A language for modelling secure business transactions

Among other areas, electronic commerce includes the fields of electronic markets and workflow management. Workflow management systems are usually used to specify and manage inter- and intra-organisational business processes. Although workflow management techniques are capable of specifying and conducting at least parts of market transactions, these techniques are not or are very rarely used for this purpose yet. In both fields, users demand security and integrity to protect for example their privacy, their property rights or digital payments. To satisfy these security demands, a variety of existing security services, mechanisms, protocols, and organisational measures may be used. On the one hand, to encourage using these techniques it is necessary to have a tool which enables a firm's executive to formulate market transaction security demands at a high abstraction level. On the other hand, executing market transactions needs a more formal, machine readable description of the transaction and its security requirements. We present a methodology to specify secure protocols, which are usable to automatically conduct business processes, as well as market transactions.

[1]  Vladimir Zwass,et al.  Electronic Commerce: Structures and Issues , 1996, Int. J. Electron. Commer..

[2]  Alexander W. Röhm,et al.  A secure electronic market for anonymous transferable emission permits , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  JoAnne Yates,et al.  Electronic markets and electronic hierarchies , 1987, CACM.

[5]  Bill Curtis,et al.  Process modeling , 1992, CACM.

[6]  Patrick C. K. Hung,et al.  Security Enforcement in Activity Management Systems , 1998 .

[7]  Elisa Bertino,et al.  A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems , 1997, RBAC '97.

[8]  Günther Pernul,et al.  Modelling secure and fair electronic commerce , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).