By Topic

SLA Driven Process Security through Monitored E-contracts

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Tiwari, R.K. ; HIT-Hyderabad, Hyderabad ; Dwivedi, V. ; Karlapalem, K.

In this work we look into the domain of process security from a service perspective. Most often process security has been enacted through service level agreements (SLA) and business agreements. However, in a multi-party environment such as business process outsourcing (BPO) where processes themselves are offered as a service, the qualitative nature of SLA makes their monitoring quite difficult and their implementation through various restrictions, quite costly. We present our approach wherein we provide security as a process represented using e-Contracts and enacted through workflows. We explore if security too could be offered as a service which could be enacted and monitored by the process participants themselves; thus ensuring more trust. Most of the process based systems employ either Task Based Model (TBAC) or Role Based Model (RBAC) for granting privileges that are needed for executing the individual activities of the workflow. Current approaches are either potentially weak from security perspective, as they grant even those permissions to user which are actually not needed by him for executing the tasks, or they have very high administrative overhead. In this paper, we propose to couple RBAC with TBAC and additionally enforce sequential and temporal constraints over them so that process participants get only 'Need to know information' with less administrative overhead. In this paper, we propose our extended e-contract framework for security (EC framework), and the architecture of a system which implements it. In the end we present a briefcase study presenting our process security model.

Published in:

Services Computing, 2007. SCC 2007. IEEE International Conference on

Date of Conference:

9-13 July 2007