Eliciting security requirements for business processes of legacy systems

Lecture Notes in Business Information Processing

Volumn 235, Issue , 2015, Pages 91-107

  Argyropoulos, Nikolaos ^a   Alcañiz, Luis Márquez ^b   Mouratidis, Haralambos ^a   Fish, Andrew ^a   Rosado, David G ^c   De Guzmán, Ignacio García Rodriguez ^c   Fernández Medina, Eduardo ^c  

^a UNIVERSITY OF BRIGHTON   (United Kingdom)

^b Spanish National Authority for Markets and Competition ^*  (Spain)

^c UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

BPMN; Business process modeling; Goal oriented security requirements; Legacy systems; MARBLE; Secure Tropos

Indexed keywords

MARBLE; SYSTEMS ENGINEERING;

BPMN; BUSINESS PROCESS MODEL; HIGH LEVEL OF ABSTRACTION; INTEGRATED APPROACH; MANUAL INTERVENTION; ORGANISATIONAL OBJECTIVES; SECURE TROPOS; SECURITY REQUIREMENTS;

LEGACY SYSTEMS;

EID: 84952642987     PISSN: 18651348     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-319-25897-3_7     Document Type: Conference Paper

References (38)

1. Wu, B., Lawless, D., Bisbal, J., Grimson, J., Wade, V., O’Sullivan, D., Richardson, R.: Legacy system migration: a legacy data migration engine. In: 17th International Database Conference, pp. 129–138 (1997)
2. Bisbal, J., Lawless, D., Wu, B., Grimson, J.: Legacy information systems: issues and directions. IEEE Softw. 16(5), 103–111 (1999)
3. Bisbal, J., Lawless, D., Wu, B., Grimson, J., Wade, V., Richardson, R., Sullivan, D.O.: A Survey of Research into Legacy System Migration. Technical report (1997)
4. Cleve, A., Hainaut, J.L.: Dynamic analysis of SQL statements for data-intensive applications reverse engineering. In: 15th IEEE Working Conference on Reverse Engineering, pp. 192–196. IEEE Computer Society (2008)
5. Bernardi, M.: Reverse engineering of aspect oriented systems to support their comprehension, evolution, testing and assessment. In: 12th IEEE European Conference on Software Maintenance and Reengineering, pp. 290–293. IEEE Computer Society (2008)
6. Pérez-Castillo, R., De Guzmán, I.G.R., Piattini, M.: Business process archeology using MARBLE. Inf. Softw. Technol. 53(10), 1023–1044 (2011)
7. Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th IEEE International Requirements Engineering Conference, pp. 151–161. IEEE Computer Society (2003)
8. Mellado, D., Fernández-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stan. Interfaces 29(2), 244–253 (2007)
9. Whitman, M.E.: Enemy at the gate: threats to information security. Commun. ACM 46(8), 91–95 (2003)
10. Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems - constitution, challenges, and future directions. Inf. Softw. Technol. 56(3), 273–293 (2014)
11. Neubauer, T., Klemen, M., Biffl, S.: Secure business process management: a roadmap. In: 1st IEEE International Conference on Availability, Reliability and Security, Vienna, Austria, pp. 457–464. IEEE Computer Society (2006)
12. Pavlovski, C.J., Zou, J.: Non-functional requirements in business process modeling. In: 5th Asia-Pacific Conference on Conceptual Modelling, pp. 103–112 (2008)
13. Rodríguez, A., Fernández-Medina, E., Trujillo, J., Piattini, M.: Secure business process model specification through a UML 2.0 activity diagram profile. Decis. Support Syst. 51(3), 446–465 (2011)
14. Pérez-Castillo, R., De Guzmán, I.G.R., vila Garca, O., Piattini, M.: MARBLE: modernization approach for recovering business processes from legacy information systems. In: International Workshop on Reverse Engineering Models from Software Artifacts, pp. 17–20 (2009)
15. Pérez-Castillo, R., Fernández-Ropero, M., De Guzmán, I.G.R., Piattini, M.: MARBLE. A business process archeology tool. In: 27th IEEE International Conference on Software Maintenance, pp. 578–581. IEEE Computer Society (2011)
16. Ko, R.K., Lee, S.S., Lee, E.W.: Business process management (BPM) standards: a survey. Bus. Process Manage. 15(5), 744–791 (2009)
17. Lapouchnian, A., Yu, Y., Mylopoulos, J.: Requirements-driven design and configuration management of business processes. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 246–261. Springer, Heidelberg (2007)
