Modelling inter-organizational workflow security in a peer-to-peer environment

Abstract

The many conflicting technical, organizational, legal and domain-level constraints make the implementation of secure, inter-organizational workflows a very complex task, which is bound to low-level technical knowledge and error prone. The SECTINO project provides a framework for the realization and the high-level management of security-critical workflows based on the paradigm of model driven security. In our case the models are translated into runtime artefacts that configure a target reference architecture based on Web services technologies. In this paper we focus on the global workflow model, which captures the message exchange protocol between partners cooperating in a distributed environments well as basic security patterns. We show how the model maps to workflow and security components of the hosting environments at the partner nodes.

Keywords

This publication has 13 references indexed in Scilit:

Web Services Security: Is the Problem Solved?
Information Systems Security, 2004
Towards a Systematic Development of Secure Systems
Information Systems Security, 2004
W-RBAC — A Workflow Security Model Incorporating Controlled Overriding of Constraints
International Journal of Cooperative Information Systems, 2003
Certificate-based authorization policy in a PKI environment
ACM Transactions on Information and System Security, 2003
Comparing WSDL-Based and ebXML-Based Approaches for B2B Protocol Specification
Published by Springer Nature ,2003
Correctness by construction: developing a commercial secure system
IEEE Software, 2002
Securing XML documents with Author-X
IEEE Internet Computing, 2001
Loosely coupled interorganizational workflows:
Information & Management, 2000
SecureFlow
Published by Association for Computing Machinery (ACM) ,1999
Modelling, specifying and implementing workflow security in Cyberspace
Journal of Computer Security, 1999