A taxonomy for assessing security in business process modelling

Proceedings - International Conference on Research Challenges in Information Science

Volumn , Issue , 2013, Pages

  Ahmed, Naved ^a   Matulevicius, Raimundas ^a  

^a UNIVERSITY OF TARTU   (Estonia)

Author keywords

[No Author keywords available]

Indexed keywords

BUSINESS MODELLING; BUSINESS PROCESS; BUSINESS PROCESS MODEL; DESIGN AND IMPLEMENTATIONS; PROCESS DEVELOPMENT; SECURITY ENGINEERING; SECURITY IN BUSINESS PROCESS; SECURITY PATTERNS;

INFORMATION SCIENCE;

TAXONOMIES;

EID: 84884168441     PISSN: 21511349     EISSN: 21511357     Source Type: Conference Proceeding    
DOI: 10.1109/RCIS.2013.6577700     Document Type: Conference Paper

References (44)

1. "Merriam-Webster Online Dictionary," available at http://www.m-w.com.
2. "Information technology security evaluation criteria," Commission of European Communities, Tech. Rep. version 1.2, 1991.
3. "ENV 12 204, Advanced Manufacturing Technology Systems Architectureconstructs for Enterprise Modelling," Tech. Rep., 1995.
4. Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0. Redmond, WA, USA: Microsoft Press, 2006.
5. R. S. Aguilar-Saven, "Business process modelling: Review and framework," International Journal of Production Economics, vol. 90, no. 2, pp. 129-149, 2004.
6. N. Ahmed and R. Matulevi?cius, "Securing Business Processes using Security Risk-oriented Patterns," accepted at Journal of Computer Standards & Interfaces, Elsevier, 2013.
7. Riga, Latvia. Riga Technical University
8. N. Ahmed, R. Matulevi?cius, and N. H. Khan, "Eliciting Security Requirements for Business Processes Using Patterns," in WOSIS 2012-Proceedings of the 9th International Workshop on Security in Information Systems. SciTePress, 2012.
9. C. Aitken, C. Stephenson, and R. Brinkworth, "Process Classification Frameworks," in Handbook on Business Process Management 2, ser. International Handbooks on Information Systems. Springer Berlin Heidelberg, 2010, pp. 73-92.
10. A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, "Basic Concepts and Taxonomy of Dependable and Secure Computing," Dependable and Secure Computing, IEEE Transactions on, vol. 1, no. 1, pp. 11-33, 2004.
11. F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, and M. Stal, Pattern-oriented software architecture: a system of patterns. New York, NY, USA: John Wiley & Sons, Inc., 1996.
12. B. H. C. Cheng, S. Konrad, L. A. Campbell, and R.Wassermann, "Using security patterns to model and analyze security," in In IEEE Workshop on Requirements for High Assurance Systems, 2003, pp. 13-22.
13. E. W. Cope, J. M. Kuster, D. Etzweiler, L. A. Deleris, and B. Ray, "Incorporating Risk into Business Process Models," IBM J. Res. Dev., vol. 54, no. 3, 2010.
14. B. Curtis, M. I. Kellner, and J. Over, "Process modeling," Commun. ACM, vol. 35, no. 9, pp. 75-90, 1992.
15. R. Dijkman, M. Dumas, B. van Dongen, R. Kaarik, and J. Mendling, "Similarity of Business Process Models: Metrics and Evaluation," Information Systems, vol. 36, no. 2, pp. 498-516, 2011.
16. B. Dongen, R. Dijkman, and J. Mendling, "Measuring Similarity between Business Process Models," in Proceedings of the 20th international conference on Advanced Information Systems Engineering, ser. CAiSE '08. Berlin, Heidelberg: Springer-Verlag, 2008, pp. 450-464.
17. C. C. Ekanayake, M. Dumas, L. Garc?a-Banuelos, M. Rosa, and A. H. Hofstede, "Approximate Clone Detection in Repositories of Business Process Models," in Business Process Management, ser. Lecture Notes in Computer Science, A. Barros, A. Gal, and E. Kindler, Eds. Springer Berlin Heidelberg, 2012, vol. 7481, pp. 302-318.
18. D. Firesmith, "Specifying Reusable Security Requirements," Journal of Object Technology, vol. 3, no. 1, pp. 61-75, 2004.
19. E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design patterns: elements of reusable object-oriented software. Boston, MA, USA: Addison-Wesley Longman Publishing Co., Inc., 1995.
20. G. M. Giaglis, "A Taxonomy of Business Process Modeling and Information Systems Modeling Techniques," International Journal of Flexible Manufacturing Systems, vol. 13, pp. 209-228, 2001.
