nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

A Valid BPMN Extension for Supporting Security Requirements Based on Cyber Security Ontology

verfasst von : Mohamed El Amine Chergui, Sidi Mohamed Benslimane

Erschienen in: Model and Data Engineering

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Business Process Model and Notation (BPMN) is the de facto standard for business process modeling. One of the most important aspect of business process models is security. Since most business processes revolve around the exchange of information, the security of such information assets becomes a critical factor for the success of the overall business process. Therefore, it is very important to capture the security requirements at conceptual level in order to identify the security needs in the first place. There is a need for an integrated tools and methodology that allows for specifying and enforcing compliance and security requirements for business process-driven enterprise systems. Furthermore, BPMN do not support the specification of security requirements along the business process modelling. This will increase the vulnerability of the system and make the future development of security for the system more difficult. In this paper, we extend the BPMN language to explicitly support the specification of security requirements derived from cyber security ontology. We incorporate visual constructs for modeling security requirements. In order to provide a commonly usable extension, these enhancements were implemented as a valid BPMN extension. An application example from the healthcare domain is used to demonstrate our approach. The experimentation denotes that the authors’ approach achieves better results in terms comprehensive understanding of incorporated security requirements.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Formalizing Reusable Communication Models for Distributed Systems Architecture

Nächstes Kapitel A Correct-by-Construction Model for Attribute-Based Access Control

http://www.omg.org/spec/MOF/.

https://www.qualtrics.com/fr/.

Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 41–48 (2009)

Rodriguez, A., Fernandez-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. E90–D(4), 745–752 (2007)CrossRef

Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN. In: Proceedings of the 17th ACM symposium on Access Control Models and Technologies - SACMAT 2012, pp. 123–126 (2012)

Qaiser, S.M., Jaafar, J.B., Hassan, M.F.: A domain-specific language for modelling security objectives in a business process models of SOA applications. Int. J. Adv. Inf. Sci. Serv. Sci. 4(1), 353–362 (2012)

Salnitri, M., Dalpiaz, F., Giorgini, P.: Modeling and verifying security policies in business processes. In: Bider, I., et al. (eds.) BPMDS/EMMSAD -2014. LNBIP, vol. 175, pp. 200–214. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43745-2_14CrossRef

Cherdantseva, Y., Hilton, J.: A reference model of information assurance and security. In: 2013 International Conference on Availability, Reliability and Security, pp. 546–555 (2013)

Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. J. Syst. Architect. 55(4), 211–223 (2009)CrossRef

Labda, W., Mehandjiev, N., Sampaio, P.: Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing - SAC 2014, pp. 1399–1405 (2014)

Mülle, J., Stackelberg, S.V., Böhm, K.: A security language for BPMN process models. In: Karlsruhe Reports in Informatics (2011)

Maines, C.L., Llewellyn-Jones, D., Tang, S., Zhou, B.: A cyber security ontology for BPMN-security extensions. In: The IEEE International Conference on Computer and Information Technology, Ubiquitous Computing and Communications, Dependable, Autonomic and Secure Computing, Pervasive Intelligence and Computing, pp. 1756–1763 (2015)

Sang, K.S., Zhou, B.: BPMN security extensions for healthcare process. In: The IEEE International Conference on Computer and Information Technology, Ubiquitous Computing and Communications, Dependable, Autonomic and Secure Computing, Pervasive Intelligence and Computing, pp. 2340–2345 (2015)

Altuhhov, O., Matulevičius, R., Ahmed, N.: An extension of business process model and notation for security risk management. Int. J. Inf. Syst. Model. Des. 4(4), 93–113 (2013)CrossRef

Basin, D., Burri, S.J., Karjoth, G.: Obstruction-free authorization enforcement: aligning security with business objectives. In: 2011 IEEE 24th Computer Security Foundations Symposium, pp. 99–113 (2011)

Maines, C.L., Zhou, B., Tang, S., Shi, Q.: Adding a third dimension to BPMN as a means of representing cyber security requirements. In: 2016 9th International Conference on Developments in eSystems Engineering (DeSE), pp. 105–110 (2016)

Argyropoulos, N., Mouratidis, H., Fish, A.: Attribute-based security verification of business process models. In: 2017 IEEE 19th Conference on Business Informatics (CBI), pp. 43–52 (2017)

Braun, R., Esswein, W.: Classification of domain-specific BPMN extensions. In: Frank, U., Loucopoulos, P., Pastor, Ó., Petrounias, I. (eds.) PoEM 2014. LNBIP, vol. 197, pp. 42–57. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45501-2_4CrossRef

Stroppi, L.J.R., Chiotti, O., Villarreal, P.D.: Extending BPMN 2.0: method and tool support. In: Dijkman, R., Hofstetter, J., Koehler, J. (eds.) BPMN 2011. LNBIP, vol. 95, pp. 59–73. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25160-3_5CrossRef

Braun, R., Schlieter, H., Burwitz, M., Esswein, W.: BPMN4CP: design and implementation of a BPMN extension for clinical pathways. In: 2014 IEEE International Conference on Bioinformatics and Biomedicine (BIBM), pp. 9–16 (2014)

Leitner, M., Miller, M., Rinderle-Ma, S.: An analysis and evaluation of security aspects in the business process model and notation. In: 2013 International Conference on Availability, Reliability and Security, pp. 262–267 (2013)

Schultz, M., Radloff, M.: Modeling concepts for internal controls in business processes – an empirically grounded extension of BPMN. In: Sadiq, S., Soffer, P., Völzer, H. (eds.) BPM 2014. LNCS, vol. 8659, pp. 184–199. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10172-9_12CrossRef

Bodart, F., Patel, A., Sim, M., Weber, R.: Should optional properties be used in conceptual modelling? a theory and three empirical tests. Inf. Syst. Res. 12(4), 384–405 (2001)CrossRef

Burton-Jones, A., Wand, Y., Weber, R.: Guidelines for empirical evaluations of conceptual modeling grammars. J. Assoc. Inf. Syst. 10(6), 495–532 (2009)

Titel: A Valid BPMN Extension for Supporting Security Requirements Based on Cyber Security Ontology
verfasst von: Mohamed El Amine Chergui
Sidi Mohamed Benslimane
Verlag: Springer International Publishing
Buch: Model and Data Engineering
Print ISBN: 978-3-030-00855-0

Electronic ISBN: 978-3-030-00856-7

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-030-00856-7_14

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner