Skip to Main content Skip to Navigation
New interface
Conference papers

Towards a Business-Centric Definition of Security Policies

Abstract : Security requirements are part of business requirements, either because they derive from forensic rules, or because they derive from the business logic that should be translated into functional requirements to guaranty that a system meets its users' needs. Extending several notations such as the UML and the BPMN has been proposed as a means to bridge the gap between business processes engineering, security policies design and system engineering. However, a gap remains between these extensions on the one hand and between the large number of access control models on the other hand. Business logic, system engineering and security design thus remain separated when they should be intertwined. In this paper, we address this issue by defining a metamodel for access control to gather the different aspects of access control. We then introduce extensions to the UML et to BPMN that we derive from this metamodel and show that from a business-centric perspective, we can derive functional requirements, and model security to generate actual security policies.
Document type :
Conference papers
Complete list of metadata
Contributor : Sophie Dupuy-Chessa Connect in order to contact the contributor
Submitted on : Friday, February 28, 2014 - 11:51:48 AM
Last modification on : Wednesday, July 6, 2022 - 4:16:34 AM


  • HAL Id : hal-00953441, version 1



Aurélien Faravelon, Christine Verdier, Agnès Front. Towards a Business-Centric Definition of Security Policies. 5th IEEE Int Conf on Research Challenges in Information Science (RCIS'11), 2011, Le Gosier, France. pp.1-11. ⟨hal-00953441⟩



Record views