Business Process Compliance via Security Validation as a Service
Abstract—Modern enterprise systems are often process based, i.e., they allow for the direct execution of business processes that are specified in a high-level language such as BPMN. In this paper, we present a service, called Security Validation as a Service (SVaaS) for validating the compliance of the business processes during design-time. Basically, while modeling a business process the business analyst specifies as well the security and compliance requirements the business process should comply to. By pressing a button, these requirements are validated and the results are presented in a graphical format to the business analysts.
At the core of SVaaS lies a rigorous and industrially viable approach in which the security validation business logic is handled server-side (SVaaS Server) in the Cloud, while the client side user interface that business analysts use is handled by a light-weight SVaaS Connector. As proof-of-concept we created a SVaaS prototype in which the SVaaS Server is deployed on the SAP Net Weaver Cloud and two SVaaS Connectors are built to enable two well-known BPMN tools, SAP Net Weaver BPM and Activiti, to consume SVaaS against industrial relevant business processes.
Keywords-Validation, Security, Business Process Management.
I. INTRODUCTION
More and more organizational activities are captured and executed via business processes. While this increases business agility, flexibility and efficiency, security and regulatory compliance requirements, including fraud prevention require the business processes to be designed and executed with care. Industrial Business Process Management systems(BPM Clients) aim to enforce security and compliance, but are of little help in guaranteeing business analysts that the business process they have designed fulfills the expected security requirements.
Figure 1: A simple travel approval process with annotated security requirements
Figure 1 illustrates a simple example of a process for approving travel requests: a staff member may issue a travel request. Both the travel reason as well as the travel budget needs to be approved by a manager. Afterwards, the requesting user is notified if her request is granted or not. The execution of a task may be user-centric or automatic. In the latter case, the system executes a service that implements the task without user interaction; in the former case, a human is responsible for executing the task, i.e., the user has to claim the task to work it off. Regulatory compliance and company policy requirements apply also for this simple business process. Besides the role-based access control that ensures that only managers approve the travel reason and budget, we use separation of duty (SoD) constraints to ensure that the persons requesting a travel as well as approving the reason or budget are mutually exclusive. Already in this simple example, we need to validate that the access control specification and the SoD constraints do not contradict each other to ensure that the process is actually executable respectful of its regulatory compliance and security requirements. We call this validation problem, the Business Process Compliance Problem (BPCP).
Besides using standard testing techniques towards both the BPM Client platform and the software services employed by the business process to probe they are behaving as they should be, the BPCP needs to check that the business process execution within the BPM Client does not violate any of the expected security requirements. This testing activity can be recast into a validation problem that is performed at design time by considering information of the BPM Client runtime environment (e.g., users, roles, delegation policy). This recast finds its reasons in one of the key model-driven development principle underlying the BPM paradigm: you run exactly the business process that you design. Security Validation of business processes, based on a combination of model-checking, accessible user interfaces and graphical rendering of the outcomes, has been proven a successful and usable technique to detect business process compliance issues at design time [1], [2].
In this paper, we describe our business process compliance validation platform SVaaS (Security Validation as a Service) that follows up on this rigorous approach. The ultimate goal of SVaaS is to provide a scalable and extensible validation solution for the large BPM community as a whole. Moreover, providing formal analysis approaches as services clears barriers in commercializing formal methods.
The paper is organized as follows. In Section II we detail the overall SVaaS concepts (e.g., the BPCP), architecture, and operations. Section III presents what we learned in promoting security validation of business process within the SAP industrial environment including the assessment of the proof-of-concept we deployed there. Finally, in Section IV we discuss the related work and we provide some final remarks as well as future promising directions.
