Business processes involving several partners in different organisations impose demanding
requirements on procedures for specification, execution and maintenance. A
framework referred to as business process management (BPM) has evolved for this purpose
over the last ten years. Other approaches, such as service-oriented architecture
(SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures
and procedures for modelling and execution of so-called collaborative business
processes (CBPs).
Methods for the specification of business processes play a central role in this context,
and, several standards have emerged for this purpose. Among these, Web Services
Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has
evolved to become the de facto standard for business process definition. As such, this
language has been selected as the foundation for the research in this thesis.
Having a broadly accepted standard would principally allow the specification of
business processes in a platform-independent manner, including the capability to
specify them at one location and have them executed at others (possibly spread across
different organisations). Though technically feasible, this approach has significant
security implications, particularly on the side that is to execute a process.
The research project focused upon these security issues arising when business processes
are specified and executed in a distributed manner. The central goal has been the
development of methods to cope with the security issues arising when BPEL as a
standard is deployed in such a way exploiting the significant aspect of a standard to be
platform-independent
The research devised novel methods for specifying security policies in such a manner
that the assessment of compliance with these policies is greatly facilitated such that the
assessment becomes suited to be performed automatically. An analysis of the securityrelevant
semantics of BPEL as a specification language was conducted that resulted in
the identification of so-called security-relevant semantic patterns. Based on these
results, methods to specify security policy-implied restrictions in terms of such semantic
patterns and to assess the compliance of BPEL scripts with these policies have been
developed. These methods are particularly suited for assessment of remotely defined
BPEL scripts since they allow for pre-execution enforcement of local security policies
thereby mitigating or even removing the security implications involved in distributed
definition and execution of business processes.
As initially envisaged, these methods are comparatively easy to apply, as they are based
on technologies customary for practitioners in this field. The viability of the methods
proposed for automatic compliance assessment has been proven via a prototypic
implementation of the essential functionality required for proof-of-concept.
Date of Award | 2007 |
---|
Original language | English |
---|
Awarding Institution | |
---|
SECURITY POLICY ENFORCEMENT IN APPLICATION ENVIRONMENTS USING DISTRIBUTED SCRIPT-BASED CONTROL STRUCTURES
FISCHER-HELLMANN, K. (Author). 2007
Student thesis: PhD