The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Critical Business Processes (CBP) and the study of the aspects that allow to specify formally their properties, it has now become a subject of extensive research. Because of the multiplicity of elements involved in the treatment of CBP and its definition has evolved over time in this article provides a historical review of the concepts related to the formal specification of the properties of the CBP...
Business-process-management systems are increasingly used in service-oriented architectures (SOA), coordinating activities of loosely coupled information systems, of web services, and of human actors. This often requires exchanging and processing sensitive, personally-identifiable information, e.g., in e-employability and e-health applications. Supporting security in such a service-oriented environment...
The adoption of WSPL as a language for expressing Web service policies has shown its adequacy. The expressivity and simplicity of that language were the key factors behind this success. A desired feature in specifying Web services policies is the introduction of the context concept. In fact, very often Web service designers look for expressing rules that depend on the context in which a Web service...
Trust plays an important role in the development, implementation and operation of e-commerce systems. This paper Analyzes the current research of e-commerce trust model and research method, proposes a formal model of e-commerce trust management based on reputation, disccusses the various issues involved and their solution ideas, which gives a good foundation for further research.
The new generation of open networked IT systems poses particular challenges to software engineering due to their evolving nature and their high quality requirements. In particular, the management of service oriented systems requires the integration of perspectives from IT management, software engineering and systems operation and a systematic way to handle changes. In this paper we will present the...
Event-drive business processes require integration with distributed heterogeneous services to fulfill the functionalities. Business processes run in parallel and interact with multiple services, partners and customers as per the requirement and policy. There is a need to aggregate information from multiple resources or services according to policy. Resource or service aggregation provides better query,...
Access control is always essential for safe and security access to the system resource. Role based access control (RBAC) model is widely used in large enterprise software systems. The quality of the RBAC policy design especially role definition has great impact on the system security policy implementation. In this paper we propose a novel role engineering methods with security KAOS (SKAOS), which...
The rising need for security in SOA applications requires better support for management of non-functional properties in Web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality of a process, the consideration of security properties at the level of a process model is a promising...
Service-oriented Architectures deliver a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. In the scope of organisational workflows, SOA provides a suitable foundation to execute business processes as an orchestration of multiple independent services. Along with the increased connectivity, the corresponding security risks rise exponentially...
With the aim for promoting separation of crosscutting concerns, the notion of aspects are currently introduced throughout the lifecycle of software development, even to other domains. Many aspects are found, designed or implemented thereby. As the concrete specification and implementation mechanisms vary greatly among aspects, it is relatively complex and difficult to compare them. This paper provides...
Requirements engineering is being increasingly adopted as a key step in the software development process and so new challenges and possibilities emerge. Designing of Web services and developing of business processes and workflows for Web services is one of the most thought challenging issues in requirements engineering. The research on Web services design is well under way, but the existing design...
Traditional modelling and analysis of workflow aims at verifying the correctness of its control flow. When dealing with workflow security, the compliance of information flow with the adopted security policies needs also to be analyzed. In this paper, we propose a two-steps verification approach. While the first step is concerned by soundness of the workflow, the second one is concerned by the data...
Web service technology and the Service-oriented Architecture (SOA) paradigm have become state of the art for the integration of systems across enterprise boundaries. Here, a strong need for policies exists, which describe the Quality of Service delivered by third parties.Current policy languages in the area of Web services and SOAs allow the specification of requirements with respect to the Quality...
Automatic configuration of large and heterogeneous ICT systems and their dependability mechanisms is both desirable and daunting for the inherent complexity of these systems.Configurations are commonly designed based on personal expertise, best practice, empirical evidence, without any automatic process and formal validation mechanism. This approach leads to frequent and reiterate errors with severe...
Access control of sensitive resources is a widely used means to achieve information security. When building large-scale systems based on popular commercial component middleware, such as J2EE, a usual way to enforce access control is to define access control configurations for components in a declarative manner. These configurations can be interpreted by the J2EE security service to grant or deny access...
This paper proposes a framework for automatic generation of rules to diagnose dependability problems. The generation process starts from formal models of the target system and its configuration, and exploits concepts and techniques from the risk analysis and management field.
UML is an useful object modeling tool and workflow technology is the core to realize business process modeling, analysis, optimization and management and finally realize business process automation. The paper firstly introduces the basic conception of UML and Rational Rose and the composition and function of workflow management system, and then discusses the advantages of using of UML and Rose in...
This paper provides a roadmap for addressing security requirements on projects using an agile approach. The Dynamic Systems Development Method (DSDM) is used as an example framework for development. Security quality requirements engineering (SQUARE) is used as an example methodology to address security issues early in the development life cycle. SQUARE can be more effective when it fits into an organization's...
We propose a systems analysis framework based on goal modelling and transactions for improved decision-making about security solution architectures - with a specific focus on layered security of physical spaces and assets. The framework assists in defining more complete security strategies as well as analyzing tradeoffs between security and other factors such as cost and privacy. Using the conceptual...
In this paper, we focus on threats elicitation from an intentional service specification. We are interested in security, and we make the hypothesis that a systematic analysis of threats during the requirements engineering (RE) phase can help to reduce the number of security threats and build more robust systems. We build a structure that couples two abstraction levels: the intentional and the functional...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.