Re-added citation hints.
This commit is contained in:
parent
1f347ea05b
commit
cbd40b0e75
|
@ -0,0 +1,162 @@
|
|||
To cite the SecureBPMN lanuage in publications, please use
|
||||
|
||||
Achim D. Brucker. Integrating Security Aspects into Business Process
|
||||
Models. In it - Information Technology, 55 (6), pages 239-246,
|
||||
2013.
|
||||
doi:10.1524/itit.2013.2004
|
||||
|
||||
A BibTeX entry for LaTeX users is
|
||||
|
||||
@Article{ brucker:securebpmn:2013,
|
||||
abstract = {Modern enterprise systems are often process-driven and,
|
||||
thus, rely heavily on process-aware information systems. In
|
||||
such systems, high-level process-models play an important
|
||||
role both for communicating business requirements between
|
||||
domain experts and system experts as well as basis for the
|
||||
system implementation. Since several years, enterprise
|
||||
system need to fulfil an increasing number of the security
|
||||
and compliance requirements. Thus, there is an increasing
|
||||
demand for integrating high-level security and compliance
|
||||
requirements into process models, \ie, a common language
|
||||
for domain experts, system experts, and security
|
||||
experts.\\\\We present a security modelling language,
|
||||
called SecureBPMN, that can easily be integrated into
|
||||
business process modelling languages. In this paper, we
|
||||
exemplary integrate SecureBPMN into BPMN and, thus, present
|
||||
a common language for describing business process models
|
||||
together with their security and compliance requirements.},
|
||||
abstract_de = {Moderne Unternehmensanwendungen m{\"u}ssen die Unternehmen
|
||||
dabei unterst{\"u}tzen, ihre Gesch{\"a}ftsprozesse
|
||||
effizient auszuf{\"u}hren. In solchen Anwendungen spielen
|
||||
abstrakte Gesch{\"a}ftsprozessmodelle eine zentrale Rolle.
|
||||
Die Gesch{\"a}ftsprozessmodelle werden f{\"u}r die
|
||||
Kommunikation zwischen Gesch{\"a}fts- und IT-Experten
|
||||
genutzt und dienen dar{\"u}ber hinaus als Basis f{\"u}r die
|
||||
Implementierung der Unternehmensanwendungen. Seit einigen
|
||||
Jahren m{\"u}ssen Unternehmensanwendungen einer steigenden
|
||||
Anzahl von Sicherheits- und Compliance-Anforderungen
|
||||
gen{\"u}gen. Hieraus ergibt sich ein gesteigerte
|
||||
Bed{\"u}rfnis nach der Integration von Sicherheits- und
|
||||
Compliance-Anforderungen in die
|
||||
Gesch{\"a}ftsprozessmodelle.\\\\In diesem Artikel stellen
|
||||
wir die Modellierungssprache SecureBPMN vor, welche es
|
||||
erlaubt, Sicherheitsanforderungen im Kontext von
|
||||
Gesch{\"a}ftsprozessmodelle zu spezifizieren.},
|
||||
author = {Achim D. Brucker},
|
||||
doi = {10.1524/itit.2013.2004},
|
||||
issn = {2196-7032},
|
||||
journal = {it - Information Technology},
|
||||
keywords = {Management of Computing and Information Systems,
|
||||
SecureBPMN, BPMN, Break-Glass, Break-the-Glass},
|
||||
language = {USenglish},
|
||||
month = {dec},
|
||||
note = {Special Issue on ``Security in Business Processes.''},
|
||||
number = {6},
|
||||
pages = {239--246},
|
||||
pdf = {http://www.brucker.ch/bibliography/download/2013/brucker-securebpmn-2013.pdf},
|
||||
publisher = {Oldenbourg Wissenschaftsverlag},
|
||||
title = {Integrating Security Aspects into Business Process
|
||||
Models},
|
||||
title_de = {Integration von Sicherheitsaspekten in
|
||||
Gesch{\"a}ftsprozessmodelle},
|
||||
url = {http://www.brucker.ch/bibliography/abstract/brucker-securebpmn-2013},
|
||||
volume = {55},
|
||||
year = {2013}
|
||||
}
|
||||
|
||||
To cite the formal analysis of SecureBPMN models, please use
|
||||
|
||||
Achim D. Brucker, Luca Compagna, and Pierre Guilleminot. Compliance
|
||||
Validation of Secure Service Compositions. In Secure and Trustworthy
|
||||
Service Composition: The Aniketos Approach. Lecture Notes in
|
||||
Computer Science: State of the Art Surveys (8900), pages 136-149,
|
||||
Springer-Verlag, 2014.
