Home > CSC-OpenAccess Library > Manuscript Information
EXPLORE PUBLICATIONS BY COUNTRIES |
EUROPE | |
MIDDLE EAST | |
ASIA | |
AFRICA | |
............................. | |
United States of America | |
United Kingdom | |
Canada | |
Australia | |
Italy | |
France | |
Brazil | |
Germany | |
Malaysia | |
Turkey | |
China | |
Taiwan | |
Japan | |
Saudi Arabia | |
Jordan | |
Egypt | |
United Arab Emirates | |
India | |
Nigeria |
A Proposed Security Model for Web Enabled Business Process Management System
M. S. Kandil, Mohamed Abu El-Soud , A. E. Hassan , Abd Elghafar M. Elhady
Pages - 436 - 450 | Revised - 30-11-200 | Published - 20-12-2010
MORE INFORMATION
KEYWORDS
Role Based Access Control RBAC, Business Process Management System BPMS, Caching technique
ABSTRACT
Many organizations in industry and civilian government start deploying Business Process Management systems (BPMS) and technology in their IT applications. This could lead to a dramatic operational efficiency improvement on their business and administrative environments. With these atmospheres, the security issue is becoming a much more important challenge in the BPMS literature. The Role-Based Access Control (RBAC) model has been accepted as a promise security model solution and standard. RBAC is able to accomplish the central administration of an organizational specific security policy. It is also able to meet the secure processing needs of many commercial and civilian government organizations. In spite of these facts, RBAC model is not reliable when applying to the BPMS without further modifications and extensions. RBAC is modified to fit with Service oriented (SRBAC), but still not reliable enough to handle BPMS.
Authors of that research proposed a security model based on SRBAC model to be more reliable when using with BPMS. Authors of that research named that proposed security model as Improved Role Based Access Control (IRBAC). The IRBAC model is directly applicable to the BPMS.
Authors defined a graphical representation and technical implementation of the IRBAC model.
This IRBAC model is tested using simple case study. The test compares between the IRBAC model and SRBAC model where IRBAC is implemented in two cases (IRBAC with caching and IRBAC with no caching). The test results show the validity and performability of the IRBAC model.
1 | Google Scholar |
2 | Academic Journals Database |
3 | CiteSeerX |
4 | refSeek |
5 | Socol@r |
6 | ResearchGATE |
7 | Libsearch |
8 | Scribd |
9 | SlideShare |
10 | PDFCAST |
11 | PdfSR |
Schilit, B. N., Adams, N., and Want, R., “Context-Aware Computing Applications”, In Proceedings Workshop on Mobile Computing Systems and Applications, IEEE, pp.85-90, December, 1994 | |
Ateniese, G., Camenisch, J., and Madeiros, B. de, “Untraceable RFID tags via insubvertible encryption”, Proceedings of the 12 ACM conference on Computer and communications security, November, pp.92-101, 2005. | |
Barkley, J., Beznosov, K., and Uppal, J., “Supporting Relationship in Access Control Using Role Based Access Control”, Proceedings of ACM Role-Based Access Control Workshop, Fairfax, Virginia, USA, pp. 55-65, 1999. | |
Bernardi, P., Gandino, F., Lamberti, F., Montrucchio, B., Rebaudengo, M., and Sanchez, E.R., “An Anti-Counterfeit Mechanism for the Application Layer in Low-Cost RFID Devices”, In International Conference on Circuits and Systems for Communications, IEEE, July, pp.207-211, 2006. | |
C. Yang. Designing secure e-commerce with role-based access control. International Journal of Web Engineering and Technology, 3(1):73–95, 2007. | |
Chen, G., and Kotz, D., “A Survey of Context-Aware Mobile Computing Research”, Technical Report 2000-381, Dept. of Computer Science, Dartmouth College, Hanover, N.H, 2000. | |
David F. Ferraiolo, John F. Barkley, and D. Richard Kuhn. A role based access control model and reference implementation within a corporate intranet. In ACM Transactions on Information Systems | |
Dey, A. K., and Abowd, G. D., “Towards A Better Understanding of Context and Contextawareness”, GVU Technical Report GITGVU-99-22, pp.304-307, 1999. | |
Heiko, K., and Hartmut, P., “RFID Security”, Information Security Technical Report, December, Volume 9, Issue 4, pp.39-50, 2004. | |
Li, Y.Z., Jeong, Y.S., Sun, N., and Lee, S.H., “Low-Cost Authentication Protocol of the RFID System Using Partial ID”, In Computational Intelligence and Security, IEEE, pp.1221-1224, November, 2006. | |
M. Sloman and E. Lupu. Security and management policy specification. Network, IEEE, 16(2):10–19, 2002. | |
M. Wu and Y. Fong : Applying Role-Based Access Control in Combining the Chinese and Western Medicine Systems. In Proceedings of the 19th International Conference on Systems Engineering . IEEE Computer Society, 2008. | |
Mathias Kohler and Andreas Schaad . ProActive Access Control for Business Processdriven Environments.in IEEE/ Annual Computer Security Applications Conference 156 .2008 | |
R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Rolebased access control models. IEEE Computer, 29(2):38–47, 1996. | |
T. Neubauer and J. Heurix : Objective Types for the Valuation of Secure Business Processes. In Proceedings of the Seventh IEEE/ACIS International Conference on Computer and Information Science, page 231. IEEE Computer Society, 2008. | |
T. Neubauer, M. Klemen, and S. Biffl. Secure Business Process Management: A Roadmap. In Proceedings of the First International Conference on Availability, Reliability and Security ARES, pages 457–464. IEEE Computer Society, 2006. | |
T. Neubauer, M. Klemen, and S. Biffl. Secure Business Process Management: A Roadmap. In ARES’06, pages 457– 464, 2006 | |
Wolf, R., Keinz, T., and Schneider, M., “A Model for Context-dependent Access Control for Web-based Services with Role-based Approach”, Proceedings of the 14th International Workshop on Database and Expert Systems Applications, September, pp.209-214, 2003. | |
Xin Wang, Yanchun Zhang, Hao Shi ;" Access Control for Human Tasks in Service Oriented Architecture "; in IEEE/ the Fourth International Conference on Computer and Information Technology (CIT’04);2004 IEEE Computer, 29(2):38–47, 1996. | |
Xu Feng ,Lin Guoyuan , Huang Hao , Xie Li;"Role-based Access Control System for Web Services"; In Proceedings of the 4th IEEE International Conference on on Computer and Information Technology ,2004 | |
Professor M. S. Kandil
Mansoura University - Egypt
arwaahmed1@gmail.com
Dr. Mohamed Abu El-Soud
Mansoura University - Egypt
Dr. A. E. Hassan
Mansoura University - Egypt
Mr. Abd Elghafar M. Elhady
Mansoura University - Egypt
|
|
|
|
View all special issues >> | |
|
|