Skip to main content
SpringerLink
Log in

Model Driven Security for Inter-organizational Workflows in e-Government

  • Conference paper
E-Government: Towards Electronic Democracy (TCGOV 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3416))

Included in the following conference series:

Abstract

Model Driven Architecture is an approach to increase the quality of complex software systems by creating high-level system models and automatically generating system architectures and components out of these models. We show how this paradigm can be applied to what we call Model Driven Security for inter-organizational workflows in e-government. Our focus is on the realization of security-critical inter-organizational workflows in the context of web services and web service orchestration. Security requirements are specified at an abstract level using UML diagrams. Out of this specification security relevant artifacts are created for the target reference architecture based on upcoming web service security standards.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Austrian Signature Act (Signaturgesetz - SigG), Art. 1 of the Act published in the Austrian Federal Law Gazette, part I, Nr. 190/1999

    Google Scholar 

  2. Federal Act on Provisions Facilitating Electronic Communications with Public Bodies (E-Government Gesetz - E-GovG), Art. 1 of the Act published in the Austrian Federal Law Gazette, part I, Nr. 10/2004, entered into force on 1 March (2004)

    Google Scholar 

  3. Federal Act concerning the Protection of Personal Data (Datenschutzgesetz - DSG2000), published in the Austrian Federal Law Gazette, part I No. 165/1999, on 17 (August 1999)

    Google Scholar 

  4. Austrian Security Manual, http://www.cio.gv.at/securenetworks/sihb/

  5. OECD Guidelines for the Security of Information Systems and Networks, http://www.ftc.gov/bcp/conline/edcams/infosecurity/popups/OECD_guidelines.pdf

  6. Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, pp. 227–239. ACM Press, New York (2000)

    Google Scholar 

  7. Ferrari, E., Thuraisingham, B.: Secure Database Systems. In: Piattini, M., Díaz, O. (eds.) Advanced Databases: Technology Design. Artech House, London (2000)

    Google Scholar 

  8. Hall, A., Chapman, R.: Correctness by construction developing a commercial secure system. IEEE Software 19(1), 18–25 (2002)

    Article  Google Scholar 

  9. The authors: Towards a Systematic Development of Secure Systems. Information Systems Security 13(3) (2004)

    Google Scholar 

  10. The authors: Towards Model Driven Security of Inter-Organizational Workflows. Accepted for SAPS (2004)

    Google Scholar 

  11. The authors: Modeling and Realizing Security-Critical Inter-Organizational Workflows. In: W. Dosch, N. Debnath (Eds.): Proceedings IASSE 2004, ISCA (2004) ISBN 1-880843-52-X

    Google Scholar 

  12. BEA, IBM, Microsoft, SAP AG, Siebel Systems Specification: Business Process Execution Language for Web Services Version 1.1 (May 2003), http://www.ibm.com/developerworks/library/ws-bpel

  13. Christensen, E., Curbera, F., Meredith, G., Weerawarana, S.: Web Services Description Language (WSDL) 1.1., http://www.w3.org/TR/wsdl

  14. BEA, IBM, Microsoft: Web services Transaction (WS-Transaction), http://www-6.ibm.com/ developerworks/webservices/library/ws-transpec/

    Google Scholar 

  15. BEA, Intalio, Sun Microsystems, SAP: Web Service Choreography Interface (WSCI) 1.0, http://www.w3.org/TR/wsci/

  16. Arkin: Business Process Modeling Language. BPMI.org, San Mateo (2002) Proposed Final Draft

    Google Scholar 

  17. IBM, Microsoft, VeriSign: Web services Security (WS-Security), http://www-106.ibm.com/developerworks/webservices/library/ws-secure/

  18. Godik, S., Moses, T.: eXtensible Access Control Markup Language (XACML) Version 1.0 3 OASIS Standard, 18 February (2003), http://www.oasis-open.org/committees/xacml/repository

  19. Cantor, S., Kemp, J., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0, Last-Call Working Draft 17, 13 July (2004), http://www.oasis-open.org/committees/download.php/7737/sstc-saml-core-2.0-draft-17.pdf

  20. Lodderstedt, T.: Model Driven Security: from UML Models to Access Control Architectures. Dissertation, Univ. of Freiburg (2003)

