Eliciting Security Requirements for Business Processes of Legacy Systems

被引：6

作者：

Argyropoulos, Nikolaos ^{[1
]}

Marquez Alcaniz, Luis ^{[2
]}

Mouratidis, Haralambos ^{[1
]}

Fish, Andrew ^{[1
]}

Rosado, David G. ^{[3
]}

Garcia-Rodriguez de Guzman, Ignacio ^{[3
]}

Fernandez-Medina, Eduardo ^{[3
]}

机构：

[1] Univ Brighton, Watts Bldg,Lewes Rd, Brighton BN2 4GJ, E Sussex, England

[2] Spanish Natl Author Markets & Competit CNMC, Madrid, Spain

[3] Univ Castilla La Mancha, E-13071 Ciudad Real, Spain

来源：

PRACTICE OF ENTERPRISE MODELING, POEM 2015 | 2015年 / 235卷

关键词：

Legacy systems; Business process modelling; Goal-oriented security requirements; Secure Tropos; BPMN; MARBLE; INFORMATION-SYSTEMS; MANAGEMENT; DESIGN; MODELS;

D O I：

10.1007/978-3-319-25897-3_7

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE TM framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by nontechnical stakeholders in alignment with organisational objectives.

引用

页码：91 / 107

页数：17

共 50 条

[1] Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns
Matulevicius, Raimundas
Ahmed, Naved
[J]. IT-INFORMATION TECHNOLOGY, 2013, 55 (06): : 225 - 230
[2] Security Requirements Elicitation from Business Processes
Matulevicius, Raimundas
[J]. BUSINESS PROCESS MANAGEMENT WORKSHOPS( BPM 2014), 2015, 202
[3] Security requirements of E-business processes
Knorr, K
Röhrig, S
[J]. TOWARDS THE E-SOCIETY: E-COMMERCE, E-BUSINESS, AND E-GOVERNMENT, 2001, 74 : 73 - 86
[4] Security Requirements Engineering for Secure Business Processes
Paja, Elda
Giorgini, Paolo
Paul, Stephane
Meland, Per Hakon
[J]. WORKSHOPS ON BUSINESS INFORMATICS RESEARCH, 2012, 106 : 77 - +
[5] Dynamic Implementation of Security Requirements in Business Processes
Yang, Benyuan
Hu, Hesuan
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (02) : 1352 - 1363
[6] Experiences in eliciting security requirements
CERT, Software Engineering Institute
不详
[J]. CrossTalk, 2006, 12 (14-19):
[7] A Systems Approach for Eliciting Mission-Centric Security Requirements
Carter, Bryan T.
Bakirtzis, Georgios
Elks, Carl R.
Fleming, Cody H.
[J]. 12TH ANNUAL IEEE INTERNATIONAL SYSTEMS CONFERENCE (SYSCON2018), 2018, : 626 - 633
[8] Modeling Security Requirements in Service Based Business Processes
Turki, Sameh Hbaieb
Bellaaj, Farah
Charfi, Anis
Bouaziz, Rafik
[J]. ENTERPRISE, BUSINESS-PROCESS AND INFORMATION SYSTEMS MODELING, BPMDS 2012, 2012, 113 : 76 - 90
[9] A BPMN extension for the modeling of security requirements in business processes
Rodriguez, Alfonso
Fernandez-Medina, Eduardo
Piattini, Mario
[J]. IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2007, E90D (04) : 745 - 752
[10] Aligning legacy information systems to business processes
Kardasis, P
Loucopoulos, P
[J]. ADVANCED INFORMATION SYSTEMS ENGINEERING, 1998, 1413 : 25 - 39

← 1 2 3 4 5 →