A CC Approach to Secure Workflow Systems | Rune Friis-Jensen
| | Abstract | Secure workflow systems are used to maintain secure and non-repudiable records of possibly very complex transactions or other business processes within a business or organisation. Such systems are coming more and more into focus, as requirements for electronically documentable business practices increase. Possible applications include areas as diverse as maintaining secure accounting records, processing of examination answers and handling laboratory records.
This thesis analyses the security requirements of such a system using an approach based on the Common Criteria for Information Technology Security Evaluation (CC). A Protection Profile (PP) is developed which in an implementationindependent manner describes the security requirements of a Secure Workflow System. On the basis of the PP a Security Target (ST), which conforms to the PP is developed. The ST identifies and describes the security requirements of a specific Secure Workflow System, which uses a centralised architecture. The ST is used to produce concrete specifications for this system which may be used for implementing a concrete system. | | Keywords | Common Criteria, Protection Profile, Security Target, Security Evaluation, Workflow, Workflow system | | Type | Master's thesis [Academic thesis] | | Year | 2007 | | Publisher | Informatics and Mathematical Modelling, Technical University of Denmark, DTU | | Address | Richard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby | | Series | IMM-Thesis-2007-11 | | Note | Supervised by Prof. Robin Sharp, IMM, DTU. | | Electronic version(s) | [pdf] | | BibTeX data | [bibtex] | | IMM Group(s) | Computer Science & Engineering |
|