Security views for outsourced business processes

A. Benameur, F. Massacci, N. Rassadko

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

The workflow of a Virtual Organization is often divided into fragments that are run by different entities having different clearance level or accessibility permissions. Therefore, an important issue is a decomposition of the overall business process into workflow views that can be outsourced to the side of the corresponding contractors. In this paper, we introduce the notion of business process security view and present an algorithm for the automatic derivation of such views from a security specification that may express conditional accessibility based on the actual data flowing across business process. Our solution borrows the idea of virtual views from relational database views. We also discuss an architecture and an implementation for workflow view synchronization. Copyright 2008 ACM.
Original languageEnglish
Title of host publicationProceedings of the 2008 ACM Workshop on Secure Web Services, SWS'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Pages45-52
DOIs
Publication statusPublished - 2008
Externally publishedYes
Event2008 ACM Workshop on Secure Web Services, SWS'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - , United States
Duration: 27 Oct 200831 Oct 2008

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2008 ACM Workshop on Secure Web Services, SWS'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Country/TerritoryUnited States
Period27/10/0831/10/08

Fingerprint

Dive into the research topics of 'Security views for outsourced business processes'. Together they form a unique fingerprint.

Cite this