Advertisement

Securing Airline-Turnaround Processes Using Security Risk-Oriented Patterns

  • Silver Samarütel
  • Raimundas Matulevičius
  • Alex Norta
  • Rein Nõukas
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 267)

Abstract

Security risk management is an important part of system development. Given that a majority of modern organisations rely heavily on information systems, security plays a big part in ensuring smooth operations of business processes. For example, many people rely on e-services offered by banks and medical establishments. Inadequate security measures in information systems have unwanted effects on an organisation’s reputation and on people’s lives. In this case study research paper, we target the secure system development problem by suggesting the application of security risk oriented patterns. These patterns help find security risk occurrences in business processes and present mitigations for these risks. They provide business analysts with means to elicit and introduce security requirements to business processes. At the same time, they reduce the efforts needed for risk analysis. These security risk oriented patterns are applied on business processes from an aviation-turnaround system. In this paper, we report our experience to derive security requirements to mitigate security risks in distributed systems.

Keywords

Business Process Security Requirement Enterprise Architecture Security Risk Business Process Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Ahmed, N., Matulevičius, R.: Securing business process using security risk-oriented patterns. Comput. Stand. Interfaces 36, 723–733 (2014)CrossRefGoogle Scholar
  2. 2.
    Ahmed, N., Matulevičius, R.: Presentation and validation of method for security requirements elicitation from business processes. In: Nurcan, S., Pimenidis, E. (eds.) CAiSE Forum 2014. LNBIP, vol. 204, pp. 20–35. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  3. 3.
    Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, Hoboken (2008)Google Scholar
  4. 4.
    Bartelt, C., Rausch, A., Rehfeldt, K.: Quo vadis cyber-physical systems: research areas of cyber-physical ecosystems: a position paper. In: Proceedings of 1st International Workshop on Control Theory for Software Engineering, CTSE 2015, pp. 22–25. ACM, New York (2015)Google Scholar
  5. 5.
    Belobaba, P., Odoni, A., Barnhart, C.: The Global Airline Industry. Wiley, Hoboken (2015)Google Scholar
  6. 6.
    Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A systematic approach to define the domain of information system security risk management. In: Nurcan, S., Salinesi, C., Souveyet, C., Ralyté, J. (eds.) Intentional Perspectives on Information Systems Engineering, pp. 289–306. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Jürjens, J.: Secure System Development with UML. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Kutvonen, L., Norta, A., Ruohomaa, S.: Inter-enterprise business transaction management in open service ecosystems. In: 2012 IEEE 16th International Enterprise Distributed Object Computing Conference (EDOC), pp. 31–40. IEEE (2012)Google Scholar
  9. 9.
    Leonardi, M., Piracci, E., Galati, G.: ADS-B vulnerability to low cost jammers: risk assessment and possible solutions. In: 2014 Tyrrhenian International Workshop on Digital Communications-Enhanced Surveillance of Aircraft and Vehicles (TIWDC/ESAV), pp. 41–46. IEEE (2014)Google Scholar
  10. 10.
    Long, S.: Socioanalytic Methods: Discovering the Hidden in Organisations and Social Systems. Karnac Books, London (2013)Google Scholar
  11. 11.
    Maiden, N.A.M.D., Ncube, C., Lockerbie, J.: Inventing requirements: experiences with an airport operations system. In: Rolland, C. (ed.) REFSQ 2008. LNCS, vol. 5025, pp. 58–72. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Massacci, F., Paci, F., Tedeschi, A.: Assessing a requirements evolution approach: empirical studies in the air traffic management domain. J. Syst. Softw. 95, 70–88 (2014)CrossRefGoogle Scholar
  13. 13.
    Mayer, N.: Model-based management of information system security risk. Ph.D. thesis, University of Namur (2009)Google Scholar
  14. 14.
    Nõukas, R.: Service brokering environment for an airline. Master’s thesis, Tallinn University of Technology (2015)Google Scholar
  15. 15.
    Norta, A., Grefen, P., Narendra, N.: A reference architecture for managing dynamic inter-organizational business processes. Data Knowl. Eng. 91, 52–89 (2014)CrossRefGoogle Scholar
  16. 16.
    Norta, A., Ma, L., Duan, Y., Rull, A., Kõlvart, M., Taveter, K.: eContractual choreography-language properties towards cross-organizational business collaboration. J. Internet Serv. Appl. 6(1), 1–23 (2015)CrossRefGoogle Scholar
  17. 17.
    Samarütel, S.: Revision of security risk-oriented patterns for distributed systems. Master’s thesis, University of Tartu (2016)Google Scholar
  18. 18.
    Sampigethaya, K., Poovendran, R.: Aviation cyber-physical systems: foundations for future aircraft and air transport. Proc. IEEE 101(8), 1834–1855 (2013)CrossRefGoogle Scholar
  19. 19.
    Schumacher, M., Fernandez, E., Hybertson, D., Buschmann, F.: Security Patterns: Integrating Security and Systems Engineering. Wiley, Hoboken (2005)Google Scholar
  20. 20.
    Shim, W., Massacci, F., Tedeschi, A., Pollini, A.: A relative cost-benefit approach for evaluating alternative airport security policies. In: 2014 9th International Conference on Availability, Reliability and Security (ARES), pp. 514–522. IEEE (2014)Google Scholar
  21. 21.
    Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)Google Scholar
  22. 22.
    Uzunov, A.V., Fernandez, E.B.: An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput. Stand. Interfaces 36(4), 734–747 (2013)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • Silver Samarütel
    • 1
  • Raimundas Matulevičius
    • 1
  • Alex Norta
    • 2
  • Rein Nõukas
    • 2
  1. 1.University of TartuTartuEstonia
  2. 2.Tallinn University of TechnologyTallinnEstonia

Personalised recommendations