21. M. Hafiz, P. Adamczyk, and R. Johnson, "Organizing security patterns," Software, IEEE, vol. 24, no. 4, pp. 52-60, 2007.
22. M. Hafiz and R. Johnson, "Security Patterns and Their Classification Schemes," University of Illinois at Urbana-Champaign Department of Computer Science, Tech. Rep, 2006.
23. J. D. Howard and T. A. Longstaff, "A Common Language for Computer Security Incidents," 1998.
24. V. Igure and R. Williams, "Taxonomies of Attacks and Vulnerabilities in Computer Systems," Communications Surveys Tutorials, IEEE, vol. 10, no. 1, pp. 6-19, 2008.
25. S. Jablonski and C. Bussler, Workflow Management: Modeling Concepts, Architecture and Implementation. International Thomson Computer Press, 1996.
26. K. Khanmohammadi and S. H. Houmb, "Business Process-Based Information Security Risk Assessment," in NSS-4, Australia. IEEE Computer Society, 2010, pp. 199-206.
27. J. Krogstie, "Modelling languages: Perspectives and abstraction mechanisms," in Model-Based Development and Evolution of Information Systems. Springer London, 2012, pp. 89-204.
28. C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi, "A Taxonomy of Computer Program Security Flaws," ACM Comput. Surv., vol. 26, no. 3, pp. 211-254, 1994.
29. U. Lindqvist and E. Jonsson, "How to Systematically Classify Computer Security Intrusions," in Proceedings of the 1997 IEEE Symposium on Security and Privacy, ser. SP '97. IEEE Computer Society, 1997, pp. 154-163.
30. N. Melao and M. Pidd, "A conceptual framework for understanding business processes and business process modelling," Information Systems Journal, vol. 10, no. 2, pp. 105-129, 2000.
31. OMG, Meta Object Facility (MOF) Core Specification Version 2.0, 2006.
32. M. Riaz and L. Williams, "Security requirements patterns: understanding the science behind the art of pattern writing," in Requirements Patterns (RePa), 2012 IEEE Second International Workshop on, 2012, pp. 29-34.
33. I. Rychkova and S. Nurcan, "Towards Adaptability and Control for Knowledge-Intensive Business Processes: Declarative Configurable Process Specifications," in System Sciences (HICSS), 2011 44th Hawaii International Conference on, 2011, pp. 1-10.
34. R. Scandariato, K. Yskout, T. Heyman, and W. Joosen, "Architecting software with security patterns," Tech. Rep.
35. M. Schumacher, E. Fernandez, D. Hybertson, and F. Buschmann, Security Patterns: Integrating Security and Systems Engineering. John Wiley & Sons, 2005.
36. J. F. Sowa and J. A. Zachman, "Extending and formalizing the framework for information systems architecture," IBM Syst. J., vol. 31, no. 3, pp. 590-616, 1992.
37. G. Starke, "Business Models and their Description," in Proceedings of the 9th Austrian-informatics conference on Workflow management: Challenges, Paradigms and Products, ser. CON '94. R. Oldenbourg Verlag GmbH, 1994, pp. 134-147.
38. C. Steel, R. Nagappan, and R. Lai, Core security patterns : best practices and strategies for J2EE, Web services, and identity management. Upper Saddle River, NJ: Prentice Hall PTR, 2006.
39. F. Swiderski and W. Snyder, Threat Modeling. Redmond, WA, USA: Microsoft Press, 2004.
40. A. Varela-Vaca, R. Gasca, and A. Jimenez-Ramirez, "A Model-Driven Engineering Approach with Diagnosis of Non-Conformance of Security Objectives in Business Process Models," in Proc. of RCIS 2011, may 2011, pp. 1-6.
41. K. Vergidis, A. Tiwari, and B. Majeed, "Business Process Analysis and Optimization: Beyond Reengineering," Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, vol. 38, no. 1, pp. 69-82, 2008.
42. M. Weske, "Business Process Management-Concepts, Languages, Architectures, 2nd Edition." Springer Berlin Heidelberg, 2012.
43. J. A. Zachman, "A framework for information systems architecture," IBM Syst. J., vol. 26, no. 3, pp. 276-292, 1987.
44. M. zur Muehlen and M. Rosemann, "Integrating Risks in Business Process Models," in Proceedings of the 2005 Australasian Conference on Information Systems (ACIS 2005), Sydney, Australia, 2005, pp. 62-72.