An Aspect-Oriented Approach to Enforce Security Properties in Business Processes
نویسندگان
چکیده
Security is an essential requirement for business processes. However, we observe that security is mostly addressed at the technical implementation level and not at the design level. In a previous work we motivated the need to address security already in business process modeling. In this paper, we show how one could use Aspect-Oriented Programming (AOP) to enforce security requirements in a modular way. Starting from a business process model where security requirements are expressed using a profile mechanism we generate AspectJ [1] code, which enforces those requirements. This generation is based on a set of Model-to-Text transformation rules. As security is a typical example for crosscutting concerns the usage of aspects allows for a modular implementation, in which the implementation of the business process is separated from the implementation of the security properties.
منابع مشابه
Quality-Oriented Handling of Exceptions in Web-Service-Based Cooperative Processes
Web services are increasingly used to integrate heterogeneous and autonomous applications in cross-organizational cooperations. A key problem is to support a high execution quality of complex cooperative processes, e.g. in e-business or health care. One important aspect that has received little attention so far is the dynamic handling of exceptions during process execution. To address this prob...
متن کاملSC-WS: A Context-based, Aspect-oriented Approach for Handling Security Concerns in Web Services
This paper discusses Aspect-Oriented Programming (AOP) as an efficient way to handle security concerns in Web services. Without AOP, the necessary security code would be mixed with the business logic that a Web service implements. This renders the maintenance of both code and business logic tedious and prone to errors. AOP allows confining codes of non-functional concerns like security and self...
متن کاملAn Aspect Oriented Process Based Approach To Information Risk Management
-In this era of fast paced technological advancements, security issues and risks related to it have become a key concern for all organizations. Enterprise Governance, Risk management and Compliance (GRC) is the popular approach to handle enterprise risks and reduce its impact. This paper focuses on the risk management, especially the risk assessment approaches and proposes an aspect oriented ap...
متن کاملMiddleware Support for Embedded Software with Multiple QoS Properties for Ubiquitous Computing Environments
Ubiquitous application software usually has multiple QoS requirements, such as situationawareness, real-time, and security, which make the application software development complicated. In this paper, an approach to supporting multiple QoS properties in application software using middleware is presented. Our Reconfigurable Context-Sensitive Middleware (RCSM), which provides situation-awareness s...
متن کاملWeaving Business Processes and Rules: A Petri Net Approach
The emerging service-oriented computing paradigm advocates building distributed information systems by chaining reusable services instead of by programming from scratch. To do so, not only business processes, but also business rules, policies and constraints need to be encoded in a process language such as Web Services Business Process Execution Language (WS-BPEL). Unfortunately, the intermixin...
متن کامل