Journal ArticleDOI
Security requirement analysis of business processes
Peter Herrmann,Gaby Herrmann +1 more
Reads0
Chats0
TLDR
The framework MoSSBP facilitating the handling of business process security requirements from their specification to their realization is presented and a tool supporting the MoSS BP-related security analysis of business processes and the incorporation of safeguards is introduced.Abstract:
Economic globalization leads to complex decentralized company structures calling for the extensive use of distributed IT-systems. The business processes of a company have to reflect these changes of infrastructure. In particular, due to new electronic applications and the inclusion of a higher number of--potentially unknown--persons, the business processes are more vulnerable against malicious attacks than traditional processes. Thus, a business should undergo a security analysis. Here, the vulnerabilities of the business process are recognized, the risks resulting from the vulnerabilities are calculated, and suitable safeguards reducing the vulnerabilities are selected. Unfortunately, a security analysis tends to be complex and affords expensive security expert support. In order to reduce the expense and to enable domain experts with in-depth insight in business processes but with limited knowledge about security to develop secure business processes, we developed the framework MoSSBP facilitating the handling of business process security requirements from their specification to their realization. In particular, MoSS BP provides graphical concepts to specify security requirements, repositories of various mechanisms enforcing the security requirements, and a collection of reference models and case studies enabling the modification of the business processes. In this paper, the MoSS BP -framework is presented. Additionally, we introduce a tool supporting the MoSSBP-related security analysis of business processes and the incorporation of safeguards. This tool is based on object-oriented process models and acts with graph rewrite systems. Finally, we clarify the application of the MoSSBP-framework by means of a business process for tender-handling which is provided by anonymity-preserving safeguards.read more
Citations
More filters
Journal ArticleDOI
Semi-formal transformation of secure business processes into analysis class and use case models: An MDA approach
Alfonso Rodríguez,Ignacio García Rodríguez de Guzmán,Eduardo Fernández-Medina,Mario Piattini +3 more
TL;DR: This research is particularly focused on security requirements, in such a way that security is modelled along with the other aspects that are included in a business process, through the approach presented in this paper.
Journal ArticleDOI
Current Research in Risk-Aware Business Process Management – Overview, Comparison, and Gap Analysis
Suriadi Suriadi,Burkhard Weiss,Axel Winkelmann,Arthur H. M. ter Hofstede,Michael Adams,Raffaele Conforti,Colin J. Fidge,Marcello La Rosa,Chun Ouyang,Michael Rosemann,Anastasiia Pika,Moe Thandar Wynn +11 more
TL;DR: This paper compares and classifies current approaches in the area of risk-aware business process management in order to identify and explain relevant research gaps and collects and evaluates relevant literature.
Journal ArticleDOI
Secure business process model specification through a UML 2.0 activity diagram profile
TL;DR: This paper presents an extension of UML 2.0 activity diagrams which will allow security requirements to be specified in business processes and presents the application of the approach to an example based on a typical health care institution.
Journal ArticleDOI
A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions
TL;DR: It is shown that state of the art provides a rich set of methods such as access control models but still several open research challenges remain and that security in PAIS is a challenging interdisciplinary research field that assembles research methods and principles from security and PAIS.
References
More filters
Book
The Unified Modeling Language User Guide
TL;DR: In The Unified Modeling Language User Guide, the original developers of the UML provide a tutorial to the core aspects of the language in a two-color format designed to facilitate learning.
Journal ArticleDOI
Process modeling
TL;DR: In this article, software process modeling will be used as an example application for describing the current status of process modeling, issues for practical use, and the research questions that remain ahead.
Book ChapterDOI
Anonymity, unobservability, and pseudeonymity — a proposal for terminology
Andreas Pfitzmann,Marit Köhntopp +1 more
TL;DR: In this article, the authors propose a set of terminology which is both expressive and precise, and define anonymity, unlinkability, unobservability, and pseudonymity (pseudonyms and digital pseudonyms, and their attributes).
Book ChapterDOI
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management
Roshan K. Thomas,Ravi Sandhu +1 more
TL;DR: By taking a task-oriented view of access control and authorizations, TBAC lays the foundation for research into a new breed of “active” security models that are required for agent-based distributed computing and workflow management.