Designing secure business processes with SecBPMN

Salnitri, Mattia; Dalpiaz, Fabiano; Giorgini, Paolo

doi:10.1007/s10270-015-0499-4

Modern information systems are increasingly large and consist of an interplay of technical components and social actors (humans and organizations). Such interplay threatens the security of the overall system and calls for verification techniques that enable determining compliance with security policies. Existing verification frameworks either have a limited expressiveness that inhibits the specification of real-world requirements or rely on formal languages that are difficult to use for most analysts. In this paper, we overcome the limitations of existing approaches by presenting the SecBPMN framework. Our proposal includes: (1) the SecBPMN-ml modeling language, a security-oriented extension of BPMN for specifying composite information systems; (2) the SecBPMN-Q query language for representing security policies; and (3) a query engine that enables checking SecBPMN-Q policies against SecBPMN-ml specifications. We evaluate our approach by studying its understandability and perceived comp...

Designing secure business processes with SecBPMN / Salnitri, Mattia; Dalpiaz, Fabiano; Giorgini, Paolo. - In: SOFTWARE AND SYSTEMS MODELING. - ISSN 1619-1366. - 16:3(2017), pp. 737-757. [10.1007/s10270-015-0499-4]

Designing secure business processes with SecBPMN

Salnitri, Mattia;Dalpiaz, Fabiano;Giorgini, Paolo

2017-01-01

Abstract

Modern information systems are increasingly large and consist of an interplay of technical components and social actors (humans and organizations). Such interplay threatens the security of the overall system and calls for verification techniques that enable determining compliance with security policies. Existing verification frameworks either have a limited expressiveness that inhibits the specification of real-world requirements or rely on formal languages that are difficult to use for most analysts. In this paper, we overcome the limitations of existing approaches by presenting the SecBPMN framework. Our proposal includes: (1) the SecBPMN-ml modeling language, a security-oriented extension of BPMN for specifying composite information systems; (2) the SecBPMN-Q query language for representing security policies; and (3) a query engine that enables checking SecBPMN-Q policies against SecBPMN-ml specifications. We evaluate our approach by studying its understandability and perceived comp...

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
				2017
			
	Titolo del periodico (Journal title)
	
				SOFTWARE AND SYSTEMS MODELING
			
	Numero e parte del fascicolo (Issue number and part)
	
				3
			
	DOI
	
				https://dx.doi.org/10.1007/s10270-015-0499-4
			
	Codice Scopus (Scopus identifier)
	
				2-s2.0-84945250249
			
	Codice WOS (WOS identifier)
	
				WOS:000407367800008
			
	Tutti gli autori
	
						Salnitri, Mattia; Dalpiaz, Fabiano; Giorgini, Paolo
					
	Citazione
	
				Designing secure business processes with SecBPMN / Salnitri, Mattia; Dalpiaz, Fabiano; Giorgini, Paolo. - In: SOFTWARE AND SYSTEMS MODELING. - ISSN 1619-1366. - 16:3(2017), pp. 737-757. [10.1007/s10270-015-0499-4]
			
	Appare nelle tipologie:
	
				03.1 Articolo su rivista (Journal article)

File in questo prodotto:

File	Dimensione	Formato
SOSYM15-Mattia.pdf Solo gestori archivio Tipologia: Versione editoriale (Publisher’s layout) Licenza: Tutti i diritti riservati (All rights reserved) Dimensione 2.17 MB Formato Adobe PDF Visualizza/Apri	2.17 MB	Adobe PDF	Visualizza/Apri
Salnitri2017_Article_DesigningSecureBusinessProcess.pdf Solo gestori archivio Tipologia: Versione editoriale (Publisher’s layout) Licenza: Tutti i diritti riservati (All rights reserved) Dimensione 2.11 MB Formato Adobe PDF Visualizza/Apri	2.11 MB	Adobe PDF	Visualizza/Apri