Skip to main content
SpringerLink
Log in

Balancing Flexibility and Security in Adaptive Process Management Systems

  • Conference paper
On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE (OTM 2005)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3760))

Abstract

Process–aware information systems (PAIS) must provide sufficient flexibility to their users to support a broad spectrum of application scenarios. As a response to this need adaptive process management systems (PMS) have emerged, supporting both ad-hoc deviations from the predefined process schema and the quick adaptation of the PAIS to business process changes. This newly gained runtime flexibility, however, imposes challenging security issues as the PMS becomes more vulnerable to misuse. Process changes must be restricted to authorized users, but without nullifying the advantages of a flexible system by handling authorizations in a too rigid way. This paper discusses requirements relevant in this context and proposes a comprehensive access control (AC) model with special focus on adaptive PMS. On the one hand, our approach allows the compact definition of user dependent access rights restricting process changes to authorized users only. On the other hand, the definition of process type dependent access rights is supported to only allow for those change commands which are applicable within a particular process context. Respective AC mechanisms will be key ingredients in future adaptive PMS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Reichert, M., Dadam, P.: ADEPT flex - supporting dynamic changes of workflows without losing control. JIIS 10, 93–129 (1998)

    Google Scholar 

  2. Jørgensen, H.D.: Interactive Process Models. PhD thesis, Norwegian University of Science and Technology, Trondheim, Norway (2004)

    Google Scholar 

  3. Rinderle, S., Reichert, M., Dadam, P.: Correctness criteria for dynamic changes in workflow systems – a survey. Data and Knowledge Engineering, Special Issue on Advances in Business Process Management 50, 9–34 (2004)

    Google Scholar 

  4. Casati, F., Ceri, S., Pernici, B., Pozzi, G.: Workflow evolution. Data and Knowledge Engineering 24, 211–238 (1998)

    Article  MATH  Google Scholar 

  5. v.d. Aalst, W.M.P., Basten, T.: Inheritance of workflows: An approach to tackling problems related to change. Theoret. Comp. Science 270, 125–203 (2002)

    Article  MATH  Google Scholar 

  6. Strong, D., Miller, S.: Exceptions and exception handling in computerized information processes. ACM–TOIS 13, 206–233 (1995)

    Google Scholar 

  7. Weber, B., Wild, W., Breu, R.: CBRFlow: Enabling adaptive workflow management through conversational case-based reasoning. In: Funk, P., González Calero, P.A. (eds.) ECCBR 2004. LNCS (LNAI), vol. 3155, pp. 434–448. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  8. Luo, Z., Sheth, A., Kochut, K., Miller, J.: Exception handling in workflow systems. Applied Intelligence 13, 125–147 (2000)

    Article  Google Scholar 

  9. Weske, M.: Workflow management systems: Formal foundation, conceptual design, implementation aspects. University of Münster, Germany, Habil Thesis (2000)

    Google Scholar 

  10. Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC - a workflow security model incorporating controlled overriding of constraints. IJCIS 12, 455–485 (2003)

    Google Scholar 

  11. Bertino, E., Ferrari, E., Alturi, V.: The specification and enforcement of authorization constraints in wfms. ACM Trans. on Inf. and Sys. Sec. 2, 65–104 (1999)

    Article  Google Scholar 

  12. Botha, R., Eloff, J.: A framework for access control in workflow systems. Information Management and Computer Security 9, 126–133 (2001)

    Article  Google Scholar 

  13. Casati, F., Castano, S., Fugini, M.: Managing workflow authorization constraints through active database technology. Inf. Sys. Frontiers 3, 319–338 (2001)

    Article  Google Scholar 

  14. Liu, D.-R., Wu, M.-Y., Lee, S.-T.: Role-based authorization for workflow systems in support of task-based separation of duty. The Journal of Systems and Software 73, 375–387 (2004)

    Article  Google Scholar 

  15. van der Aalst, W.M.P., Weske, M., Grünbauer, D.: Case handling: A new paradigm for business process support. Data and Knowledge Engineering 53, 129–162 (2005)

    Article  Google Scholar 

  16. Atluri, V., Huang, W.K.: Enforcing mandatory and discretionary security in workflow management systems. Journal of Computer Security 5, 303–339 (1997)

    Google Scholar 

  17. Domingos, D., Rito-Silva, A., Veiga, P.: Authorization and access control in adaptive workflows. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 23–38. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  18. Rinderle, S.: Schema Evolution in Process Management Systems. PhD thesis, University of Ulm (2004)

    Google Scholar 

  19. Rinderle, S., Weber, B., Reichert, M., Wild, W.: Integrating process learning and process evolution - a semantics based approach. In: van der Aalst, W.M.P., Benatallah, B., Casati, F., Curbera, F. (eds.) BPM 2005. LNCS, vol. 3649, pp. 252–267. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Weber, B., Reichert, M., Rinderle, S., Wild, W.: Towards a framework for the agile mining of business processes. In: Proc. of Int’l BPI workshop (2005)

    Google Scholar 

  21. Weber, B., Rinderle, S., Wild, W., Reichert, M.: CCBR–driven business process evolution. In: Muñoz-Ávila, H., Ricci, F. (eds.) ICCBR 2005. LNCS (LNAI), vol. 3620, pp. 610–624. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  22. Reichert, M.: Dynamic Changes in Workflow-Management-Systems. PhD thesis, University of Ulm, Computer Science Faculty (2000) (in German)

    Google Scholar 

  23. Konyen, I.: Organizational structures and business processes in hospitals. Master’s thesis, University of Ulm, Computer Science Faculty (1996) (in German)

    Google Scholar 

  24. Ferraiolo, D.F., Kuhn, D.R.: Role based access control. In: 15th National Computer Security Conference (1992)

    Google Scholar 

  25. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29, 38–47 (1996)

    Google Scholar 

  26. Ferraiolo, D.F., Chandramouli, R., Kuhn, D.R.: Role-Based Access Control. Artech House, Incorporated (2003)

    Google Scholar 

  27. Sadiq, S., Sadiq, W., Orlowska, M.: Pockets of flexibility in workflow specifications. In: Kunii, H.S., Jajodia, S., Sølvberg, A. (eds.) ER 2001. LNCS, vol. 2224, pp. 513–526. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Quality Engineering Research Group, University of Innsbruck, Austria

    Barbara Weber

  2. Information Systems Group, University of Twente, The Netherlands

    Manfred Reichert

  3. Evolution Consulting, Innsbruck, Austria

    Werner Wild

  4. Dept. Databases and Information Systems, University of Ulm, Germany

    Stefanie Rinderle

Authors
  1. Barbara Weber
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manfred Reichert
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Werner Wild
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stefanie Rinderle
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STARLab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. School of Computer Science and Information Technology, RMIT University, Bld 10.10, 376-392 Swanston Street, 3001, Melbourne, VIC, Australia

    Zahir Tari

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Weber, B., Reichert, M., Wild, W., Rinderle, S. (2005). Balancing Flexibility and Security in Adaptive Process Management Systems. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE. OTM 2005. Lecture Notes in Computer Science, vol 3760. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11575771_7

Download citation

  • DOI: https://doi.org/10.1007/11575771_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29736-9

  • Online ISBN: 978-3-540-32116-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation