Kurt Bauknecht

The use of business process models for security design in organisations

This paper introduces a security design method for information exchange in organisations. The method supports security authorities in the design of individual security models. An individual security model is a fully customised specification of access control information for information exchange within a particular business environment. We introduce transaction based business process models (BPMs) and utilise these models to specify need-to-know authorisations. Therefore, we allocate information from BPMs which can be transformed to access control information and derive a specification of an organisation’s individual security model. Our method provides transparency of security design because a security model is directly related to the business. Moreover, security effort and costs will be reduced because BPMs must not be specified for security reasons. BPMs are a result of management activities and therefore, existing resources from a security point of view.

A formal security design approach for information exchange in organisations

This paper introduces a formal security design approach for information exchange in organisations. The formal approach provides for automation of a security design method which supports security authorities in the design of individual security models. An individual security model is a fully customised specification of access control information for information exchange within a particular business environment. We introduce transaction based business process models (BPM) and utilise these models for a formal transformation to “need-to-know” authorisations. Therefore, we allocate information from BPMs which can be transformed to access control information and derive a specification of an organisation’s individual security model. Our approach provides transparency of security design because the design method ensures that a security model is directly related to the business. Moreover, security effort and costs will be reduced because BPMs must not be specified for security reasons and security design can be automated. BPMs are a result of management activities and therefore, existing resources from a security point of view.

DB++ — persistent objects for C++

Most object-oriented programming languages (OOPL) are designed without regard to data base aspects and do not support persistent objects or mechanisms to share objects. Experiences with the combination of C++ [STR86] and a relational database system (RDBS) in the development of a toolset based on the prototyping paradigm [POM88] have shown that the relational data model is not adequate to model the complex objects of the tools. In addition it has been found that the concepts like inheritance and encapsulation realized in the implementation language C++ do not go together well with the concepts incorporated in the RDBS, as for example, the set oriented data manipulation language. This has led to the decision to build persistent objects for C++ as basis for new CASE-tools.

Cryptographic key distribution and authentication protocols for secure group communication

Authentication protocols have until now focussed on two or three party interaction and neglected n party interactions as in the case of more general group communication. In this discourse, the semantics of group authentication are addressed and a separation into complete and selective group authentication techniques is proposed.

Information Security Concepts in Computer Supported Cooperative Work

With this paper we introduce information security aspects and concepts to the field of Computer Supported Cooperative Work (CSCW). Starting from a functional view of CSCW technology and the definition of the relevant security areas we outline a catalogue of security criteria which should be fulfilled by CSCW applications in order to increase the acceptance and reliability of such systems. Classical information security criteria such as confidentiality are adapted to the specific security requirements of CSCW applications and new security criteria being specific to CSCW applications are presented. Furthermore, we propose how to map CSCW artefacts (such as collaborative writing) onto security criteria.

A FRAMEWORK TO SUPPORT DECISIONS ON APPROPRIATE SECURITY MEASURES

Abstract Security is the result of various decision processes on different organizational levels. While the achievement of an overall security level is a corporate-wide task, there are on each corporate level different aspects, various priorities, views, and interests which can help and influence the decision process of the involved managers. The intention of this paper is to introduce a framework which suggests the kind of information needed on different management levels to prepare and coordinate high-quality security decisions. We will focus on the choice, collection, and preparation of the relevant information as processes which can influence a security decision in a significant way. Furthermore some tools and methods suitable to prepare and present these informations are briefly discussed and compared. The usefulness of the proposed framework will be demonstrated by the example of Network Security Management in an Open System.

Name Reactions in Organic Chemistry — a New Application Domain for Deductive Databases

Name reactions are reaction schemes that are used to plan chemical syntheses. We present the deductive database application DedChem that computes a synthesis tree for chemical substances from name reactions stored in a database using nonlinear recursive deduction rules.

Virenprophylaxe im Hochschulbetrieb-Erfahrungen mit Schutzmaßnahmen an der Universität Zürich

Dieser Beitrag soll die Virenproblematik im Hochschulbereich aufzeigen und ein Konzept vorstellen, das zur Viren Vorbeugung seit Februar 1989 an der Universitat Zurich realisiert ist. Die Uberlegungen, die diesem Konzept zugrunde liegen, sowie Schwierigkeiten und erste Erfahrungen sollen im Folgenden diskutiert werden.

Arbeiten mit Informatikanwendungen

Weit uber die Halfte aller Buroarbeitsplatze sind in der westlichen Welt heute mit Informatikmitteln ausgerustet; dazu kommen Informatikeinsatze in der Produktion, im Verkehr und an vielen anderen Orten. Die Informatik bringt offensichtlich wirtschaftlichen Nutzen.

Realisierung von Informatikanwendungen

Jede Informatikanwendung beeinflusst Arbeitsablaufe. Sie automatisiert bestimmte Informationsflusse; andere belasst sie dem Menschen. Entsprechend wichtig und auch heikel ist daher die Vorbereitung jeder Informatikanwendung; diese Entwicklungsarbeit bildet ein sog. Informatikprojekt.