Abstract
Traditional approaches to business process modelling deal with security only after the business process has been defined, namely without considering security needs as input for the definition. This may require very costly corrections if new security issues are discovered. Moreover, security concerns are mainly considered at the system level without providing the rationale for their existence, that is, without taking into account the social or organizational perspective, which is essential for business processes related to considerably large organizations. In this paper, we introduce a framework for engineering secure business processes. We propose a security requirements engineering approach to model and analyze participants’ objectives and interactions, and then derive from them a set of security requirements that are used to annotate business processes. We capture security requirements through the notion of social commitment, that is a promise with contractual validity between participants. We illustrate the framework by means of an Air Traffic Management scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aguilar-Saven, R.: Business process modelling: Review and framework. International Journal of Production Economics 90(2), 129–149 (2004)
Wolter, C., Menzel, M., Meinel, C.: Modelling security goals in business processes. Modellierung 127, 201–216 (2008)
Rodríguez, A., Fernández-Medina, E., Piattini, M.: A bpmn extension for the modeling of security requirements in business processes. IEICE Transactions on Information and Systems 90(4), 745–752 (2007)
Firesmith, D.G.: Security Use Cases. Journal of Object Technology 2(3), 53–64 (2003)
Backes, M., Pfitzmann, B., Waidner, M.: Security in Business Process Engineering. In: van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 168–183. Springer, Heidelberg (2003)
Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: 2009 International Conference on Availability, Reliability and Security, pp. 41–48. IEEE (2009)
Pavlovski, C., Zou, J.: Non-functional requirements in business process modeling. In: Proceedings of the Fifth Asia-Pacific Conference on Conceptual Modelling, vol. 79, pp. 103–112. Australian Computer Society, Inc. (2008)
Cardoso, E., Almeida, J., Guizzardi, R., Guizzardi, G.: A method for eliciting goals for business process models based on non-functional requirements catalogues. International Journal of Information System Modeling and Design (IJISMD) 2(2), 1–18 (2011)
Sindre, G., Opdahl, A.: Eliciting security requirements with misuse cases. Requirements Engineering 10(1), 34–44 (2005)
Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Sindre, G.: Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)
Greiner, U., Lippe, S., Kahl, T., Ziemann, J., Jäkel, F.W.: Designing and implementing cross-organizational business processes-description and application of a modelling framework. Enterprise Interoperability, pp. 137–147 (2007)
Singh, M.P.: An Ontology for Commitments in Multiagent Systems: Toward a Unification of Normative Concepts. Artificial Intelligence and Law 7(1), 97–113 (1999)
OASIS: Reference Architecture Foundation for Service Oriented Architecture, Version 1.0, Organization for the Advancement of Structured Information Standards (2009)
Aniketos: Deliverable 6.1: Initial analysis of the industrial case studies (2011)
Yu, E.: Modelling Strategic Relationships for Process Reengineering. PhD thesis, University of Toronto, Canada (1996)
Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: An agent-oriented software development methodology. Autonomous Agents and Multi-Agent Systems 8(3), 203–236 (2004)
Number:formal/2011-01-03, O.D.: Business process model and notation (bpmn) version 2.0 (2011)
Allweyer, T.: BPMN 2.0. BoD (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Paja, E., Giorgini, P., Paul, S., Meland, P.H. (2012). Security Requirements Engineering for Secure Business Processes. In: Niedrite, L., Strazdina, R., Wangler, B. (eds) Workshops on Business Informatics Research. BIR 2011. Lecture Notes in Business Information Processing, vol 106. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29231-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-29231-6_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29230-9
Online ISBN: 978-3-642-29231-6
eBook Packages: Computer ScienceComputer Science (R0)