Security Requirements Engineering for Secure Business Processes

被引：0

作者：

Paja, Elda ^{[1
]}

Giorgini, Paolo ^{[1
]}

Paul, Stephane ^{[2
]}

Meland, Per Hakon ^{[3
]}

机构：

[1] Univ Trent, I-38100 Trento, Italy

[2] Thales Res & Technol, Palaiseau, France

[3] SINTEF, Trondheim, Norway

来源：

WORKSHOPS ON BUSINESS INFORMATICS RESEARCH | 2012年 / 106卷

基金：

欧盟第七框架计划;

关键词：

Security requirements; business process; BPMN; social commitments;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Traditional approaches to business process modelling deal with security only after the business process has been defined, namely without considering security needs as input for the definition. This may require very costly corrections if new security issues are discovered. Moreover, security concerns are mainly considered at the system level without providing the rationale for their existence, that is, without taking into account the social or organizational perspective, which is essential for business processes related to considerably large organizations. In this paper, we introduce a framework for engineering secure business processes. We propose a security requirements engineering approach to model and analyze participants' objectives and interactions, and then derive from them a set of security requirements that are used to annotate business processes. We capture security requirements through the notion of social commitment, that is a promise with contractual validity between participants. We illustrate the framework by means of an Air Traffic Management scenario.

引用

页码：77 / +

页数：2

共 50 条

[1] Security Requirements Elicitation from Business Processes
Matulevicius, Raimundas
[J]. BUSINESS PROCESS MANAGEMENT WORKSHOPS( BPM 2014), 2015, 202
[2] Security requirements of E-business processes
Knorr, K
Röhrig, S
[J]. TOWARDS THE E-SOCIETY: E-COMMERCE, E-BUSINESS, AND E-GOVERNMENT, 2001, 74 : 73 - 86
[3] Dynamic Implementation of Security Requirements in Business Processes
Yang, Benyuan
Hu, Hesuan
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (02) : 1352 - 1363
[4] Engineering secure software by modelling privacy and security requirements
Kreeger, MN
Duncan, I
[J]. 39TH ANNUAL 2005 INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY, PROCEEDINGS, 2005, : 37 - 40
[5] Modeling Security Requirements in Service Based Business Processes
Turki, Sameh Hbaieb
Bellaaj, Farah
Charfi, Anis
Bouaziz, Rafik
[J]. ENTERPRISE, BUSINESS-PROCESS AND INFORMATION SYSTEMS MODELING, BPMDS 2012, 2012, 113 : 76 - 90
[6] Eliciting Security Requirements for Business Processes of Legacy Systems
Argyropoulos, Nikolaos
Marquez Alcaniz, Luis
Mouratidis, Haralambos
Fish, Andrew
Rosado, David G.
Garcia-Rodriguez de Guzman, Ignacio
Fernandez-Medina, Eduardo
[J]. PRACTICE OF ENTERPRISE MODELING, POEM 2015, 2015, 235 : 91 - 107
[7] A BPMN extension for the modeling of security requirements in business processes
Rodriguez, Alfonso
Fernandez-Medina, Eduardo
Piattini, Mario
[J]. IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2007, E90D (04) : 745 - 752
[8] Incorporating Security Requirements Engineering into Standard Lifecycle Processes
Mead, Nancy R.
Viswanathan, Venkatesh
Zhan, Justin
[J]. INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2008, 2 (04): : 67 - 79
[9] Secure Information Systems development -: Based on a security requirements engineering process
Mellado, Daniel
Fernandez-Medina, Eduardo
Piattini, Mario
[J]. SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2006, : 467 - +
[10] Supporting Security Requirements Engineering Through the Devolpmemt of the secure devolopmemt Ontology
Steinmann, Jessica
Ochoa, Omar
[J]. 16TH IEEE INTERNATIONAL CONFERENCE ON SEMANTIC COMPUTING (ICSC 2022), 2022, : 151 - 158

← 1 2 3 4 5 →