A Systematic Review on Security in Process-Aware Information Systems - Constitution, challenges, and future directions

A Systematic Review on Security in Process-Aware Information Systems - Constitution, challenges, and future directions

Abstract

Context: Security in Process-aware Information Systems (PAIS) has gained increased attention in current research and practice. However, a common understanding and agreement on security is still missing. In addition, the proliferation of literature makes it cumbersome to overlook and determine state of the art and further to identify research challenges and gaps. In summary, a comprehensive and systematic overview of state of the art in research and practice in the area of security in PAIS is missing. Objective: This paper investigates research on security in PAIS and aims at establishing a common understanding of terminology in this context. Further it investigates which security controls are currently applied in PAIS. Method: A systematic literature review is conducted in order to classify and define security and security controls in PAIS. From initially 424 papers, we selected in total 275 publications that related to security and PAIS between 1993 and 2012. Furthermore, we analyzed and categorized the papers using a systematic mapping approach which resulted into 5 categories and 12 security controls. Results: In literature, security in PAIS often centers on specific (security) aspects such as security policies, security requirements, authorization and access control mechanisms, or inter-organizational scenarios. In addition, we identified 12 security controls in the area of security concepts, authorization and access control, applications, verification, and failure handling in PAIS. Based on the results, open research challenges and gaps are identified and discussed with respect to possible solutions. Conclusion: This survey provides a comprehensive review of current security practice in PAIS and shows that security in PAIS is a challenging interdisciplinary research field that assembles research methods and principles from security and PAIS. We show that state of the art provides a rich set of methods such as access control models but still several open research challenges remain.

Grafik Top
Authors
  • Leitner, Maria
  • Rinderle-Ma, Stefanie
Grafik Top
Projects
Grafik Top
Shortfacts
Category
Journal Paper
Divisions
Workflow Systems and Technology
Journal or Publication Title
Information and Software Technology
ISSN
0950-5849
Publisher
Elsevier
Page Range
pp. 273-293
Number
3
Volume
56
Date
March 2014
Export
Grafik Top