Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges

Abstract

Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in PAIS. Hence, in this paper, we display state of the art and provide a taxonomy of security policies in PAIS. Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in PAIS. We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.