Skip to main content
SpringerLink
Log in

Compliance Validation of Secure Service Compositions

  • Chapter
Secure and Trustworthy Service Composition

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8900))

Abstract

The Aniketos Secure Composition Framework supports the specification of secure and trustworthy composition plans in term of BPMN. The diversity of security and trust properties that is supported by the Aniketos framework allows, on the one hand, for expressing a large number of security and compliance requirements. On the other hand, the resulting expressiveness results in the risk that high-level compliance requirements (e.g., separation of duty) are not implemented by low-level security means (e.g., role-based access control configurations).

In this chapter, we present the Composition Security Validation Module (CSVM). The CSVM provides a service for checking the compliance of secure and trustworthy composition plans to the service designer. As proof-of-concept we created a prototype in which the CSVM module is deployed on the SAP NetWeaver Cloud and two CSVM Connectors are built supporting two well-known BPMN tools: SAP NetWeaver BPM and Activiti Designer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. van der Aalst, W.M.P., Dumas, M., Gottschalk, F., ter Hofstede, A.H.M., La Rosa, M., Mendling, J.: Correctness-preserving configuration of business process models. In: Fiadeiro, J.L., Inverardi, P. (eds.) FASE 2008. LNCS, vol. 4961, pp. 46–61. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  2. Armando, A., Carbone, R., Compagna, L.: LTL Model Checking for Security Protocols. Journal of Applied Non-Classical Logics 19(4), 403–429 (2009)

    Article  MATH  MathSciNet  Google Scholar 

  3. Arsac, W., Compagna, L., Kaluvuri, S.P., Ponta, S.E.: Security validation tool for business processes. In: Breu, R., Crampton, J., Lobo, J. (eds.) SACMAT, pp. 143–144. ACM (2011a)

    Google Scholar 

  4. Arsac, W., Compagna, L., Pellegrino, G., Ponta, S.E.: Security Validation of Business Processes via Model-Checking. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 29–42. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Brucker, A.D., Hang, I.: Secure and compliant implementation of business process-driven systems. In: La Rosa, M., Soffer, P. (eds.) PM 2012 Workshops. LNBIP, vol. 132, pp. 662–674. Springer, Heidelberg (2012)

    Google Scholar 

  6. Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN: Modeling and enforcing access control requirements in business processes. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 123–126. ACM Press (2012), doi: 10.1145/2295136.2295160

    Google Scholar 

  7. Brucker, A.D., Malmignati, F., Merabti, M., Shi, Q., Zhou, B.: A framework for secure service composition. In: International Conference on Information Privacy, Security, Risk and Trust (PASSAT), pp. 647–652. IEEE Computer Society (2013), doi:10.1109/SocialCom.2013.97

    Google Scholar 

  8. Compagna, L., Guilleminot, P., Brucker, A.D.: Business process compliance via security validation as a service. In: Oriol, M., Penix, J. (eds.) IEEE Sixth International Conference on Software Testing, Verification and Validation (ICST), pp. 455–462. IEEE Computer Society (2013) doi: 978-1-4673-5961-0

    Google Scholar 

  9. Dijkman, R.M., Dumas, M., Ouyang, C.: Semantics and analysis of business process models in BPMN. Information & Software Technology 50(12), 1281–1294 (2008), doi:10.1016/j.infsof.2008.02.006

    Article  Google Scholar 

  10. Mülle, J., von Stackelberg, S., Böhm, K.: A security language for BPMN process models. Tech. rep., University Karlsruhe, KIT (2011)

    Google Scholar 

  11. OMG: Business Process Modeling Notation, BPMN (2011), http://www.omg.org/spec/BPMN/2.0

  12. Rodríguez, A., Fernández-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE - Trans. Inf. Syst. E90-D, 745–752 (2007), doi:10.1093/ietisy/e90-d.4.745

    Google Scholar 

  13. Salnitri, M., Dalpiaz, F., Giorgini, P.: Modeling and verifying security policies in business processes. In: Bider, I., Gaaloul, K., Krogstie, J., Nurcan, S., Proper, H.A., Schmidt, R., Soffer, P. (eds.) BPMDS 2014 and EMMSAD 2014. LNBIP, vol. 175, pp. 200–214. Springer, Heidelberg (2014)

    Google Scholar 

  14. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  15. Wolter, C., Meinel, C.: An approach to capture authorisation requirements in business processes. Requir. Eng. 15(4), 359–373 (2010), doi:10.1007/s00766-010-0103-y

    Article  Google Scholar 

  16. Wolter, C., Schaad, A.: Modeling of task-based authorization constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64–79. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP SE, Vincenz-Priessnitz-Str. 1, 76131, Karlsruhe, Germany

    Achim D. Brucker

  2. SAP SE, Sophia-Antipolis, Mougins, France

    Luca Compagna & Pierre Guilleminot

Authors
  1. Achim D. Brucker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luca Compagna
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pierre Guilleminot
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SAP SE, Vincenz-Priessnitz-Str. 1, 76131, Karlsruhe, Germany

    Achim D. Brucker

  2. Utrecht University, PO Box 80.089, 3508 TB, Utrecht, The Netherlands

    Fabiano Dalpiaz

  3. DISI, University of Trento, Via Sommarive 5, 38123, Povo, Trento, Italy

    Paolo Giorgini

  4. SINTEF ICT, Strindveien 4, 7465, Trondheim, Norway

    Per HÃ¥kon Meland

  5. Parque Tecnológico de Bizkaia, TECNALIA Research & Innovation, Edifício 202, 48170, Zamudio, Spain

    Erkuden Rios

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Brucker, A.D., Compagna, L., Guilleminot, P. (2014). Compliance Validation of Secure Service Compositions. In: Brucker, A.D., Dalpiaz, F., Giorgini, P., Meland, P.H., Rios, E. (eds) Secure and Trustworthy Service Composition. Lecture Notes in Computer Science, vol 8900. Springer, Cham. https://doi.org/10.1007/978-3-319-13518-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13518-2_10

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13517-5

  • Online ISBN: 978-3-319-13518-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation