Skip to main content
Springer Nature Link
Log in

A Usage Control Model Extension for the Verification of Security Policies in Artifact-Centric Business Process Models

  • Conference paper
  • First Online:
Business Information Systems (BIS 2016)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 255))

Included in the following conference series:

Abstract

Artifact-centric initiatives have been used in business processes whose data management is complex, being the simple activity-centric workflow description inadequate. Several artifact-centric initiatives pursue the verification of the structural and data perspectives of the models, but unfortunately uncovering security aspects. Security has become a crucial priority from the business and customer perspectives, and a complete verification procedure should also fulfill it. We propose an extension of artifact-centric process models based on the Usage Control Model which introduces mechanisms to specify security policies. An automatic transformation is provided to enable the verification of enriched artifact-centric models using existing verification correctness algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The test case is measured using a Windows 7 machine, with an Intel Core I7 processor, 3.4 GHz and 8.0 GB RAM.

References

  1. Weske, M.: Business Process Management: Concepts, Languages, Architectures. Springer, New York (2007)

    Google Scholar 

  2. Nigam, A., Caswell, N.S.: Business artifacts: an approach to operational specification. IBM Syst. J. 42(3), 428–445 (2003)

    Article  Google Scholar 

  3. Cohn, D., Hull, R.: Business artifacts: a data-centric approach to modeling business operations and processes. IEEE Data Eng. Bull. 32(3), 3–9 (2009)

    Google Scholar 

  4. OMG: Object Management Group, Business Process Model and Notation (BPMN) Version 2.0. OMG Standard (2011)

    Google Scholar 

  5. Borrego, D., Gasca, R.M., Gómez-López, M.T.: Automating correctness verification of artifact-centric business process models. Inf. Softw. Technol. 62, 187–197 (2015)

    Article  Google Scholar 

  6. Hull, R.: Artifact-centric business process models: brief survey of research results and challenges. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1152–1163. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)

    Article  Google Scholar 

  8. Gómez-López, M.T., Gasca, R.M., Pérez-Álvarez, J.M.: Compliance validation and diagnosis of business data constraints in business processes at runtime. Inf. Syst. 48, 26–43 (2015)

    Article  Google Scholar 

  9. Chinosi, M., Trombetta, A.: BPMN: an introduction to the standard. Comput. Stand. Interfaces 34(1), 124–134 (2012)

    Article  Google Scholar 

  10. Reichert, M., Weber, B.: Enabling Flexibility in Process-Aware Information Systems - Challenges, Methods, Technologies. Springer, Heidelberg (2012)

    Book  MATH  Google Scholar 

  11. Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems - constitution challenges, and future directions. Inf. Softw. Technol. 56(3), 273–293 (2014)

    Article  Google Scholar 

  12. Salnitri, M., Brucker, A.D., Giorgini, P.: From secure business process models to secure artifact-centric specifications. In: Gaaloul, K., Schmidt, R., Nurcan, S., Guerreiro, S., Ma, Q. (eds.) BPMDS 2015 and EMMSAD 2015. LNBIP, vol. 214, pp. 246–262. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  13. Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. J. Syst. Archit. 55(4), 211–223 (2009)

    Article  Google Scholar 

  14. Jürjens, J.: Developing secure systems with UMLsec — from business processes to implementation. In: Fox, D., Köhntopp, M., Pfitzmann, A. (eds.) Verlssliche IT-Systeme 2001. DuD-Fachbeiträge, pp. 151–161. Springer, Verlag (2001)

    Chapter  Google Scholar 

  15. Accorsi, R., Wonnemann, C., Stocker, T.: Towards forensic data flow analysis of business process logs. In: 2011 Sixth International Conference on IT Security Incident Management and IT Forensics, Institute of Electrical & Electronics Engineers (IEEE), May 2011

    Google Scholar 

  16. Grompanopoulos, C., Mavridis, I.: Challenging issues of UCON in modern computing environments. In: Proceedings of the Fifth Balkan Conference in Informatics. BCI 2012, pp. 156–161. ACM, New York (2012)

    Google Scholar 

  17. Gerede, C.E., Bhattacharya, K., Su, J.: Static analysis of business artifact-centric operational models. In: SOCA, pp. 133–140. IEEE Computer Society (2007)

    Google Scholar 

  18. Deutsch, A., Hull, R., Patrizi, F., Vianu, V.: Automatic verification of data-centric business processes. In: ICDT, pp. 252–267 (2009)

    Google Scholar 

  19. Damaggio, E., Deutsch, A., Vianu, V.: Artifact systems with data dependencies and arithmetic. ACM Trans. Database Syst. 37(3), 22 (2012)

    Article  Google Scholar 

  20. Gonzalez, P., Griesmayer, A., Lomuscio, A.: Verifying GSM-based business artifacts. In: Goble, C.A., Chen, P.P., Zhang, J. (eds.) ICWS, pp. 25–32. IEEE Computer Society (2012)

    Google Scholar 

  21. Belardinelli, F., Lomuscio, A., Patrizi, F.: Verification of GSM-based artifact-centric systems through finite abstraction. In: Liu, C., Ludwig, H., Toumani, F., Yu, Q. (eds.) Service Oriented Computing. LNCS, vol. 7636, pp. 17–31. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Lohmann, N.: Compliance by design for artifact-centric business processes. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 99–115. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  23. Meyer, A., Polyvyanyy, A., Weske, M.: Weak conformance of process models with respect to data objects. In: Proceedings of the \(4^{\text{th}}\) Central-European Workshop on Services and their Composition, ZEUS-2012, Bamberg, pp. 74–80, 23–24 February 2012

    Google Scholar 

Download references

Acknowledgement

This work has been partially funded by the Ministry of Science and Technology of Spain (TIN2015-63502) and the European Regional Development Fund (ERDF/FEDER).

Author information

Authors and Affiliations

  1. University of Seville, Seville, Spain

    Ángel Jesús Varela-Vaca, Diana Borrego, María Teresa Gómez-López & Rafael M. Gasca

Authors
  1. Ángel Jesús Varela-Vaca
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Diana Borrego
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. María Teresa Gómez-López
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rafael M. Gasca
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ángel Jesús Varela-Vaca .

Editor information

Editors and Affiliations

  1. Department of Information Systems, Poznan Univ of Economics and Business, Poznan, Poland

    Witold Abramowicz

  2. Institut für Wirtschaftsinformatik, Universität Leipzig, Leipzig, Sachsen, Germany

    Rainer Alt

  3. Information System Institute, University of Leipzig, Leipzig, Germany

    Bogdan Franczyk

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Varela-Vaca, Á.J., Borrego, D., Gómez-López, M.T., Gasca, R.M. (2016). A Usage Control Model Extension for the Verification of Security Policies in Artifact-Centric Business Process Models. In: Abramowicz, W., Alt, R., Franczyk, B. (eds) Business Information Systems. BIS 2016. Lecture Notes in Business Information Processing, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-319-39426-8_23

Download citation

Publish with us

Policies and ethics