II. SVAAS
Figure 2 depicts a high-level overview of the SVaaS architecture. SVaaS comprises two main elements: the SVaaS Server and the SVaaS Connector. The business analyst uses a SVaaS-enabled BPM Client to validate the compliance of his/her business processes. The SVaaS-enabled BPM Client is just a BPM Client for which a SVaaS Connector has been developed and integrated. The security validation activity is triggered by the business analyst. The SVaaS Connector retrieves all
Figure 2: SVaaS architecture - high level view
the security-relevant information necessary for the validation, wraps the mina Business Process Compliance Problem (BPCP), and initiates the validation by invoking the SVaaS Server. The BPCP is an XML specification that we devised to make our approach as much as possible independent from
全文共30579字,剩余内容已隐藏,支付完成后下载完整资料
通过安全验证作为服务的业务流程合规性
摘要——现代企业系统通常是基于过程的,即它们允许直接执行以高级语言(例如BPMN)指定的业务流程。在本文中,我们提出了一个称为以安全验证作为服务(SVaaS)的服务,用于在设计时间内验证业务流程的合规性。基本上,在业务流程建模的同时,业务分析人员也明确规定业务流程应遵守的安全性和合规性要求。通过按下按钮,这些要求得到验证,结果以图形格式呈现给业务分析者。
SVaaS的核心是严谨和工业上可行的方法,是使用云中处理服务器端(SVaaS服务器)的安全验证业务逻辑,而业务分析人员使用的客户端用户界面由轻量级的SVaaS连接器处理。作为概念验证,我们创建了一个SVaaS原型,其中SVaaS服务器部署在消耗设备上,并且构建了两个SVaaS连接器,以支持两个众所周知的BPMN工具SAP Net Weaver BPM和Activiti,用来运行SVaaS工业相关业务流程。
关键字——验证,安全,业务流程管理。
一、引言
越来越多的组织活动通过业务流程捕获和执行。虽然这增加了业务敏捷性,灵活性和效率,安全性和法规遵从性要求,包括防止欺诈,但需要谨慎设计和执行业务流程。工业业务流程管理系统(BPM客户)旨在实施安全性和合规性,但对于保证业务分析人员所设计的业务流程满足预期的安全要求几乎没有帮助。
图1 批准旅行请求的过程的简单示例
图1示出了批准旅行请求的过程的简单示例:工作人员可以发出旅行请求。旅行原因以及旅行预算都需要由经理批准。之后,如果请求的用户被授予,请求用户将被通知。任务的执行可能是以用户为中心或自动执行的。在后一种情况下,系统执行不用用户交互实现任务的服务;在前一种情况下,人负责执行任务,即用户必须要求任务执行该操作。管理合规性和公司政策要求也适用于这个简单的业务流程。除了基于角色的访问控制以确保只有经理批准旅行原因和预算,我们还使用职责分离(SoD)约束,以确保要求旅行的人以及批准理由或预算是相互排斥的。在这个简单的例子中,我们需要验证访问控制规范和SoD约束是否彼此矛盾,以确保该流程实际上是可执行的,遵守其法规符合性和安全性要求。我们将这个验证问题称为业务流程合规性问题(BPCP)。
除了对BPM客户端平台和业务流程采用的软件服务采用标准测试技术以外,BPCP还需要检查BPM客户端中的业务流程执行情况是否符合要求预期的安全要求。该测试活动可以通过考虑BPM客户端运行时环境的信息(例如,用户,角色,委托策略)重新设计为在设计时执行的验证问题。 这将重新定义为BPM式的关键模型驱动开发原则之一的原因:您正好运行您设计的业务流程。基于模型检查的安全性验证业务流程,可访问的用户界面和图形呈现的结果,已被证明是在设计时检测业务流程合规性问题的成功和可用的技术[1],[2]。
