Modeling and verifying security policies in business processes

Lecture Notes in Business Information Processing

Volumn 175 LNBIP, Issue , 2014, Pages 200-214

  Salnitri, Mattia ^a   Dalpiaz, Fabiano ^b   Giorgini, Paolo ^a  

^a UNIVERSITY OF TRENTO   (Italy)

^b UTRECHT UNIVERSITY   (Netherlands)

Author keywords

BPMN; Compliance; Information systems; Security policies

Indexed keywords

AIR TRAFFIC CONTROL; COMPLIANCE CONTROL; COMPUTER HARDWARE DESCRIPTION LANGUAGES; FORMAL LANGUAGES; INFORMATION SYSTEMS; INFORMATION USE; MANAGEMENT INFORMATION SYSTEMS; QUERY LANGUAGES; SEARCH ENGINES; SECURITY SYSTEMS; SPECIFICATIONS; SYSTEMS ANALYSIS; SYSTEMS ENGINEERING; COMPUTATIONAL LINGUISTICS;

AIR TRAFFIC MANAGEMENT; AUTONOMOUS COMPONENTS; BPMN; BUSINESS PROCESS; COMPLIANCE; SECURITY POLICY; VERIFICATION FRAMEWORK; VERIFICATION PROCESS;

MODELING LANGUAGES;

EID: 84904562479     PISSN: 18651348     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-662-43745-2_14     Document Type: Conference Paper

References (35)

1. An introduction to the business model for information security. Technical report, ISACA (2009), http://www. isaca. org/Knowledge-Center/Research/ResearchDeliverables/Pages/An-Introduction-to-the-Business-Model-for-Information-Security. aspx.
2. Federal Aviation Administration. SWIM ATM case study, http://www. faa. gov/about/office org/headquarters offices/ato/service units/techops/atc comms services/swim/(last visited March 2014).
3. Awad, A.: BPMN-Q: A language to query business processes. In: EMISA, St. Goar, Germany. LNI, vol. P-119, pp. 115-128. GI (2007).
4. Awad, A.: A compliance management framework for business process models. PhD thesis (2010).
5. Beeri, C., Eyal, A., Kamenkovich, S., Milo, T.: Querying business processes with BP-QL. Information Systems 33(6), 477-507 (2008).
6. Brucker, A. D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN: Modeling and Enforcing Access Control Requirements in Business Processes. In: Proc. of SACMAT 2012, pp. 123-126 (2012).
7. Cherdantseva, Y., Hilton, J.: A reference model of information assurance and security. In: Eighth International Conference on ARES, pp. 546-555 (September 2013).
8. Deutch, D., Milo, T.: Querying structural and behavioral properties of business processes. In: Arenas, M., Schwartzbach, M. I. (eds.) DBPL 2007. LNCS, vol. 4797, pp. 169-185. Springer, Heidelberg (2007).
9. Ferraiolo, D. F., Cugini, J. A., Richard Kuhn, D. R.: Role-based access control (rbac): Features and motivations (1995).
10. Firesmith, D.: Specifying reusable security requirements. JOT 3(1), 61-75 (2004).
11. Ghose, A., Koliadis, G.: Auditing business process compliance. In: Krämer, B. J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 169-180. Springer, Heidelberg (2007).
12. Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2), 618-644 (2007).
13. Jürjens, J.: Umlsec: Extending uml for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412-425. Springer, Heidelberg (2002).
14. Leitner, M., Miller, M., Rinderle-Ma, S.: An analysis and evaluation of security aspects in the business process model and notation. In: Proc. of ARES, pp. 262-267 (2013).
15. Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems-constitution, challenges, and future directions. Inf. Softw. Technol. 56(3), 273-293 (2014).
16. Leitner, M., Schefer-Wenzl, S., Rinderle-Ma, S., Strembeck, M.: An experimental study on the design and modeling of security concepts in business processes. In: Proc. of PoEM, pp. 236-250 (2013).
17. Liu, Y., Müller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Syst. J. 46(2), 335-361 (2007).
18. McCumber, J.: Information systems security: A comprehensive model. In: Proceeding of the 14th National Computer Security Conference, NIST Baltimore, MD (1991).
19. Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in serviceoriented business process management. In: Proc of ARES 2009, pp. 41-48 (2009).
20. Monakova, G., Brucker, A. D., Schaad, A.: Security and safety of assets in business processes. In: Applied Computing, vol. 27, pp. 1667-1673. ACM, USA (2012).
21. Moody, D.: The physics of notations: Toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35, 756-779 (2009).
22. OASIS. Web Services Business Process Execution Language, http://docs. oasis-open. org/wsbpel/2. 0/wsbpel-v2. 0. html (April 2007).
23. O.: BPMN 2. 0, http://www. omg. org/spec/BPMN/2. 0 (January 2011).
24. Parker, D.: Our excessively simplistic information security model and how to fix it. ISSA Journal, 12-21 (2010).
25. Parker, D. B.: Fighting computer crime-a new framework for protecting information. Wiley (1998).
26. Rodríguez, A., Fernández-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. on Information and Systems 90(4), 745-752 (2007).
27. Rushby, J.: Using model checking to help discover mode confusions and other automation surprises. Reliability Engineering and System Safety 75, 167-177 (2002).
28. Sadiq, W., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149-164. Springer, Heidelberg (2007).
29. Saleem, M., Jaafar, J., Hassan, M.: A domain-specific language for modelling security objectives in a business process models of soa applications. AISS 4(1), 353-362 (2012).
30. Salnitri, M., Dalpiaz, F., Giorgini, P.: Aligning service-oriented architectures with security requirements. In: Meersman, R., et al. (eds.) OTM 2012, Part I. LNCS, vol. 7565, pp. 232-249. Springer, Heidelberg (2012).
31. Samarati, P., di Vimercati, S. C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137-196. Springer, Heidelberg (2001).
32. Schmidt, R., Bartsch, C., Oberhauser, R.: Ontology-based representation of compliance requirements for service processes. In: Proc. of CEUR 2007 (2007).
33. Sommerville, I., Cliff, D., Calinescu, R., Keen, J., Kelly, T., Kwiatkowska, M., Mcdermid, J., Paige, R.: Large-scale complex it systems. Commun. ACM 55(7), 71-77 (2012).
34. Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. JSA 55(4), 211-223 (2009).
35. Yip, F., Wong, A. K. Y., Parameswaran, N., Ray, P.: Rules and ontology in compliance management. In: In Proc. of EDOC, pp. 435-435 (2007).