dc.creator | Estañol, Montserrat | es |
dc.creator | Varela Vaca, Ángel Jesús | es |
dc.creator | Gómez López, María Teresa | es |
dc.creator | Teniente, Ernest | es |
dc.creator | Martínez Gasca, Rafael | es |
dc.date.accessioned | 2022-10-26T10:17:18Z | |
dc.date.available | 2022-10-26T10:17:18Z | |
dc.date.issued | 2022 | |
dc.identifier.citation | Estañol, M., Varela Vaca, Á.J., Gómez López, M.T., Teniente, E. y Martínez Gasca, R. (2022). Reasoning on the usage control security policies over data artifact business process models. Computer Science and Information Systems, 19 (2), 547-572. https://doi.org/10.2298/CSIS210217061E. | |
dc.identifier.issn | 2683-3867 | es |
dc.identifier.uri | https://hdl.handle.net/11441/138354 | |
dc.description.abstract | The inclusion of security aspects in organizations is a crucial aspect to
ensure compliance with both internal and external regulations. Business process
models are a well-known mechanism to describe and automate the activities of the
organizations, which should include security policies to ensure the correct performance
of the daily activities. Frequently, these security policies involve complex
data which cannot be represented using the standard Business Process Model Notation
(BPMN). In this paper, we propose the enrichment of the BPMN with a UML
class diagram to describe the data model, that is also combined with security policies
defined using the UCONABC framework annotated within the business process
model. The integration of the business process model, the data model, and the security
policies provides a context where more complex reasoning can be applied about
the satisfiability of the security policies in accordance with the business process and
data models. To do so, we transform the original models, including security policies,
into the BAUML framework (an artifact-centric approach to business process modelling).
Once this is done, it is possible to ensure that there are no inherent errors
in the model (verification) and that it fulfils the business requirements (validation),
thus ensuring that the business process and the security policies are compatible and
that they are aligned with the business security requirements. | es |
dc.description.sponsorship | Ministerio de Ciencia e Innovación PID2020-112540RB-C44 | es |
dc.description.sponsorship | Ministerio de Ciencia e Innovación TIN2017-87610-R | es |
dc.description.sponsorship | Generalitat de Catalunya 2017-SGR-1749 | es |
dc.description.sponsorship | Junta de Andalucía P20-01224 (COPERNICA) | es |
dc.description.sponsorship | Junta de Andalucía METAMORFOSIS (US-1381375) | es |
dc.format | application/pdf | es |
dc.format.extent | 25 | es |
dc.language.iso | eng | es |
dc.publisher | ComSIS Consortium | es |
dc.relation.ispartof | Computer Science and Information Systems, 19 (2), 547-572. | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
dc.subject | Business processes | es |
dc.subject | Security policy | es |
dc.subject | Usage control model | es |
dc.subject | Data artifact | es |
dc.subject | Reasoning | es |
dc.title | Reasoning on the usage control security policies over data artifact business process models | es |
dc.type | info:eu-repo/semantics/article | es |
dcterms.identifier | https://ror.org/03yxnpp24 | |
dc.type.version | info:eu-repo/semantics/submittedVersion | es |
dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos | es |
dc.relation.projectID | PID2020-112540RB-C44 | es |
dc.relation.projectID | TIN2017-87610-R | es |
dc.relation.projectID | 2017-SGR-1749 | es |
dc.relation.projectID | P20-01224 (COPERNICA) | es |
dc.relation.projectID | METAMORFOSIS (US-1381375) | es |
dc.relation.publisherversion | http://www.doiserbia.nb.rs/Article.aspx?ID=1820-02142100061E#.Y1kBknZBybg | es |
dc.identifier.doi | 10.2298/CSIS210217061E | es |
dc.contributor.group | Universidad de Sevilla. TIC-258: Data-centric Computing Research Hub | es |
dc.journaltitle | Computer Science and Information Systems | es |
dc.publication.volumen | 19 | es |
dc.publication.issue | 2 | es |
dc.publication.initialPage | 547 | es |
dc.publication.endPage | 572 | es |
dc.contributor.funder | Ministerio de Ciencia e Innovación (MICIN). España | es |
dc.contributor.funder | Generalitat de Catalunya | es |
dc.contributor.funder | Junta de Andalucía | es |