Ralph Holbein

The use of business process models for security design in organisations

This paper introduces a security design method for information exchange in organisations. The method supports security authorities in the design of individual security models. An individual security model is a fully customised specification of access control information for information exchange within a particular business environment. We introduce transaction based business process models (BPMs) and utilise these models to specify need-to-know authorisations. Therefore, we allocate information from BPMs which can be transformed to access control information and derive a specification of an organisation’s individual security model. Our method provides transparency of security design because a security model is directly related to the business. Moreover, security effort and costs will be reduced because BPMs must not be specified for security reasons. BPMs are a result of management activities and therefore, existing resources from a security point of view.

A Context Authentication Service for Role Based Access Control in Distributed Systems - CARDS

Information misuse is one of the major risks for information systems in organisations. Traditional approaches for authorisation and access control are insufficient because information misuse is primarily done by authorised people. These people have opportunity to access information even for unintended purposes. Role based access controls address this problem because access rights can be related to context descriptions (roles) and therefore, need-to-know access controls can be established. Need-to-know access controls define roles according to tasks in an organisation which represent intended purposes for information usage. Nonetheless, existing approaches for role based access controls do not ensure context authenticity during system operation, i.e. correspondence between activated roles and tasks within an organisation’s actual business. Context authenticity must be ensured when a user activates a role or requests context related access to a particular object. Therefore, a context authentication service must be integrated with role based access controls. In this paper we describe the functionality and service components of a context authentication service called CARDS (Context Authentication Service for Role Based Access Control in Distributed Systems).

A comprehensive need-to-know access control system and its application for medical information systems

In this paper we present an access control system (ACS) that allows implemention as well as management of comprehensive need-to-know access control policies. The overall system is built around a role based ACS that has been extended by two additional components namely, a security design and a context autentication component which allow the overall system to cohesively implement and manage need-to-know policies. The security design component systematically generates access control information that is appropriate to initialise the role based ACS according to the individual need-to-know within an organisation. The context authentication component on the other hand, has been integrated with the access control decision facility of the role based ACS. It dynamically verifies if a need-to-know really exists at the particular point in time when users request access to information. Finally, we describe an application scenario that illustrates the benefits provided by our need-to-know ACS concerning privacy of patient data within a hospital environment.

A formal security design approach for information exchange in organisations

This paper introduces a formal security design approach for information exchange in organisations. The formal approach provides for automation of a security design method which supports security authorities in the design of individual security models. An individual security model is a fully customised specification of access control information for information exchange within a particular business environment. We introduce transaction based business process models (BPM) and utilise these models for a formal transformation to “need-to-know” authorisations. Therefore, we allocate information from BPMs which can be transformed to access control information and derive a specification of an organisation’s individual security model. Our approach provides transparency of security design because the design method ensures that a security model is directly related to the business. Moreover, security effort and costs will be reduced because BPMs must not be specified for security reasons and security design can be automated. BPMs are a result of management activities and therefore, existing resources from a security point of view.

Reaching out for quality: considering security requirements in the design of information systems

Security requirements are a fundamental ingredient for an information systems quality. Despite their importance, security requirements play the role of a “stepchild” in software engineering. If considered at all they cover the technical dimension of information systems, i.e. the electronic part of information processing. This view is insufficient to deal with the requirements of the “real world”, i.e. the organisational practice. It is not just the technical criteria which are decisive in specifying security requirements. We have extended these criteria to incorporate the social and the economic dimension of information exchange in organisations. We will illustrate this extension of traditional approaches in a comprehensive security framework and we will demonstrate the interaction of the additional security criteria with traditional approaches.

Workflow-Management-Systems: Source and Solution of Privacy Problems in Organisations

Introduction of workflow management systems (WMS) in organisations implies various information concerning employees’ productivity and performance to be generated and available on computer systems with extensive capabilities for exploitation of this personal information. In this chapter we will consider the privacy problems concerning personal information that arise by an introduction of WMS. We will show that these problems concern information misuse in general and that WMS also provide means to solve this problem. Hence, we will not consider IT security concerning confidentiality, integrity and availability of WMS, i.e. workflow services and data. Appropriate solutions for these basic security issues are well known and available by traditional means of IT security.