, M., and Sanchez, E.R., “An Anti-Counterfeit Mechanism for the Application Layer in Low-Cost RFID Devices”, In International Conference on Circuits and Systems for Communications, IEEE, July, pp.207-211, 2006.
C. Yang. Designing secure e-commerce with role-based access control. International Journal of Web Engineering and Technology, 3(1):73–95, 2007.
Chen, G., and Kotz, D., “A Survey of Context-Aware Mobile Computing Research”, Technical Report 2000-381, Dept. of Computer Science, Dartmouth College, Hanover, N.H, 2000.
David F. Ferraiolo, John F. Barkley, and D. Richard Kuhn. A role based access control model and reference implementation within a corporate intranet. In ACM Transactions on Information Systems
Dey, A. K., and Abowd, G. D., “Towards A Better Understanding of Context and Contextawareness”, GVU Technical Report GITGVU-99-22, pp.304-307, 1999.
Heiko, K., and Hartmut, P., “RFID Security”, Information Security Technical Report, December, Volume 9, Issue 4, pp.39-50, 2004.
Li, Y.Z., Jeong, Y.S., Sun, N., and Lee, S.H., “Low-Cost Authentication Protocol of the RFID System Using Partial ID”, In Computational Intelligence and Security, IEEE, pp.1221-1224, November, 2006.
M. Sloman and E. Lupu. Security and management policy specification. Network, IEEE, 16(2):10–19, 2002.
M. Wu and Y. Fong : Applying Role-Based Access Control in Combining the Chinese and Western Medicine Systems. In Proceedings of the 19th International Conference on Systems Engineering . IEEE Computer Society, 2008.
Mathias Kohler and Andreas Schaad . ProActive Access Control for Business Processdriven Environments.in IEEE/ Annual Computer Security Applications Conference 156 .2008
R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Rolebased access control models. IEEE Computer, 29(2):38–47, 1996.
T. Neubauer and J. Heurix : Objective Types for the Valuation of Secure Business Processes. In Proceedings of the Seventh IEEE/ACIS International Conference on Computer and Information Science, page 231. IEEE Computer Society, 2008.
T. Neubauer, M. Klemen, and S. Biffl. Secure Business Process Management: A Roadmap. In Proceedings of the First International Conference on Availability, Reliability and Security ARES, pages 457–464. IEEE Computer Society, 2006.
T. Neubauer, M. Klemen, and S. Biffl. Secure Business Process Management: A Roadmap. In ARES’06, pages 457– 464, 2006
Wolf, R., Keinz, T., and Schneider, M., “A Model for Context-dependent Access Control for Web-based Services with Role-based Approach”, Proceedings of the 14th International Workshop on Database and Expert Systems Applications, September, pp.209-214, 2003.
Xin Wang, Yanchun Zhang, Hao Shi ;" Access Control for Human Tasks in Service Oriented Architecture "; in IEEE/ the Fourth International Conference on Computer and Information Technology (CIT’04);2004 IEEE Computer, 29(2):38–47, 1996.
Xu Feng ,Lin Guoyuan , Huang Hao , Xie Li;"Role-based Access Control System for Web Services"; In Proceedings of the 4th IEEE International Conference on on Computer and Information Technology ,2004
Professor M. S. Kandil
Mansoura University - Egypt
Dr. Mohamed Abu El-Soud
Mansoura University - Egypt
Dr. A. E. Hassan
Mansoura University - Egypt
Mr. Abd Elghafar M. Elhady
Mansoura University - Egypt