Abstract
In this paper, we motivate the need to perform a posteriori analyzes for process-related security properties. In particular, we first discuss the relation of security engineering and a-posteriori techniques. Subsequently, we give an overview of different a-posteriori techniques for analyzing organizational structures and access control policies. Finally, we provide a discussion on application scenarios for different a-posteriori techniques.
Zusammenfassung
Dieser Beitrag beschäftigt sich mit A-Posteriori Techniken zur Analyse von sicherheitsrelevanten Eigenschaften in Geschäftsprozessen. Zunächst wird der Zusammenhang zwischen Security Engineering und A-Posteriori Techniken diskutiert und gleichzeitig motiviert, warum A-Posteriori Techniken zur Analyse von prozessbezogenen Sicherheitseigenschaften benötigt werden. Danach stellen wir eine Auswahl von A-Posteriori-Techniken vor, die auf die Analyse und Ableitung von organisatorischen Strukturen einerseits und Zugriffskontrollregeln andererseits abzielen. Der Beitrag schliesst mit einer Diskussion der Einsatzszenarien für die verschiedenen A-Posteriori-Techniken.
About the authors
Prof. Dr. Mark Strembeck is an Associate Professor of Information Systems at the Vienna University of Economics and Business (WU Vienna), Austria. His research interests include business process management, model-driven software development, security engineering, and the management of dynamic (distributed) software systems. He received his doctoral degree as well as his Habilitation degree (venia docendi) from WU Vienna. He is a key researcher at the Secure Business Austria Research Center (http://www.sba-research.org/team/), and the Vice Institute Head of the Institute for Information Systems at WU Vienna (http://nm.wu.ac.at/).
WU Vienna, Institute of Information Systems, New Media Lab, Augasse 2–6, 1090 Vienna, Austria
Prof. Dr. Stefanie Rinderle-Ma is a full professor and head of the Research Group Workflow Systems and Technology at the Faculty of Computer Science, University of Vienna (cs.univie.ac.at/wst). Further on, she serves as key researcher at the Secure Business Autria Competence Center in Vienna. Stefanie received her doctoral and Habilitation degree from University of Ulm, Germany. She spent postdoc stays at the University of Twente, The Netherlands, the University of Ottawa, Canada, and the Eindhoven University of Technology, The Netherlands. Currently, Stefanie is involved in several national and international projects such as the EU FP7 project ADVENTURE on virtual factories of the future, the FWF-funded project on Compliance and Change in Collaborative Processes, as well as the cluster project EBMC2 on skin cancer treatment funded by the University of Vienna and the Medical University of Vienna.
University of Vienna, Faculty of Computer Science, Research Group Workflow Systems and Technology, Währingerstrasse, 1090 Vienna, Austria
© 2013 by Walter de Gruyter Berlin Boston
