ABSTRACT
Business processes and service compositions are defined independent of the realizing systems. The visualization of security and safety constraints on the business process model level appears to be a promising approach to system independent specification of the security and safety requirements. Such requirements can be realized through business process annotation and used for communication or documentation, but they also can have an execution semantics that allows for automating the security and safety controls.
In this paper, we present a tool-supported framework that extends modeling and execution of business processes with specification, execution and monitoring of the security and safety constraints that are used to protect business assets. We illustrate our approach on basis of a case study modeling a supply chain for perishable goods.
- C. Artelsmair, W. Eßmayr, P. Lang, R. Wagner, and E. Weippl. CoSMo: An approach towards conceptual security modeling. In A. Hameurlain, R. Cicchetti, and R. Traunmüller, editors, Database and Expert Systems Applications (DEXA), volume 2453 of Lecture Notes in Computer Science, pages 557--566. Springer-Verlag, 2002. Google ScholarDigital Library
- D. A. Basin, J. Doser, and T. Lodderstedt. Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology, 15(1): 39--91, 2006. Google ScholarDigital Library
- R. Bobrik, T. Bauer, and M. Reichert. Proviado - personalized and configurable visualizations of business processes. In EC-Web, pages 61--71, 2006. Google ScholarDigital Library
- A. D. Brucker and H. Petritsch. A framework for managing and analyzing changes of security policies. In IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pages 105--112. IEEE Computer Society, 2011. Google ScholarDigital Library
- P. Herrmann and G. Herrmann. Security requirement analysis of business processes. 6: 305--335, 2006. Google ScholarDigital Library
- S. Jablonski and M. Götz. Perspective oriented business process visualization. In Business Process Management Workshops, pages 144--155, 2007. Google ScholarDigital Library
- J. Jürjens. Secure Systems Development with UML. Springer-Verlag, 2004. Google ScholarDigital Library
- A. Kader. Increasing food availability by reducing postharvest losses of fresh produce. In V International Postharvest Symposium, International Society for Horticulutral Science, 2005.Google ScholarCross Ref
- J. Lundqvist, C. de Fraiture, and D. Molden. Saving water: From field to fork: Curbing losses and wastage in the food chain. In SIWI Policy Brief, 2008.Google Scholar
- J. Mendling and J. Recker. Towards systematic usage of labels and icons in business process models. In 13th International Workshop on Exploring Modeling Methods for Systems Analysis and Design, 2008.Google Scholar
- G. Monakova and F. Leymann. Workflow ART. In R. Meersman, T. S. Dillon, and P. Herrero, editors, OTM Conferences (1), volume 6426 of Lecture Notes in Computer Science, pages 376--393. Springer-Verlag, 2010. Google ScholarDigital Library
- S. Rinderle, R. Bobrik, M. Reichert, and T. Bauer. Business process visualization - use cases, challenges, solutions. In ICEIS (3), pages 204--211, 2006.Google Scholar
- A. Rodríguez, E. Fernández-Medina, and M. Piattini. A bpmn extension for the modeling of security requirements in business processes. IEICE - Trans. Inf. Syst., E90-D: 745--752, 2007. Google ScholarDigital Library
- C. Wolter, M. Menzel, A. Schaad, P. Miseldine, and C. Meinel. Model-driven business process security requirement specification. Journal of Systems Architecture, 55(4): 211--223, 2009. Secure Service-Oriented Architectures. Google ScholarDigital Library
Index Terms
- Security and safety of assets in business processes
Recommendations
A BPMN Extension for the Modeling of Security Requirements in Business Processes
Business Processes are considered a crucial issue by many enterprises because they are the key to maintain competitiveness. Moreover, business processes are important for software developers, since they can capture from them the necessary requirements ...
Adding Security Concerns to Safety Critical Certification
ISSREW '14: Proceedings of the 2014 IEEE International Symposium on Software Reliability Engineering WorkshopsSafety-critical systems represent those systems whose failure may lead to catastrophic consequences on users and environment. Several methods and hazard analysis, and standards in different disciplines, have been defined in order to assure the systems ...
Towards functional safety and security for adaptive and flexible business processes
AbstractBusiness process management (BPM) provides many benefits for a company including productivity, efficiency, compliance, risk management, consistency, repeatability, and measurability. Many of these aspects also ensure and improve functional safety, ...
The key findings of the presented methodology to support process variability and flexibility include (1) the definition of a basic process specification framework being capable of handling different levels of process adaptivity and considering safety and ...
Comments