18. Horkoff, J., Li, T., Li, F.L., Salnitri, M., Cardoso, E., Giorgini, P., Mylopoulos, J., Pimentel, J.A.: Taking goal models downstream: a systematic roadmap. In: 8th IEEE International Conference on Research Challenges in Information Science, pp. 1–12. IEEE Computer Society (2014)
19. Koliadis, G., Ghose, A.: Relating business process models to goal-oriented requirements models in KAOS. In: Hoffmann, A., Kang, B.-H., Richards, D., Tsumoto, S. (eds.) PKAW 2006. LNCS (LNAI), vol. 4303, pp. 25–39. Springer, Heidelberg (2006)
20. Ghose, A.K., Narendra, N.C., Ponnalagu, K., Panda, A., Gohad, A.: Goal-driven business process derivation. In: Kappel, G., Maamar, Z., Motahari-Nezhad, H.R. (eds.) ICSOC 2011. LNCS, vol. 7084, pp. 467–476. Springer, Heidelberg (2011)
21. Pistore, M., Roveri, M., Busetta, P.: Requirements-driven verification of web services. Electron. Notes Theor. Comput. Sci. 105, 95–108 (2004)
22. Guizzardi, R.S.S., Guizzardi, G., Almeida, J.P.A., Cardoso, E.: Bridging the gap between goals, agents and business processes. In: 4th International i* Workshop, pp. 46–51. CEUR (2010)
23. Lo, A., Yu, E.: From business models to service-oriented design: a reference catalog approach. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 87–101. Springer, Heidelberg (2007)
24. Decreus, K., Poels, G.: A goal-oriented requirements engineering method for business processes. In: Soffer, P., Proper, E. (eds.) CAiSE Forum 2010. LNBIP, vol. 72, pp. 29–43. Springer, Heidelberg (2011)
25. Ruiz, M., Costal, D., España, S., Franch, X., Pastor, O.: GoBIS: an integrated framework to analyse the goal and business process perspectives in information systems. Inf. Syst. 53, 330–345 (2015)
26. Séguran, M., Hébert, C., Frankova, G.: Secure workflow development from early requirements analysis. In: 6th IEEE European Conference on Web Services, pp. 125–134. IEEE Computer Society (2008)
27. Paja, E., Giorgini, P., Paul, S., Meland, P.H.: Security requirements engineering for secure business processes. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR Workshops 2011. LNBIP, vol. 106, pp. 77–89. Springer, Heidelberg (2012)
28. Salnitri, M., Giorgini, P.: Transforming socio-technical security requirements in SecBPMN security policies. In: 7th International i* Workshop. CEUR (2014)
29. ISO/IEC 19506: Information technology - Object Management Group Architecture-Driven Modernization (ADM) - Knowledge Discovery Meta-Model (KDM). Technical report (2012)
30. Pérez-Castillo, R., Cruz-Lemus, J.A., De Guzmán, I.G.R., Piattini, M.: A family of case studies on business process mining using MARBLE. J. Syst. Softw. 85(6), 1370–1385 (2012)
31. Object Management Group: Business Process Model and Notation (BPMN) Version 2.0. Technical report (2011)
32. Fernández-Ropero, M., Pérez-Castillo, R., Piattini, M.: Graph-based business process model refactoring. In: 3rd International Symposium on Data-driven Process Discovery and Analysis, pp. 16–30. CEUR (2013)
33. Fernández-Ropero, M., Pérez-Castillo, R., Cruz-Lemus, J.A., Piattini, M.: Assessing the best-order for business process model refactoring. In: 28th Annual ACM Symposium on Applied Computing, pp. 1397–1402. ACM (2013)
34. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007)
35. Mouratidis, H., Jurjens, J.: From goal-driven security requirements engineering to secure design. Int. J. Intell. Syst. 25, 813–840 (2010)
36. Pavlidis, M., Islam, S., Mouratidis, H.: A CASE tool to support automated modelling and analysis of security requirements, based on secure tropos. In: Nurcan, S. (ed.) CAiSE Forum 2011. LNBIP, vol. 107, pp. 95–109. Springer, Heidelberg (2012)
37. Márquez, L., Rosado, D.G., Mouratidis, H., Mellado, D., Fernández-Medina, E.: A framework for secure migration processes of legacy systems to the cloud. In: Persson, A., Stirna, J. (eds.) CAiSE 2015 Workshops. LNBIP, vol. 215, pp. 507–517. Springer, Heidelberg (2015)
38. Shei, S., Márquez Alcañiz, L., Mouratidis, H., Delaney, A., Rosado, D.G., Fernández-Medina, E.: Modelling secure cloud systems based on system requirements. In: 2nd Evolving Security & Privacy Requirements Engineering Workshop: Co-located with the 23rd IEEE International Requirements Engineering Conference, pp. 19–24 (2015)