nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

A Framework for the Visualisation of Cyber Security Requirements and Its Application in BPMN

verfasst von : Bo Zhou, Curtis Maines, Stephen Tang, Qi Shi

Erschienen in: Guide to Vulnerability Analysis for Computer Networks and Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Security requirements is the fundamental component in designing and defending IT systems against cyber attacks. Still in reality they are every so often to be overlooked due to the lack of expertise and technical approach to capture and model these requirements in an effective way. It is not helped by the fact that many companies, especially SMEs, tend to focus on the functionality of their business processes first, before considering security as an afterthought. New extensions for modelling cyber security requirements in Business Process Model and Notation (BPMN) have been proposed in the past to address this issue. In this chapter, we analyse existing extensions and identify the notational issues present within each of them. We discuss how there is yet no single extension which represents a comprehensive range of cyber security concepts. Consequently, a new framework is proposed that can be used to extend, visualise and verify cyber security requirements in not only BPMN, but any other existing modelling language. We investigate a new approach to modelling security and propose a solution that overcomes current issues whilst still providing functionality to include all concepts potentially modellable in BPMN related to cyber security. The framework utilises a “what you see is what you get” approach to allow intuitive modelling of rather complicated security concepts. It increases human understanding of the security requirements whilst minimising the cognitive load. We detail how we implemented our solution along with the novel approach our application takes to current challenges.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Identifying File Interaction Patterns in Ransomware Behaviour

Nächstes Kapitel Big Data and Cyber Security: A Visual Analytics Perspective

Chinosi M, Trombetta A (2012) Bpmn: an introduction to the standard. Comput Stand Interfaces 34(1):124–134CrossRef

Bocciarelli P, Dambrogio A (2011) A bpmn extension for modeling non functional properties of business processes. In: 2011 symposium on theory of modeling & simulation: DEVS integrative M&S symposium, pp 160–168

omg: business process model and notation (BPMN), Version 2.0 (2015). Object management group. http://www.bpmn.org/

Salnitri M, Dalpiaz F, Giorgini P (2014) Modeling and verifying security policies in business processes. Enterprise, business-process and information and information systems modeling, vol 17. Springer LCBIP, Berlin, pp 200–214

Rodriguez A, Fernandez-Medina E, Piattini M (2007) A bpmn extension for the modeling of security requirements in business processess. IEICE Trans Inf Syst 90(4):745–752CrossRef

Saleem MQ, Jaafar JB, Hassan MF (2012) A domain-specific language for modelling security objectives in a business process models of soa applications. Int J Adv Inf Sci Serv Sci 4(1):353–362

Leitner M, Miller M, Rinderle-Ma S (2013) An analysis and evaluation of security aspects in the business process model and notation. In: 2013 international conference on availability, reliability and security, pp 262–267

Moody D (2009) The “physics” of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans Softw Eng 35(6):756–779CrossRef

Genon N, Heymans P, Amyot D (2010) Analysing the cognitive effectiveness of the bpmn 2.0 visual notation. Software language engineering. Springer LNCS, Berlin, pp 377–396

10.

Popescu G, Wegmann A (2014) Using the physics of notations theory to evaluate the visual notation of the systemic enterprise architecture methodology. In: 16th IEEE conference on business informatics, pp 166–173

11.

Maines C, Llewellyn-Jones D, Tang S, Zhou B (2015) A cyber security ontology for bpmn-security extensions. In: 13th IEEE international conference on dependable, autonomic and secure computing, pp 1756–1763

12.

Pfleeger CP, Pfleeger SL (2006) Security in computing, 4th edn. Prentive Hall PTR

13.

Colblindor: tritanopia - blue-yellow color blindness (2014). http://www.colorblindness.com/tritanopia-blue-yellow-color-blindness/

14.

Labda W, Sampaio P (2014) Modeling of privacy-aware business processes in bpmn to protect personal data. In: 29th ACM symposium on applied computing, pp 1399–1405

15.

Koh SS, Zhou B (2015) Bpmn security extensions for healthcare process. In: 13th IEEE international conference on dependable, autonomic and secure computing, pp 2340–2345

16.

zur Muehlen M, Recker J (2013) We still don’t know how much bpmn is enough, but we are getting closer. Seminal contributions to information systems engineering, pp 445–451

17.

Microsoft: visio home (2016). https://products.office.com/en-gb/visio/flowchart-software

18.

Sharma T, Yadav R (2015) Security in virtual private network. Int J Innov Adv Comput Sci (IJIACS) 4:669–675

19.

Kascak L, Ave N, Rebola CB, Sanford JA (2013) Icon design for user interface of remote patient. In: 31st ACM international conference on design of communication, pp 77–83

20.

Amini F, Rufiange S, Hossain Z, Ventura Q, Irani P, McGuffin MJ (2015) The impact of interactivity on comprehending 2d and 3d visualizations of movement data. IEEE Trans Vis Comput Graphics 21(1):122–135CrossRef

21.

Brown R (2011) Using virtual worlds for collaborative business process modeling. Bus Process Manag 17(3):546–564CrossRef

22.

Maines C, Zhou B, Tang S, Shi Q (2016) Adding a third dimension to bpmn as a means of representing cyber security requirements. In: 2016 international conference on developments of E-systems engineering (DeSE), pp 105–110

23.

Maines C, Tang S (2015) An application of game technology to virtual university campus tour and interior navigation. In: 2015 international conference on developments of E-systems engineering (DeSE), pp 341–346

24.

Hinckley K, Tullio J, Pausch R, Proffitt D, Kassell N (1997) Usability analysis of 3d rotation techniques. In: 10th annual ACM symposium on user interface software and technology - UIST, pp 1–10

25.

Technologies U.: Scene view navigation: unity manual (2016). https://docs.unity3d.com/Manual/SceneViewNavigation.html

Titel: A Framework for the Visualisation of Cyber Security Requirements and Its Application in BPMN
verfasst von: Bo Zhou
Curtis Maines
Stephen Tang
Qi Shi
Verlag: Springer International Publishing
Buch: Guide to Vulnerability Analysis for Computer Networks and Systems
Print ISBN: 978-3-319-92623-0

Electronic ISBN: 978-3-319-92624-7

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-92624-7_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"