在本文中,我们将描述我们的业务流程合规性验证平台SVaaS(以安全验证为服务),它遵循严格的方法。SVaaS的最终目标是为整个大型BPM社区提供可扩展和可扩展的验证解决方案。此外,提供正式的分析方法作为服务,清除正式方法商业化的障碍。
本文的结构如下。在第二部分中,我们详细介绍了SVaaS的总体概念(例如,BPCP),架构和操作。第三部分介绍了我们在促进SAP行业环境中业务流程安全验证方面所学到的知识,包括对我们部署在此的概念验证的评估。最后,在第四节中,我们讨论相关工作,并提供一些最后的评论以及未来有前途的方向。
二、SVAAS
图2描绘了SVaaS架构的高级概述。SVaaS包括两个主要元素:SVaaS服务器和SVaaS连接器。业务分析师使用支持SVaaS的BPM客户端验证其业务流程的合规性。启用SVaaS的BPM客户端只是一个已开发和集成的SVaaS连接器的BPM客户端。安全验证活动由业务分析师触发。SVaaS连接器检索验证所需的所有与安全性相关的信息,包含最小业务流程合规性问题(BPCP),通过调用SVaaS服务器启动验证。BPCP是一个XML规范,被我们设计为使我们的方法尽可能独立于目标BPM客户端。它依赖于已建立的BPMN2标准[3],并使用我们定义的BPMN2-SEC模式进行扩展,以捕获业务流程的安全性相关方面。BPCP作为REST资源处理。验证本身由SVaaS服务器处理,SVaaS服务器通过基于SAT的模型检查器(SATMC,[4])将BPCP资源转换为适合于正式分析的正式规范。一旦模型检查器完成其正式分析,将原始结果提供给SVaaS服务器,将其转换为添加到BPCP资源的正确的XML结果输出格式。现在SVaaS连接器可以访问并提供BPCP的解决结果,以便业务分析人员可以在报告问题的情况下最终处理结果并确定其业务流程。或者,可以在云端查询结果。
图2 SVaaS架构的高级概述
A、业务流程合规性问题(BPCP)
BPCP是一种XML规范,捕获所有定义了SVaaS中的业务流程合规性问题的相关数据。它是SVaaS连接器通常必须创建的,以触发SVaaS服务器上的验证。 我们处理BPCP作为REST资源,每个REST资源包括以下两个元素:
- 业务流程工作流程(标准BPMN2格式)可选地增加了数据对象及其任务输入/输出的更多细节
- 业务流程的安全性相关方面和相应的验证结果均指定在我们自己的BPMN2扩展中,用于安全性,简称BPMN2-SEC
对于接下去讨论的BPMN2-SEC主要方面的,对BPMN2标准的深刻理解虽然有帮助,但是没有必要。
图三BPMN2-SEC概述
图3描述了BPMN2-SEC的三个要素:1)目标业务流程和BPM客户端的策略,2)业务流程应该满足的安全属性,3)验证结果(如果已经获得)。 以下详细介绍这些要素。
1)策略:策略元素包括与业务流程相关的基于角色的访问控制(RBAC)和BPM客户端所遵守的授权策略。RBAC元素允许指定业务流程中涉及的角色和用户,权限以及用户和角色的权限分配。清单1显示了BPCP规范中RBAC部分的一个简单示例:
- 经理,工作人员和招待是角色(第2-7行)
- Mickael是用户(第8-11行)
- 经理被分配给Mickael(第12行)
- 定义了两个权限:一个允许执行“批准旅行”活动(第15-20行),另一个是否定执行旅行的请求(第21-25行)
- 执行“批准旅行”活动的权限分配给角色管理员(第29-30行),而禁止被分配到角色接待(第31-32行)
代码清单1
1 lt;rbacgt;
2 lt;rolesgt;
3 lt;role id='manager'gt;lt;namegt;Managerlt;/namegt;lt;/rolegt;
4 lt;role id='staff'gt;lt;namegt;Stafflt;/namegt;lt;/rolegt;
5 lt;role id='reception'gt;lt;namegt;Receptionlt;/namegt;lt;/rolegt;
6 ...
7 lt;/rolesgt;
8 lt;usersgt;
9 lt;user id='mickael'gt;lt;namegt;Mickaellt;/namegt;lt;/usergt;
10 ...
