Upload
christophe-feltus
View
213
Download
0
Embed Size (px)
Citation preview
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
1/25
Enhancing the ArchiMate® Standard with aResponsibility Modeling Language for Access Rights
Management
Christophe Feltus, Eric Dubois, Erik ProperIver Band, Michaël Petit
5 th International Conference on Security of Information and Networks (SIN 2012)22-27 October 2012, Jaipur, India
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
2/25
Plan of the presentation
ArchiMate and access rights
Responsibility modelling
Integration of Responsibility in ArchiMate
Access rights management implemented with EAM
Case study in Hospital
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
3/25
ArchiMate metamodel and the access rights
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012)3
• ArchiMate metamodel
• ArchiMate allows engineering theaccess right management andthis management may berepresented by ArchiMate
• But we have seen in practice that
providing access right tobusiness role, in smallcompanies, is not enoughprecise. Connection betweenbusiness role and permission isin practice not automatically true.
(1) Analyze and model theresponsibility.
(2) Integrate the responsibilityin ArchiMate
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
4/25
Responsibility analyze and model
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012)4
The responsibility is a charge assigned to anemployee to signify his accountabilitiesconcerning a business task, and the rightand capacity required to perform thoseaccountabilities.
The accountability represents the obligation ofwhat have to be done concerning abusiness task and the justification that it is
done to someone else, under threat ofsanction
The capability represents the qualities, the skillsor the resources intrinsic to the employeeand required to perform accountability.
The right represents the resources provided bythe company to the employee and requiredto perform accountability.
The assignment is the action of linking an agentto a responsibility. Delegation process is thetransfer of an agent’s responsibilityassignment to another agent .
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
5/25
Integrate the responsibility in ArchiMate
16/06/2014 5
Integration of 2 metamodels [Petit]3 steps approach:
1. Preparation for integration2. Investigation and definition ofthe correspondences3. Integration of both models
[Petit] M. Petit. Some methodological clues for defining
a unified enterprise modelling language. ICEIMT '01,pages 359-369, Deventer, The Netherlands, 2003
2. The business role and the
business process/function /interaction
3. The business object and thebusiness process/function
/interaction
The integration has allowedimproving the connectionbetween:
1. The business actor and thebusiness role
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
6/25
Access right management modellingwith ArchiMate
access right management (RBAC model) is a
process that may also be modelled with EAM
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
7/25
Implementing RBAC using ArchiMate previous work
16/06/2014 7
Previous work [Band]1. The data object Userscorresponds to theBusiness Actor
2. The data object RolesCorresponds to theBusiness Role3. The data objectPermissionscorresponds to the
access to data object
[Band] I. Band, Modeling RBAC with SABSA, TOGAF and ArchiMate, Creating a Foundation for Understanding and Action, Open Group Conference, Austin, Texas, 2011
7
Business ActorBusiness
object
Business
Role
Businessprocess /function /
interaction
Business Role =(RBAC) Role at the
application layer
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
8/25
Implementing RBAC-Responsibility in ArchiMate
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012)8
Based on our Responsibility metamodel,
we have 2 possible assignments:(1) Business actor to responsibility(2) Business actor to Business role
At the application layer, the 3 businessconcepts are represented through
application objects
To manage the assignment of access rightsto business actor, we also consider theemployees’ responsibilities and wedefine a permission object at the
application layer.
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
9/25
Access rights with ArchiMate/Responsibility
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012)9
At the application layer, 3 applicationobjects are created:- “Business role” application object - “Business actor” application object - “Responsibility” application object
And 4 application functions:- Compose Bus.Roles with Respons.
- Assign Bus.Actors to Bus.Roles- Assign Bus.Actors to Respons.- Assign Permissions to Respons.
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
10/25
Access rights with ArchiMate/Responsibility
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012)10
At the application layer, 3 applicationobjects are created:- “Business role” application object - “Business actor” application object - “Responsibility” application object
And 4 application functions:- Compose Bus.Roles with Respons.
- Assign Bus.Actors to Bus.Roles- Assign Bus.Actors to Respons.- Assign Permissions to Respons.
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
11/25
Optimization of the assignment
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012)11
In practice: large amount ofpermissions to roles assignment
At this application layer, in order tooptimize the access rightmanagement, we have introduced:
• an application Role data object• 2 application functions.
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
12/25
CASE STUDY AT THE HOSPITAL
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
13/25
Context of the case studyOne of the main Luxembourg hospitals,more than 2000 employees,
600 beds,27000 patients in 2011+ high security requirements such as the confidentiality
Specialized in : serious pathologies, emergency and intensive care.