|
||||
doi:10.1145/2295136.2295160
|
||||
|
||||
A BibTeX entry for LaTeX users is
|
||||
|
||||
@InCollection{ brucker.ea:aniketos-compliance:2014,
|
||||
abstract = {The Aniketos Secure Composition Framework supports the
|
||||
specification of secure and trustworthy composition plans
|
||||
in term of BPMN\@. The diversity of security and trust
|
||||
properties that is supported by the Aniketos framework
|
||||
allows, on the one hand, for expressing a large number of
|
||||
security and compliance requirements. On the other hand,
|
||||
the resulting expressiveness results in the risk that
|
||||
high-level compliance requirements (\eg, separation of
|
||||
duty) are not implemented by low-level security means (\eg,
|
||||
role-based access control configurations).\\\\In this
|
||||
chapter, we present the Composition Security Validation
|
||||
Module (CSVM). The CSVM provides a service for checking the
|
||||
compliance of secure and trustworthy composition plans to
|
||||
the service designer. As proof-of-concept we created a
|
||||
prototype in which the CSVM module is deployed on the SAP
|
||||
NetWeaver Cloud and two CSVM Connectors are built
|
||||
supporting two well-known BPMN tools: SAP NetWeaver BPM and
|
||||
Activiti Designer.},
|
||||
address = {Heidelberg},
|
||||
author = {Achim D. Brucker and Luca Compagna and Pierre
|
||||
Guilleminot},
|
||||
booktitle = {Secure and Trustworthy Service Composition: The Aniketos
|
||||
Approach},
|
||||
doi = {10.1007/978-3-319-13518-2_10},
|
||||
editor = {Achim D. Brucker and Fabiano Dalpiaz and Paolo Giorgini
|
||||
and Per H{\aa}kon Meland and Erkuden {Rios}},
|
||||
isbn = {978-3-319-13517-5},
|
||||
keywords = {Validation, Security, BPMN, SecureBPMN, Compliance},
|
||||
number = {8900},
|
||||
pages = {136--149},
|
||||
pdf = {http://www.brucker.ch/bibliography/download/2014/brucker.ea-aniketos-compliance-2014.pdf},
|
||||
publisher = {Springer-Verlag},
|
||||
series = {Lecture Notes in Computer Science: State of the Art
|
||||
Surveys},
|
||||
title = {Compliance Validation of Secure Service Compositions},
|
||||
url = {http://www.brucker.ch/bibliography/abstract/brucker.ea-aniketos-compliance-2014},
|
||||
year = {2014}
|
||||
}
|
||||
|
||||
To cite the SecureBPMN tool-chain, please use
|
||||
|
||||
Achim D. Brucker, Isabelle Hang, Gero Lückemeyer, and Raj
|
||||
Ruparel. SecureBPMN: Modeling and Enforcing Access Control
|
||||
Requirements in Business Processes. In ACM symposium on access
|
||||
control models and technologies (SACMAT). , pages 123-126, ACM
|
||||
Press, 2012.
|
||||
doi:10.1145/2295136.2295160
|
||||
|
||||
A BibTeX entry for LaTeX users is
|
||||
|
||||
@InProceedings{ brucker.ea:securebpmn:2012,
|
||||
abstract = {Modern enterprise systems have to comply to regulations
|
||||
such as Basel III resulting in complex security
|
||||
requirements. These requirements need to be modeled at
|
||||
design-time and enforced at runtime. Moreover, modern
|
||||
enterprise systems are often business-process driven, i.
|
||||
e., the system behavior is described as high-level business
|
||||
processes that are executed by a business process execution
|
||||
engine.\\\\Consequently, there is a need for an integrated
|
||||
and tool-supported methodology that allows for specifying
|
||||
and enforcing compliance and security requirements for
|
||||
business process-driven enterprise systems.\\\\In this
|
||||
paper, we present a tool chain supporting both the
|
||||
design-time modeling as well as the run-time enforcement of
|
||||
security requirements for business process-driven systems.},
|
||||
address = {New York, NY, USA},
|
||||
author = {Achim D. Brucker and Isabelle Hang and Gero L{\"u}ckemeyer
|
||||
and Raj Ruparel},
|
||||
booktitle = {ACM symposium on access control models and technologies
|
||||
(SACMAT)},
|
||||
copyright = {ACM},
|
||||
doi = {10.1145/2295136.2295160},
|
||||
isbn = {978-1-4503-1295-0},
|
||||
language = {USenglish},
|
||||
location = {Newark, USA},
|
||||
mycopyrighturl= {http://dl.acm.org/authorize?6705782},
|
||||
pages = {123--126},
|
||||
pdf = {http://www.brucker.ch/bibliography/download/2012/brucker.ea-securebpmn-2012.pdf},
|
||||
publisher = {ACM Press},
|
||||
title = {{SecureBPMN}: Modeling and Enforcing Access Control
|
||||
Requirements in Business Processes},
|
||||
url = {http://www.brucker.ch/bibliography/abstract/brucker.ea-securebpmn-2012},
|
||||
year = {2012}
|
||||
}
|
Reference in New Issue