11 lt;/usersgt;
12 lt;userToRole roleRef='manager' userRef='mickael' /gt;
13 ...
14 lt;permissionsgt;
15 lt;permission id='exe_approveTravel'gt;
16 lt;actiongt;executelt;/actiongt;
17 lt;resourcegt;
18 bpmn2:main#approvetravel
19 lt;/resourcegt;
20 lt;/permissiongt;
21 lt;permission id='noexe_requestTravel' negate='true'gt;
22 lt;actiongt;executelt;/actiongt;
23 lt;resourcegt;
24 bpmn2:main#requesttravel
25 lt;/resourcegt;
26 lt;/permissiongt;
27 ...
28 lt;/permissionsgt;
29 lt;permissionAssignement principalRef='manager'
30 permissionRef='exe_approveTravel' /gt;
31 lt;permissionAssignement principalRef='reception'
32 permissionRef='noexe_requestTravel'/gt;
33 ...
34 lt;/rbacgt;
授权元素允许在业务流程执行期间指定BPM客户端使用的预期授权策略。基本上,授权政策定义了在哪种涉及业务流程的某个任务的用户的条件(如果有的话)下,可以委托给同事这样的任务。BPMN2-SECschemas支持以下标准委派概念:
- 执行授权:准备执行某个任务的用户,突然无法再执行该任务,并将该任务的执行委托给另一个用户。这个授权仅限于执行任务所需的时间。
- 授权:用户可以在一定的时间范围内将他/她的权限委托给另一个用户。当用户因假期或病假而不可用时,这是特别有用的。
BPMN2-SEC模式提供了两种指定委托策略的方法:
- 隐式:简单的语言允许快速指定标准委派策略
- 显式:一组委派规则允许指定复杂的细粒度委托策略
代码清单2
1 /* Delegation to any: */
2 lt;implicitDelegationOfExecutiongt;
3 lt;delegatorsgt;
4 lt;permittedgt;executelt;/permittedgt;
5 lt;/delegatorsgt;
6 lt;delegateesgt;
7 lt;any /gt;
8 lt;/delegateesgt;
9 lt;/implicitDelegationOfExecutiongt;
10
11
12 /* BPM Client - NetWeaver BPM: */
13 lt;implicitDelegationOfExecutiongt;
14 lt;delegatorsgt;
15 lt;permittedgt;executelt;/permittedgt;
16 lt;notProhibitedgt;executelt;/notProhibitedgt;
17 lt;/delegatorsgt;
18 lt;delegateesgt;
19 lt;notProhibitedgt;executelt;/notProhibitedgt;
20 lt;/delegateesgt;
21 lt;/implicitDelegationOfExecutiongt;
22
23 /* BPM Client - Activiti: */
24 lt;implicitDelegationOfExecutiongt;
25 lt;delegatorsgt;
26 lt;permittedgt;executelt;/permittedgt;
27 lt;/delegatorsgt;
28 lt;delegateesgt;
29 lt;permittedgt;executelt;/permittedgt;
30 lt;/delegateesgt;
31 lt;/implicitDelegationOfExecutiongt;
为了简单起见,我们在清单2中说明了隐式委托策略的一些示例:
- 对任意(第1-9行)进行委派:它捕获授权策略,其中任何允许执行任务的用户可以委派给任何其他用户。
- BPM客户端-SAP Netweaver BPM(第12-21行):与上一个类似,但委托人必须是不禁止执行该任务的用户。这是SAP NetWeaver BPM使用的委托策略,其中潜在的所有者可以将活动的执行委托给不在该活动的排除者列表中的任何其他用户。
-
BPM客户端-Activit
全文共12060字,剩余内容已隐藏,支付完成后下载完整资料
资料编号:[144565],资料为PDF文档或Word文档,PDF文档可免费转换为Word
以上是毕业论文外文翻译,课题毕业论文、任务书、文献综述、开题报告、程序设计、图纸设计等资料可联系客服协助查找。