Problem: No formal alignment between:- the application layer where employees are provisioned with access rights- the business layer where business roles are assigned to the employees
Objective of the case study is to illustrate:
(1) the integrated ArchiMate with Responsibility at the business layer,and(2) the enhancement of the provisioning of access rights to the employees.
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012)13
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
14/25
What we have done
The case study is illustrated with the reception department from the hospital.
The case study has been conducted between January 2011 and January 2012, tothe rhythm of one meeting a month.
During those meetings, the following persons have participated:•
the Application support manager,• the Reception department manager and• the Competences manager.
The steps of the case study are the following :1. Analyse of the Business roles2. Analyse of the Application roles3. Analyse of the Responsibilities
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012)14
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
15/25
Business rolesEmployees are categorized based on their roles defined in the Job description
The job descriptions describe the tasks to be performed by a role, as well as thenecessary knowledge required to be assigned to this role.
The job descriptions, however, do not specify the access rights required onprofessional software
An organization chart for the reception department structures the activities intoeight Business sub-roles:
SR1: Receptionist at the municipal hospital.SR2: Receptionist at the pediatric clinic and the maternitySR3: Phone reception
SR4: Info deskSR5: Human resources managementSR6: Department managementSR7: Room operatorSR8: Outsourced guardian
16/06/2014 155th International Conference on Security of
Information and Networks (SIN 2012)
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
16/25
Business roles
For instance :
The job description of the receptionist sub-role formalizes the five mainactivities to be performed by this role:
- Welcome and inform the patient,- Perform the various technical and administrative tasks,
• encode and control the data relating to the admission of ambulatoryor hospital patients,
• print and give the admission form to the patients,• manage daily access to the parking,• receive deposits,• issue invoices,
- Contribute to the enhancement and evolution of professional practices,- Train and mentor new employees,- Train and supervise trainees.
16/06/2014 165th International Conference on Security of
Information and Networks (SIN 2012)
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
17/25
Application roles ?Software architecture
• Vertical software are applicationswhich are used by well defined andwell specified healthcarebusinesses.
Eg.:• management of the
laboratory,• endoscopy software,• management of the polyclinic .
• Transversal software are thoseused together by all healthcarebusinesses. Eg.: the dispatching ofthe laboratory's results or themedical imaging.
16/06/2014 Enhancing the ArchiMate® Standard with a ResponsibilityModeling Language for Access Rights Management
17
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
18/25
Application rolesSoftware architecture
• With the ERP, the access rightmanagement is realized usingAuthor i tyObjec t .
• Author i tyObjec t is composed of zone(s)from 1 to n based on what authority
check is performed.
• Practically, Author i tyObjec t corresponds to ERP transactions andfor each transaction, a set ofauthorizations are defined such as
create, modify, delete, view historic,and so forth.
16/06/2014 18
≈ ERP transaction
≈ Application role
5 th International Conference on Security ofInformation and Networks (SIN 2012)
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
19/25
Application rolesSoftware architecture
5 Func t ional_roles are:
1. Patient's basic data encoding, that means Add or create, modify, display,delete patient's basic data and entry, transfer or leaving data related to thepatient
2. Entry, transfer or leaving patient's data encoding
3. Management of the beds status at the hospital4. Medical delivery encoding5. Patient invoices creation and modification
1 Reference_us er (REFRECEP) sum of Funct ional_roles 1 3
16/06/2014 195 th International Conference on Security ofInformation and Networks (SIN 2012)
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
20/25
ID Responsibility Required Access Right Compose Sub-Roles
1 Perform the entry record Add or create, modify, display, delete patient’s basic dataand entry, transfer, or leave data related to the patient
SR1, SR2, SR5
2 Perform the transfer management Display entry, transfer or leave data related to the patientand all rights related to the statistic software
SR1,SR2, SR5
3 Perform the beds statusmanagement
All rights related to the beds status management SR1,SR2, SR5
4 Perform equipment ordering All rights related to the equipment ordering software SR8 5 Perform the medical encoding for
billing All right related to the medical delivery encoding SR2
6 Perform the creation and demodification of patient invoices(billing)
All rights related to the patient invoices creation andmodification
SR2
7 Inform about the beds status Display rights related to the beds status SR1, SR2, SR3,SR4
8 Perform the realization of workplans
Read and write access to the Excel file: Timetable planning SR5
9 Perform the control of the monthlyworksheets
