'CSCAN Network' Research Student Profile

Home People Profile...

Dr Klaus-Peter Fischer PhD

CSCAN Network Research Student

Brief biographical information



Access thesis on-line

Security Policy Enforcement in Application Environments using Distributed Script-Based Control Structures

Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the securityrelevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept.

Dr Klaus-Peter Fischer

Director of studies: Prof Dr Udo Bleimann
Other supervisors: Prof Steven M Furnell, Prof Dr Woldemar Fuhrmann

Journal papers

Traceability in Model-Based Testing
George M, Fischer KP, Knahl MH, Bleimann U, Atkinson S
Future Internet, Vol. 4, Iss.4, pp1026-1036, 2012
More details | External link available

Analysis of security-relevant semantics of BPEL in cross-domain defined business processes
Fischer KP, Bleimann U, Fuhrmann W, Furnell SM
Information Management & Computer Security, Volume 15, Issue 2, pp116-127, 2007
More details

2 Journal papers

Conference papers

Case-based reasoning approach for re-use activities
Zinn M, Fischer KP, Schoop R
Proceedings of the 3th International Workshop on Software Knowledge (SKY 2012), pp. 31-42, ISBN: 978-989-8565-32-7, 2012
More details | External link available

Automated Reuse of Software Reuse Activities in an industrial environment – Case Study Results
Zinn M, Fischer KP, Schoop R
Proceedings of the 6th International Conference on Software Engineering Advances (ICSEA 2012), pp. 331-340, ISBN: 978-1-61208-230-1, 2012
More details | External link available

Reuseable Software Unit Knowledge for Device Deployment
Zinn M, Fischer KP, Schoop R
Proceedings of the third conference of "Conception of complex automation systems (Entwurf komplexer Automatisierungssysteme)" EKA 2012, pp99-110, ISBN: 978-3-940961-72-3, 2012
More details

Reusable Software Units Integration Knowledge in a Distributed Development Environment
Zinn M, Fischer KP, Schütte A, Phippen AD
Proceedings of the 2nd International Workshop on Software Knowledge, 26 October, Paris, France, pp24-35, ISBN: 978-989-8425-82-9, 2011
More details | External link available

Information Demand Model for Software Unit Reuse
Zinn M, Fischer KP, Schütte A, Phippen AD
Proceedings of the 20th International Conference on Software Engineering, June 20-22, Las Vegas, USA, pp32-39, ISBN: 978-1-880843-82-6, 2011
Won Best Paper Award
More details

Bridging the gaps in model based testing
George M, Fischer KP, Knahl MH, Bleimann U, Atkinson S
Proceedings of the Fourth International Conference on Internet Technologies and Applications (ITA 11), 6-9 September 2011, Wrexham, UK, pp 300-307, ISBN: 978-0-946881-68-0, 2011
More details

Device services as reusable units of modelling in a service-oriented environment - - An analysis case study
Zinn M, Bepperling A, Schoop R, Phippen AD, Fischer KP
Proceedings of the 2010 IEEE International Symposium on Industrial Electronic (ISIE2010), 4-7 July, Bari, Italy, pp1728-1735, ISBN 978-1-4244-6391-6, 2010
More details

Finding Reusable Units of Modelling - an Ontology Approach
Zinn M, Fischer KP, Phippen AD, Schütte A
Proceedings of the Eighth International Network Conference (INC 2010), Heidelberg, Germany, 8-10 July, ISBN: 978-1-84102-259-8, pp377-386, 2010
Can be ordered on-line.
More details | Download PDF

Pre-execution Security Policy Assessment of Remotely Defined BPEL-Based Grid Processes
Fischer KP, Bleimann U, Furnell SM
Proceedings of the 4th International Conference on Trust, Privacy & Security in Digital Business, September 3 – 7, Regensburg, Germany, ISBN: 978-3-540-74408-5, pp178-189, 2007
More details

Security Policy Enforcement in BPEL-Defined Collaborative Business Processes
Fischer KP, Bleimann U, Fuhrmann W, Furnell SM
Proceedings of the 1st International Workshop on Security Technologies for Next Generation Collaborative Business Applications (SECOBAP 07), April 15-16 & 20, Istanbul, Turkey, ISBN: 1-4244-0832-6, pp 685-694, 2007
More details

Security-Relevant Semantic Patterns of BPEL in Cross-Organisational Business Processes
Fischer KP, Bleimann U, Fuhrmann W, Furnell SM
Proceedings of the Sixth International Network Conference (INC2006), Plymouth, UK, 11-14 July, pp203-212, 2006
More details | Download PDF

A Security Infrastructure for Cross-Domain Deployment of Script-Based Business Processes in SOC Environments
Fischer KP, Bleimann U, Fuhrmann W, Furnell SM
Proceedings of Fifth International Network Conference (INC 2005), July 5-7, Samos, Greece, pp207-216, 2005
More details | Download PDF

12 Conference papers

Books

Information Flow Based Security Control Beyond RBAC
Fischer KP
Springer Vieweg, ISBN 978-3-8348-2617-6, pp161, 2012
More details | External link available

1 Books

Internal publications

Attack Vectors to Wireless ZigBee Network Communications - Analysis and Countermeasures
Markert J, Massoth M, Fischer KP, Furnell SM, Bolan C
Proceedings of the Seventh Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2011), Furtwangen, Germany, ISBN: 978-1-84102-295-6, pp57-66, 2011
Can be ordered on-line.
More details | Download PDF | External link available

Introducing a Framework and Methodological Guidance for Model Based Testing
George M, Fischer KP, Knahl MH, Bleimann U, Atkinson S
Proceedings of the Sixth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2010), Plymouth, UK, ISBN: 978-1-84102-269-7, pp1-10, 2010
Can be ordered on-line.
More details | Download PDF

Development of a CASE-tool for the Service-Based Software Construction
Zinn M, Fischer KP, Phippen AD
Proceedings of the Fifth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2009), Darmstadt, Germany, ISBN: 978-1-84102-236-9, pp134-144, 2009
Can be ordered on-line.
More details | Download PDF

Security-relevance of semantic patterns in cross-organisational business processes using WS-BPEL
Fischer KP, Bleimann U, Fuhrmann W, Furnell SM
Proceedings of the Third Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2007), Plymouth, UK, ISBN: 978-1-8410-2173-7, pp67-80, 2007
Can be ordered on-line.
More details | Download PDF

4 Internal publications

19 publication(s) - all categories.