    Google Scholar 

  21. Leyman, F., Roller, D.: Production Workflow: Concepts and Techniques. Prentice-Hall, Englewood Cliffs (2000)

    Google Scholar 

  22. UML: http://www.uml.org

  23. OMG, UML 2.0 Superstructure Specification, http://www.omg.org/docs/ptc/03-08-02.pdf

  24. van der Aalst, W.M.P., Weske, M.: The P2P appraoch to Interorganizational Workflows. In: Dittrich, K.R., Geppert, A., Norrie, M.C. (eds.) Proceedings of the 13th International Conference on Advanced Information Systems Engineering (CAiSE 2001), pp. 140–156. Springer, Berlin (2001)

    Google Scholar 

  25. IBM: BPWS4J, http://www.alphaworks.ibm.com/tech/bpws4j

  26. Bertino, E., Castano, S., Ferrari, E.: Securing XML Documents with Author X. IEEE Internet Computing 5(3), 21–31 (2001)

    Article  Google Scholar 

  27. Chadwick, D.W.: RBAC Policies in XML for X.509 Based Privilege Management. In: Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives 2002, pp. 39–54 (2002)

    Google Scholar 

  28. Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security 6(4), 566–588 (2003)

    Article  Google Scholar 

  29. van der Aalst, W.M.P.: Loosely Coupled Interorganizational Workflows: Modeling and Analyzing Workflows Crossing Organizational Boundaries. Information and Management 37(2), 67–75 (2000)

    Article  Google Scholar 

  30. van der Aalst, W.M.P.: Process-oriented Architectures for Electronic Commerce and Interorganizational Workflow. Information Systems 24(8), 639–671 (1999)

    Article  Google Scholar 

  31. Luo, Z., Shet, A., Kochut, K., Miller, J.: Exception Handling in Workflow Systems. Applied Intelligence 13(2), 125–147 (2000)

    Article  Google Scholar 

  32. Grefen, P., Aberer, K., Hoffner, Y., Ludwig, H.: CrossFlow: cross-organizational workflow management in dynamic virtual enterprises. International Journal of Computer Systems Science & Engineering 15(5), 277–290 (2000)

    Google Scholar 

  33. Casati, F., Shan, M.: Event-based Interaction Management for Composite E-Services in eFlow. Information Systems Frontiers 4(1), 19–31 (2002)

    Article  Google Scholar 

  34. Atluri, V., Huang, W.K.: Enforcing Mandatory and Discretionary Security in Workflow Management Systems. In: Proceedings of the 5th European Symposium on Research in Computer Security (1996)

    Google Scholar 

  35. Gudes, E., Olivier, M., van de Riet, R.: Modelling, Specifying and Implementing Workflow Security in Cyberspace. Journal of Computer Security 7(4), 287–315 (1999)

    Google Scholar 

  36. Huang, W.K., Atluri, V.: SecureFlow: A secure Web-enabled Workflow Management System. In: ACM Workshop on Role-Based Access Control 1999, pp. 83–94 (1999)

    Google Scholar 

  37. Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC – A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems 12(4), 455–485 (2003)

    Article  Google Scholar 

  38. Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security for Process-Oriented Systems. In: 8th ACM Symposium on Access Control Models and Technologies. ACM Press, New York (2003)

    Google Scholar 

  39. Lang, U.: Access Policies for Middleware. PhD Thesis, University of Cambridge (2003)

    Google Scholar 

  40. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) Proceedings of the 5th International Conference on the Unified Modeling Language, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Informatik, Universität Innsbruck, Innsbruck, 6020, Österreich

    Ruth Breu, Michael Hafner & Barbara Weber

  2. Austrian Research Center Seibersdorf, Seibersdorf, 2444, Österreich

    Andrea Novak

Authors
  1. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Hafner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Barbara Weber
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andrea Novak
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Free University of Bozen-Bolzano, Dominikanerplatz-3, I-39100, Bozen, Italy

    Michael Böhlen

  2. Free University of Bozen-Bolzano, Italy

    Johann Gamper

  3. Institute of Statistics and Economics, University of Basel, Petersplatz 1, 4003, Basel, Switzerland

    Wolfgang Polasek

  4. Institute for IS Research, University of Koblenz-Landau, Universitätsstr. 1, 56070, Koblenz, Germany

    Maria A. Wimmer

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Breu, R., Hafner, M., Weber, B., Novak, A. (2005). Model Driven Security for Inter-organizational Workflows in e-Government. In: Böhlen, M., Gamper, J., Polasek, W., Wimmer, M.A. (eds) E-Government: Towards Electronic Democracy. TCGOV 2005. Lecture Notes in Computer Science(), vol 3416. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-32257-3_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-32257-3_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25016-6

  • Online ISBN: 978-3-540-32257-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation