Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights...
-
Upload
christophe-feltus -
Category
Documents
-
view
26 -
download
0
description
Transcript of Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights...
Enhancing the ArchiMate® Standard with a
Responsibility Modeling Language for Access Rights
Management
Christophe Feltus, Eric Dubois, Erik Proper
Iver Band, Michaël Petit
5th International Conference on Security of Information and Networks (SIN 2012)
22-27 October 2012, Jaipur, India
Plan of the presentation
ArchiMate and access rights
Responsibility modelling
Integration of Responsibility in ArchiMate
Access rights management implemented with EAM
Case study in Hospital
ArchiMate metamodel and the access rights
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012) 3
• ArchiMate metamodel
• ArchiMate allows engineering the
access right management and
this management may be
represented by ArchiMate
• But we have seen in practice that
providing access right to
business role, in small
companies, is not enough
precise. Connection between
business role and permission is
in practice not automatically true.
(1) Analyze and model the
responsibility.
(2) Integrate the responsibility
in ArchiMate
Responsibility analyze and model
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012) 4
The responsibility is a charge assigned to an
employee to signify his accountabilities
concerning a business task, and the right
and capacity required to perform those
accountabilities.
The accountability represents the obligation of
what have to be done concerning a
business task and the justification that it is
done to someone else, under threat of
sanction
The capability represents the qualities, the skills
or the resources intrinsic to the employee
and required to perform accountability.
The right represents the resources provided by
the company to the employee and required
to perform accountability.
The assignment is the action of linking an agent
to a responsibility. Delegation process is the
transfer of an agent’s responsibility
assignment to another agent.
Integrate the responsibility in ArchiMate
16/06/2014 5
Integration of 2 metamodels [Petit]
3 steps approach:
1. Preparation for integration
2. Investigation and definition of
the correspondences
3. Integration of both models
[Petit] M. Petit. Some methodological clues for defining
a unified enterprise modelling language. ICEIMT '01,
pages 359-369, Deventer, The Netherlands, 2003
2. The business role and the
business process/function
/interaction
3. The business object and the
business process/function
/interaction
The integration has allowed
improving the connection
between:
1. The business actor and the
business role
Access right management modelling
with ArchiMate
access right management (RBAC model) is a
process that may also be modelled with EAM
Implementing RBAC using ArchiMate
previous work
16/06/2014 7
Previous work [Band]
1. The data object Users
corresponds to the
Business Actor
2. The data object Roles
Corresponds to the
Business Role
3. The data object
Permissions
corresponds to the
access to data object
[Band] I. Band, Modeling RBAC with SABSA, TOGAF and
ArchiMate, Creating a Foundation for Understanding and
Action, Open Group Conference, Austin, Texas, 2011
7
Business
Actor
Business
object
Business
Role
Business
process /
function /
interaction
Business Role =
(RBAC) Role at the
application layer
Implementing RBAC-Responsibility in ArchiMate
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012) 8
Based on our Responsibility metamodel,
we have 2 possible assignments:
(1) Business actor to responsibility
(2) Business actor to Business role
At the application layer, the 3 business
concepts are represented through
application objects
To manage the assignment of access rights
to business actor, we also consider the
employees’ responsibilities and we
define a permission object at the
application layer.
Access rights with ArchiMate/Responsibility
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012) 9
At the application layer, 3 application
objects are created:
- “Business role” application object
- “Business actor” application object
- “Responsibility” application object
And 4 application functions:
- Compose Bus.Roles with Respons.
- Assign Bus.Actors to Bus.Roles
- Assign Bus.Actors to Respons.
- Assign Permissions to Respons.
Access rights with ArchiMate/Responsibility
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012) 10
At the application layer, 3 application
objects are created:
- “Business role” application object
- “Business actor” application object
- “Responsibility” application object
And 4 application functions:
- Compose Bus.Roles with Respons.
- Assign Bus.Actors to Bus.Roles
- Assign Bus.Actors to Respons.
- Assign Permissions to Respons.
Optimization of the assignment
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012) 11
In practice: large amount of
permissions to roles assignment
At this application layer, in order to
optimize the access right
management, we have introduced:
• an application Role data object
• 2 application functions.
CASE STUDY AT THE HOSPITAL
Context of the case study One of the main Luxembourg hospitals,
more than 2000 employees,
600 beds,
27000 patients in 2011
+ high security requirements such as the confidentiality
Specialized in : serious pathologies, emergency and intensive care.
Problem: No formal alignment between:
- the application layer where employees are provisioned with access rights
- the business layer where business roles are assigned to the employees
Objective of the case study is to illustrate:
(1) the integrated ArchiMate with Responsibility at the business layer,
and
(2) the enhancement of the provisioning of access rights to the employees.
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012) 13
What we have done
The case study is illustrated with the reception department from the hospital.
The case study has been conducted between January 2011 and January 2012, to
the rhythm of one meeting a month.
During those meetings, the following persons have participated:
• the Application support manager,
• the Reception department manager and
• the Competences manager.
The steps of the case study are the following :
1. Analyse of the Business roles
2. Analyse of the Application roles
3. Analyse of the Responsibilities
16/06/2014 5th International Conference on Security of
Information and Networks (SIN 2012) 14
Business roles
Employees are categorized based on their roles defined in the Job description
The job descriptions describe the tasks to be performed by a role, as well as the
necessary knowledge required to be assigned to this role.
The job descriptions, however, do not specify the access rights required on
professional software
An organization chart for the reception department structures the activities into
eight Business sub-roles:
SR1: Receptionist at the municipal hospital.
SR2: Receptionist at the pediatric clinic and the maternity
SR3: Phone reception
SR4: Info desk
SR5: Human resources management
SR6: Department management
SR7: Room operator
SR8: Outsourced guardian
16/06/2014 15
5th International Conference on Security of
Information and Networks (SIN 2012)
Business roles
For instance :
The job description of the receptionist sub-role formalizes the five main
activities to be performed by this role:
- Welcome and inform the patient,
- Perform the various technical and administrative tasks,
• encode and control the data relating to the admission of ambulatory
or hospital patients,
• print and give the admission form to the patients,
• manage daily access to the parking,
• receive deposits,
• issue invoices,
- Contribute to the enhancement and evolution of professional practices,
- Train and mentor new employees,
- Train and supervise trainees.
16/06/2014 16 5th International Conference on Security of
Information and Networks (SIN 2012)
Application roles ? Software architecture • Vertical software are applications
which are used by well defined and
well specified healthcare
businesses.
Eg.:
• management of the
laboratory,
• endoscopy software,
• management of the polyclinic.
• Transversal software are those
used together by all healthcare
businesses. Eg.: the dispatching of
the laboratory's results or the
medical imaging.
16/06/2014 Enhancing the ArchiMate® Standard with a Responsibility
Modeling Language for Access Rights Management 17
Application roles Software architecture
• With the ERP, the access right
management is realized using
AuthorityObject.
• AuthorityObject is composed of zone(s)
from 1 to n based on what authority
check is performed.
• Practically, AuthorityObject
corresponds to ERP transactions and
for each transaction, a set of
authorizations are defined such as
create, modify, delete, view historic,
and so forth.
16/06/2014 18
≈ ERP transaction
≈ Application role
5th International Conference on Security of
Information and Networks (SIN 2012)
Application roles Software architecture
5 Functional_roles are:
1. Patient's basic data encoding, that means Add or create, modify, display,
delete patient's basic data and entry, transfer or leaving data related to the
patient
2. Entry, transfer or leaving patient's data encoding
3. Management of the beds status at the hospital
4. Medical delivery encoding
5. Patient invoices creation and modification
1 Reference_user (REFRECEP) sum of Functional_roles 1 3
16/06/2014 19 5th International Conference on Security of
Information and Networks (SIN 2012)
ID Responsibility Required Access Right Compose Sub-
Roles
1 Perform the entry record Add or create, modify, display, delete patient’s basic data
and entry, transfer, or leave data related to the patient
SR1, SR2, SR5
2 Perform the transfer management Display entry, transfer or leave data related to the patient
and all rights related to the statistic software
SR1,SR2, SR5
3 Perform the beds status
management
All rights related to the beds status management SR1,SR2, SR5
4 Perform equipment ordering All rights related to the equipment ordering software SR8
5 Perform the medical encoding for
billing
All right related to the medical delivery encoding SR2
6 Perform the creation and de
modification of patient invoices
(billing)
All rights related to the patient invoices creation and
modification
SR2
7 Inform about the beds status Display rights related to the beds status SR1, SR2, SR3,
SR4
8 Perform the realization of work
plans
Read and write access to the Excel file: Timetable planning SR5
9 Perform the control of the monthly
worksheets
Read and write access to the Excel file: Timetable planning SR5
10 Perform the management of HR
indicators: Overtime, Days off,
Hours of recovery
Read and write access to the Excel file: Timetable planning SR5
11 Perform the management of the
room
Read access related to the room agenda in Groupwise multi-
users
SR7
12 Perform the verification of the
infrastructure
Write access to the reporting software SR8
13 Fix defective infrastructure All rights related to equipment ordering software SR8
14 Perform the management of the
receptionists
All the rights provided to the sub-roles SR1, SR2, SR3, SR4,
SR5, SR7 and SR8
SR6
15 Inform about the doctor on duty Rights to read the doctors on duty planning SR3
16 Perform the statistical analysis to
follow up the daily business
All rights related to the statistical software SR5, SR7
Responsibility to sub_Role to access rights
Existing mapping:
Application roles to Business sub_Role
SR1: REFRECEP, all rights related to equipment ordering software
SR2: REFRECEP, medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software
SR3: REFRECEP, all rights related to equipment ordering software, right to read the
planning of doctors on duty
SR4: REFRECEP, all rights related to equipment ordering software
SR5: REFRECEP, medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software, read and write
access to the Excel file: Timetable planning
SR6: All rights provided to the other sub-roles
SR7: Read access related to the room agenda in GroupWise multi-users, read access
to the ticketing tool.
