A Proposed Security Model for Web Enabled Business Process Management System

Business Process Management systems (BPMS) and technologies are currently used in many organizations’ IT applications. This could lead to a dramatic operational efficiency improvement on their business and administrative environments. With these atmospheres, the security issue is becoming a much more important challenge in the BPMS literature. The RoleBased Access Control (RBAC) model has been accepted as a promise security model solution and standard. RBAC is able to accomplish the central administration of an organizational specific security policy. It is also able to meet the secure processing needs of many commercial and civilian government organizations. In spite of these facts, RBAC model is not reliable when applying to the BPMS without further modifications and extensions. RBAC is modified to fit with Service oriented (SRBAC), but still not reliable enough to handle BPMS. Authors of that research proposed a security model based on SRBAC model to be more reliable when using with BPMS. Authors of that research named that proposed security model as Improved Role Based Access Control (IRBAC). The IRBAC model is directly applicable to the BPMS. Authors defined a graphical representation and technical implementation of the IRBAC model. This IRBAC model is tested using simple case study. The test compares between the IRBAC model and SRBAC model where IRBAC is implemented in two cases (IRBAC with caching and IRBAC with no caching). The test results show the validity and performability of the IRBAC model.

[1]  Bill N. Schilit,et al.  Context-aware computing applications , 1994, Workshop on Mobile Computing Systems and Applications.

[2]  Guanling Chen,et al.  A Survey of Context-Aware Mobile Computing Research , 2000 .

[3]  Elisa Bertino,et al.  Role Based Access Control Models , 2001, Inf. Secur. Tech. Rep..

[4]  Emil C. Lupu,et al.  Security and management policy specification , 2002, IEEE Netw..

[5]  Ruben Wolf,et al.  A model for content-dependent access control for Web-based services with role-based approach , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[6]  Feng Xu,et al.  Role-Based Access Control System for Web Services , 2004, CIT.

[7]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[8]  Sang Ho Lee,et al.  Low-cost Authentication Protocol of the RFID System Using Partial ID , 2006, 2006 International Conference on Computational Intelligence and Security.

[9]  Stefan Biffl,et al.  Secure business process management: a roadmap , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[10]  Cungang Yang Designing secure e-commerce with role-based access control , 2007, Int. J. Web Eng. Technol..

[11]  Thomas Neubauer,et al.  Objective Types for the Valuation of Secure Business Processes , 2008, Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008).

[12]  Yanchun Zhang,et al.  Access Control for Human Tasks in Service Oriented Architecture , 2008, 2008 IEEE International Conference on e-Business Engineering.

[13]  Mei-Yu Wu,et al.  Applying Role-Based Access Control in Combining the Chinese and Western Medicine Systems , 2008, 2008 19th International Conference on Systems Engineering.

[14]  P. Bernardi,et al.  An anti-counterfeit mechanism for the application layer in low-cost RFID devices , 2008, 2008 4th European Conference on Circuits and Systems for Communications.