Read and write access to the Excel file: Timetable planning SR5
10 Perform the management of HRindicators: Overtime, Days off,Hours of recovery
Read and write access to the Excel file: Timetable planning SR5
11 Perform the management of theroom
Read access related to the room agenda in Groupwise multi-users
SR7
12 Perform the verification of theinfrastructure
Write access to the reporting software SR8
13 Fix defective infrastructure All rights related to equipment ordering software SR8 14 Perform the management of the
receptionists All the rights provided to the sub-roles SR1, SR2, SR3, SR4,SR5, SR7 and SR8
SR6
15 Inform about the doctor on duty Rights to read the doctors on duty planning SR3 16 Perform the statistical analysis to
follow up the daily business All rights related to the statistical software SR5, SR7
Responsibility to sub_Role to access rights
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
21/25
Existing mapping:Application roles to Business sub_RoleSR1: REFRECEP , all rights related to equipment ordering softwareSR2: REFRECEP , medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering softwareSR3: REFRECEP , all rights related to equipment ordering software, right to read the
planning of doctors on dutySR4: REFRECEP , all rights related to equipment ordering softwareSR5: REFRECEP , medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software, read and writeaccess to the Excel file: Timetable planning
SR6: All rights provided to the other sub-rolesSR7: Read access related to the room agenda in GroupWise multi-users, read access
to the ticketing tool.SR8: Write access to the reporting software, all rights related to equipment ordering
software
16/06/2014 215 th International Conference on Security ofInformation and Networks (SIN 2012)
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
22/25
SR1 : REFRECEP , all rights related to equipment ordering softwareSR2 : REFRECEP , medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering softwareSR3: REFRECEP , all rights related to equipment ordering software, right to read the
planning of doctors on dutySR4: REFRECEP , all rights related to equipment ordering softwareSR5 : REFRECEP , medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software, read and writeaccess to the Excel file: Timetable planning
SR6: All rights provided to the other sub-rolesSR7: Read access related to the room agenda in GroupWise multi-users, read access
to the ticketing tool.SR8: Write access to the reporting software, all rights related to equipment ordering
software
Existing mapping:Application roles to Business sub_RoleSR1 : REFRECEP , all rights related to equipment ordering softwareSR2 : REFRECEP , medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering softwareSR3: REFRECEP , all rights related to equipment ordering software, right to read the
planning of doctors on dutySR4: REFRECEP , all rights related to equipment ordering softwareSR5 : REFRECEP , medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software, read and writeaccess to the Excel file: Timetable planning
SR6: All rights provided to the other sub-rolesSR7: Read access related to the room agenda in GroupWise multi-users, read access
to the ticketing tool.SR8: Write access to the reporting software, all rights related to equipment ordering
software
16/06/2014 22
SR1, SR2, SR5 do not have to perform equipment ordering, although theyhave the right to do it.
5 th International Conference on Security ofInformation and Networks (SIN 2012)
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
23/25
Existing mapping:Application roles to Business sub_RoleSR1 : REFRECEP , all rights related to equipment ordering softwareSR2 : REFRECEP , medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering softwareSR3 : REFRECEP , all rights related to equipment ordering software, right to read the
planning of doctors on dutySR4 : REFRECEP , all rights related to equipment ordering softwareSR5 : REFRECEP , medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software, read and writeaccess to the Excel file: Timetable planning
SR6: All rights provided to the other sub-rolesSR7: Read access related to the room agenda in GroupWise multi-users, read access
to the ticketing tool.SR8: Write access to the reporting software, all rights related to equipment ordering
software
16/06/2014 23
SR1, SR2, SR5 do not have to perform equipment ordering, although theyhave the right to do it.
SR3 and SR4 have too many rights.
The employees assigned to the Phone reception and Infodesk role areauthorized to add or create, modify, display, delete patient's basic data
and entry, transfer, or leaving data related to the patient, although they donot require these rights.
They possess all rights related to the beds status management, although,only some of them are required to display information related to the bedsstatus.
5 th International Conference on Security ofInformation and Networks (SIN 2012)
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
24/25
CONCLUSIONS
8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management
25/25
Conclusions
16/06/2014 Presentation Tudor 25
Two objectves :(1) Analyze and model what the responsibility is.(2) Integrate the responsibility in ArchiMate
Results:
Case studies:• Using responsibility allows a finer assignment of rights to the employees• Check the alignment between the Business Role and the Application Role
Future Works/complementary validations:Applicability with other EAM ECA
Business/IT alinmentAccess
rightmanagement