SR8: Write access to the reporting software, all rights related to equipment ordering
software
16/06/2014 21 5th International Conference on Security of
Information and Networks (SIN 2012)
SR1: REFRECEP, all rights related to equipment ordering software
SR2: REFRECEP, medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software
SR3: REFRECEP, all rights related to equipment ordering software, right to read the
planning of doctors on duty
SR4: REFRECEP, all rights related to equipment ordering software
SR5: REFRECEP, medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software, read and write
access to the Excel file: Timetable planning
SR6: All rights provided to the other sub-roles
SR7: Read access related to the room agenda in GroupWise multi-users, read access
to the ticketing tool.
SR8: Write access to the reporting software, all rights related to equipment ordering
software
Existing mapping:
Application roles to Business sub_Role
SR1: REFRECEP, all rights related to equipment ordering software
SR2: REFRECEP, medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software
SR3: REFRECEP, all rights related to equipment ordering software, right to read the
planning of doctors on duty
SR4: REFRECEP, all rights related to equipment ordering software
SR5: REFRECEP, medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software, read and write
access to the Excel file: Timetable planning
SR6: All rights provided to the other sub-roles
SR7: Read access related to the room agenda in GroupWise multi-users, read access
to the ticketing tool.
SR8: Write access to the reporting software, all rights related to equipment ordering
software
16/06/2014 22
SR1, SR2, SR5 do not have to perform equipment ordering, although they
have the right to do it.
5th International Conference on Security of
Information and Networks (SIN 2012)
Existing mapping:
Application roles to Business sub_Role
SR1: REFRECEP, all rights related to equipment ordering software
SR2: REFRECEP, medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software
SR3: REFRECEP, all rights related to equipment ordering software, right to read the
planning of doctors on duty
SR4: REFRECEP, all rights related to equipment ordering software
SR5: REFRECEP, medical delivery encoding, patient invoices creation and
modification, all rights related to equipment ordering software, read and write
access to the Excel file: Timetable planning
SR6: All rights provided to the other sub-roles
SR7: Read access related to the room agenda in GroupWise multi-users, read access
to the ticketing tool.
SR8: Write access to the reporting software, all rights related to equipment ordering
software
16/06/2014 23
SR1, SR2, SR5 do not have to perform equipment ordering, although they
have the right to do it.
SR3 and SR4 have too many rights.
The employees assigned to the Phone reception and Infodesk role are
authorized to add or create, modify, display, delete patient's basic data
and entry, transfer, or leaving data related to the patient, although they do
not require these rights.
They possess all rights related to the beds status management, although,
only some of them are required to display information related to the beds
status.
5th International Conference on Security of
Information and Networks (SIN 2012)
CONCLUSIONS
Conclusions
16/06/2014 Presentation Tudor 25
Two objectves :
(1) Analyze and model what the responsibility is.
(2) Integrate the responsibility in ArchiMate
Results:
Case studies:
• Using responsibility allows a finer assignment of rights to the employees
• Check the alignment between the Business Role and the Application Role
Future Works/complementary validations:
Applicability with other EAM ECA
Business/IT alinment Access
right
management