nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Supporting Secure Business Process Design via Security Process Patterns

verfasst von : Nikolaos Argyropoulos, Haralambos Mouratidis, Andrew Fish

Erschienen in: Enterprise, Business-Process and Information Systems Modeling

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Security is an important non-functional characteristic of the business processes used by organisations for the coordination of their activities. Nevertheless, the implementation of security at the operational level can be challenging due to the limited security expertise of process designers and the delayed consideration of security during process development. To overcome such issues, expert knowledge and proven security solutions can be captured in the form of process patterns, which can easily be reused and integrated to business processes with minimal security-related knowledge required. In this work we introduce process-level security patterns, each of which contains the main activities required for the operationalisation of different security requirements. The introduced patterns are then used as a component of an existing framework for the creation of secure business process designs, the application of which, is illustrated through a working example. A preliminary evaluation of the proposed patterns is conducted via a workshop session.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Towards a Data-Driven Framework for Measuring Process Performance

Nächstes Kapitel NFC-Based Task Enactment for Automatic Documentation of Treatment Processes

The questionnaire and a summary of the responses can be accessed in: http://www.sense-brighton.eu/process-patterns-questionnaire/.

Ahmed, N., Matulevičius, R.: Securing business processes using security risk-oriented patterns. Comput. Stand. Interfaces 36(4), 723–733 (2014)CrossRef

Argyropoulos, N., Márquez Alcañiz, L., Mouratidis, H., Fish, A., Rosado, D.G., Guzmán, I.G.-R., Fernández-Medina, E.: Eliciting security requirements for business processes of legacy systems. In: Ralyté, J., España, S., Pastor, Ó. (eds.) PoEM 2015. LNBIP, vol. 235, pp. 91–107. Springer, Cham (2015). doi:10.1007/978-3-319-25897-3_7 CrossRef

Argyropoulos, N., Kalloniatis, C., Mouratidis, H., Fish, A.: Incorporating privacy patterns into semi-automatic business process derivation. In: IEEE 10th International Conference on Research Challenges in Information Science (RCIS), pp. 1–12. IEEE (2016)

Argyropoulos, N., Mouratidis, H., Fish, A.: Towards the derivation of secure business process designs. In: Jeusfeld, M.A., Karlapalem, K. (eds.) ER 2015. LNCS, vol. 9382, pp. 248–258. Springer, Cham (2015). doi:10.1007/978-3-319-25747-1_25 CrossRef

Decreus, K., Poels, G.: A goal-oriented requirements engineering method for business processes. In: Soffer, P., Proper, E. (eds.) CAiSE Forum 2010. LNBIP, vol. 72, pp. 29–43. Springer, Heidelberg (2011). doi:10.1007/978-3-642-17722-4_3 CrossRef

Decreus, K., Poels, G., Kharbili, M.E., Pulvermueller, E.: Policy-enabled goal-oriented requirements engineering for semantic business process management. Int. J. Intell. Syst. 25(8), 784–812 (2010)CrossRef

Fernandez, E.B., Pan, R.: A pattern language for security models. In: Proceedings of PLoP. vol. 1 (2001)

Kalloniatis, C., Kavakli, E., Gritzalis, S.: Using privacy process patterns for incorporating privacy requirements into the system design process. In: 2nd International Conference on Availability, Reliability and Security (ARES 2007), pp. 1009–1017. IEEE (2007)

Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)CrossRef

10.

Kienzle, D.M., Elder, M.C.: Security patterns for web application development. University of Virginia Technical report (2002)

11.

Lavérdiere, M., Mourad, A., Hanna, A., Debbabi, M.: Security design patterns: Survey and evaluation. In: 2006 Canadian Conference on Electrical and Computer Engineering, pp. 1605–1608. IEEE (2006)

12.

Leitner, M., Miller, M., Rinderle-Ma, S.: An analysis and evaluation of security aspects in the business process model and notation. In: 8th International Conference on Availability, Reliability and Security (ARES 2013), pp. 262–267. IEEE (2013)

13.

Li, T., Paja, E., Mylopoulos, J., Horkoff, J., Beckers, K.: Security attack analysis using attack patterns. In: IEEE 10th International Conference on Research Challenges in Information Science (RCIS), pp. 1–13. IEEE (2016)

14.

Mouratidis, H., Argyropoulos, N., Shei, S.: Security requirements engineering for cloud computing: the Secure Tropos approach. In: Karagiannis, D., Mayr, H.C., Mylopoulos, J. (eds.) Domain-Specific Conceptual Modeling, Concepts, Methods and Tools, pp. 357–380. Springer, Cham (2016)CrossRef

15.

Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)CrossRef

16.

Mouratidis, H., Weiss, M., Giorgini, P.: Modeling secure systems using an agent-oriented approach and security patterns. Int. J. Softw. Eng. Knowl. Eng. 16(03), 471–498 (2006)CrossRef

17.

Neubauer, T., Klemen, M., Biffl, S.: Secure business process management: a roadmap. In: 1st International Conference on Availability, Reliability and Security (ARES 2006), p. 8. IEEE (2006)

18.

Object Management Group: Business Process Model Notation (BPMN) Version 2.0. Technical report (2011)

19.

Rosado, D.G., Gutiérrez, C., Fernández-Medina, E., Piattini, M.: Security patterns and requirements for internet-based applications. Internet Res. 16(5), 519–536 (2006)CrossRef

20.

Salnitri, M., Dalpiaz, F., Giorgini, P.: Designing secure business processes with SecBPMN. Softw. Syst. Model., 1–21 (2016)

21.

Weske, M.: Business Process Management: Concepts, Languages, Architectures. Springer, Heidelberg (2010)

22.

Yoshioka, N., Washizaki, H., Maruyama, K.: A survey on security patterns. Prog. Inform. 5(5), 35–47 (2008)CrossRef

Titel: Supporting Secure Business Process Design via Security Process Patterns
verfasst von: Nikolaos Argyropoulos
Haralambos Mouratidis
Andrew Fish
Verlag: Springer International Publishing
Buch: Enterprise, Business-Process and Information Systems Modeling
Print ISBN: 978-3-319-59465-1

Electronic ISBN: 978-3-319-59466-8

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-59466-8_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"