Skip to main content
SpringerLink
Log in

Security Requirements Engineering for Secure Business Processes

  • Conference paper
Workshops on Business Informatics Research (BIR 2011)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 106))

Included in the following conference series:

Abstract

Traditional approaches to business process modelling deal with security only after the business process has been defined, namely without considering security needs as input for the definition. This may require very costly corrections if new security issues are discovered. Moreover, security concerns are mainly considered at the system level without providing the rationale for their existence, that is, without taking into account the social or organizational perspective, which is essential for business processes related to considerably large organizations. In this paper, we introduce a framework for engineering secure business processes. We propose a security requirements engineering approach to model and analyze participants’ objectives and interactions, and then derive from them a set of security requirements that are used to annotate business processes. We capture security requirements through the notion of social commitment, that is a promise with contractual validity between participants. We illustrate the framework by means of an Air Traffic Management scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aguilar-Saven, R.: Business process modelling: Review and framework. International Journal of Production Economics 90(2), 129–149 (2004)

    Article  Google Scholar 

  2. Wolter, C., Menzel, M., Meinel, C.: Modelling security goals in business processes. Modellierung 127, 201–216 (2008)

    Google Scholar 

  3. Rodríguez, A., Fernández-Medina, E., Piattini, M.: A bpmn extension for the modeling of security requirements in business processes. IEICE Transactions on Information and Systems 90(4), 745–752 (2007)

    Article  Google Scholar 

  4. Firesmith, D.G.: Security Use Cases. Journal of Object Technology 2(3), 53–64 (2003)

    Article  Google Scholar 

  5. Backes, M., Pfitzmann, B., Waidner, M.: Security in Business Process Engineering. In: van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 168–183. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: 2009 International Conference on Availability, Reliability and Security, pp. 41–48. IEEE (2009)

    Google Scholar 

  7. Pavlovski, C., Zou, J.: Non-functional requirements in business process modeling. In: Proceedings of the Fifth Asia-Pacific Conference on Conceptual Modelling, vol. 79, pp. 103–112. Australian Computer Society, Inc. (2008)

    Google Scholar 

  8. Cardoso, E., Almeida, J., Guizzardi, R., Guizzardi, G.: A method for eliciting goals for business process models based on non-functional requirements catalogues. International Journal of Information System Modeling and Design (IJISMD) 2(2), 1–18 (2011)

    Article  Google Scholar 

  9. Sindre, G., Opdahl, A.: Eliciting security requirements with misuse cases. Requirements Engineering 10(1), 34–44 (2005)

    Article  Google Scholar 

  10. Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Google Scholar 

  11. Sindre, G.: Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  12. Greiner, U., Lippe, S., Kahl, T., Ziemann, J., Jäkel, F.W.: Designing and implementing cross-organizational business processes-description and application of a modelling framework. Enterprise Interoperability, pp. 137–147 (2007)

    Google Scholar 

  13. Singh, M.P.: An Ontology for Commitments in Multiagent Systems: Toward a Unification of Normative Concepts. Artificial Intelligence and Law 7(1), 97–113 (1999)

    Article  Google Scholar 

  14. OASIS: Reference Architecture Foundation for Service Oriented Architecture, Version 1.0, Organization for the Advancement of Structured Information Standards (2009)

    Google Scholar 

  15. Aniketos: Deliverable 6.1: Initial analysis of the industrial case studies (2011)

    Google Scholar 

  16. Yu, E.: Modelling Strategic Relationships for Process Reengineering. PhD thesis, University of Toronto, Canada (1996)

    Google Scholar 

  17. Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: An agent-oriented software development methodology. Autonomous Agents and Multi-Agent Systems 8(3), 203–236 (2004)

    Article  Google Scholar 

  18. Number:formal/2011-01-03, O.D.: Business process model and notation (bpmn) version 2.0 (2011)

    Google Scholar 

  19. Allweyer, T.: BPMN 2.0. BoD (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Universitá degli studi di Trento, Italy

    Elda Paja & Paolo Giorgini

  2. Thales Research and Technology, France

    Stéphane Paul

  3. Sintef, Norway

    Per Håkon Meland

Authors
  1. Elda Paja
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paolo Giorgini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stéphane Paul
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Per Håkon Meland
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Computing, University of Latvia, Riga, Latvia

    Laila Niedrite

  2. Riga Technical University, Riga, Latvia

    Renate Strazdina

  3. Stockholm University, Kista, Sweden

    Benkt Wangler

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Paja, E., Giorgini, P., Paul, S., Meland, P.H. (2012). Security Requirements Engineering for Secure Business Processes. In: Niedrite, L., Strazdina, R., Wangler, B. (eds) Workshops on Business Informatics Research. BIR 2011. Lecture Notes in Business Information Processing, vol 106. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29231-6_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29231-6_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29230-9

  • Online ISBN: 978-3-642-29231-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation