Towards a Business-Centric Definition of Security Policies

Aurélien Faravelon 1 Christine Verdier 1 Agnès Front 1
1 SIGMA
LIG - Laboratoire d'Informatique de Grenoble
Abstract : Security requirements are part of business requirements, either because they derive from forensic rules, or because they derive from the business logic that should be translated into functional requirements to guaranty that a system meets its users' needs. Extending several notations such as the UML and the BPMN has been proposed as a means to bridge the gap between business processes engineering, security policies design and system engineering. However, a gap remains between these extensions on the one hand and between the large number of access control models on the other hand. Business logic, system engineering and security design thus remain separated when they should be intertwined. In this paper, we address this issue by defining a metamodel for access control to gather the different aspects of access control. We then introduce extensions to the UML et to BPMN that we derive from this metamodel and show that from a business-centric perspective, we can derive functional requirements, and model security to generate actual security policies.
Type de document :
Communication dans un congrès
5th IEEE Int Conf on Research Challenges in Information Science (RCIS'11), 2011, Le Gosier, France. pp.1-11, 2011
Liste complète des métadonnées

https://hal.inria.fr/hal-00953441
Contributeur : Sophie Dupuy-Chessa <>
Soumis le : vendredi 28 février 2014 - 11:51:48
Dernière modification le : mardi 27 mars 2018 - 13:04:02

Identifiants

  • HAL Id : hal-00953441, version 1

Collections

Citation

Aurélien Faravelon, Christine Verdier, Agnès Front. Towards a Business-Centric Definition of Security Policies. 5th IEEE Int Conf on Research Challenges in Information Science (RCIS'11), 2011, Le Gosier, France. pp.1-11, 2011. 〈hal-00953441〉

Partager

Métriques

Consultations de la notice

83