From Early Requirements Analysis towards Secure Workflows

  • Ganna Frankova
  • Fabio Massacci
  • Magali Seguran
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 238)


Requirements engineering is a key step in the software development process that has little counterpart in the design of secure business processes and secure workflows for web services. This paper presents a methodology that allows a business process designer to derive the skeleton of the concrete coarse grained secure business process, that can be further refined into workflows, from the early requirements analysis.


  1. 1.
    G. Frankova, F. Massacci, and M. Seguran. From Early Requirements Analysis towards Secure Workflows. Technical report, University of Trento, 2007.Google Scholar
  2. 2.
    P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone. Requirements Engineering for Trust Management: Model, Methodology, and Reasoning. International Journal of Information Security, 5(4):257–274, October 2006.Google Scholar
  3. 3.
    Trusted Computing Group. TCG Specification Architecture Overview Revision 1.2, April 2003.Google Scholar
  4. 4.
    D. Lau and J. Mylopoulos. Designing Web Services with Tropos. In Proceedings of IEEE International Conference on Web Services, San Diego, USA, July 6–9 2004.Google Scholar
  5. 5.
    F. Massacci, J. Mylopoulos, and N. Zannone. An Ontology for Secure Socio-Technical Systems. Handbook of Ontologies for Business Interaction, 2007.Google Scholar
  6. 6.
    T. Neubauer, M. Kiemen, and S. Biffl. Secure Business Process Management: A Roadmap. In Proceedings of International Conference on Availability, Reliability and Security, Vienna, Austria, April 2006.Google Scholar
  7. 7.
    OASIS. Web Services Business Process Execution Language Version 2.0, August 2006. Public Review Draft,
  8. 8.
    M.P. Papazoglou and J. Yang. Design Methodology for Web Services and Business Processes. In Proceedings of the International Workshop on Technologies for E-Services, Hong Kong, China, August 2002.Google Scholar
  9. 9.
    L. Penserini, A. Perini, A. Susi, and J. Mylopoulos. From Stakeholder Needs to Service Requirements. In Proceeding of International Workshop on Service-Oriented Computing: Consequences for Engineering Requirements, Minneapolis, Minnesota, USA, September 2006.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Ganna Frankova
    • 1
  • Fabio Massacci
    • 1
  • Magali Seguran
    • 2
  1. 1.DIT - University of TrentoItaly
  2. 2.SAP Labs PranceSAP Research - Security and TrustFrance

Personalised recommendations