Today's systems are socio-technical, they are composed of social (humans and organizations) and technical components that interact with one another to achieve objectives they cannot achieve on their own. Security is a central issue in socio-technical systems and cannot be tackled through technical mechanisms alone. Instead, it requires enforcing security policies over the procedures that specify how components of these systems operate and interact (i.e., business processes). The continuous evolution of socio-technical systems, to adapt to external changes, may result in business processes that do not enforce security. Thus, it is important to preserve security through a constant update of business processes and/or security policies, to avoid security issues that may result in loss of reputation or monetary sanctions. To this end, in this paper we propose a framework to assist security engineers in maintaining secure business processes during socio-technical systems evolution. The framework is composed of: (i) SecBPMN2-ml, a modeling language for business processes, (ii) SecBPMN2-Q, a modeling language for security policies, and (iii) a software engine that verifies if security policies are enforced in business processes. The framework is applied to a case from the air traffic management domain.

Maintaining Secure Business Processes in Light of Socio-Technical Systems' Evolution / Salnitri, Mattia; Paja, Elda; Giorgini, Paolo. - (2016), pp. 155-164. (Intervento presentato al convegno IEEE 24th International Requirements Engineering Conference Workshops, REW 2016 tenutosi a Beijing, China nel 12th-16th September 2016) [10.1109/REW.2016.038].

Maintaining Secure Business Processes in Light of Socio-Technical Systems' Evolution

Salnitri, Mattia;Paja, Elda;Giorgini, Paolo
2016-01-01

Abstract

Today's systems are socio-technical, they are composed of social (humans and organizations) and technical components that interact with one another to achieve objectives they cannot achieve on their own. Security is a central issue in socio-technical systems and cannot be tackled through technical mechanisms alone. Instead, it requires enforcing security policies over the procedures that specify how components of these systems operate and interact (i.e., business processes). The continuous evolution of socio-technical systems, to adapt to external changes, may result in business processes that do not enforce security. Thus, it is important to preserve security through a constant update of business processes and/or security policies, to avoid security issues that may result in loss of reputation or monetary sanctions. To this end, in this paper we propose a framework to assist security engineers in maintaining secure business processes during socio-technical systems evolution. The framework is composed of: (i) SecBPMN2-ml, a modeling language for business processes, (ii) SecBPMN2-Q, a modeling language for security policies, and (iii) a software engine that verifies if security policies are enforced in business processes. The framework is applied to a case from the air traffic management domain.
2016
Proceedings 2016 IEEE 24th International Requirements Engineering Conference Workshops
Piscataway, NJ
IEEE
978-1-5090-3694-3
Salnitri, Mattia; Paja, Elda; Giorgini, Paolo
Maintaining Secure Business Processes in Light of Socio-Technical Systems' Evolution / Salnitri, Mattia; Paja, Elda; Giorgini, Paolo. - (2016), pp. 155-164. (Intervento presentato al convegno IEEE 24th International Requirements Engineering Conference Workshops, REW 2016 tenutosi a Beijing, China nel 12th-16th September 2016) [10.1109/REW.2016.038].
File in questo prodotto:
File Dimensione Formato  
RE16-Mattia.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 400.33 kB
Formato Adobe PDF
400.33 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/168379
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 12
  • ???jsp.display-item.citation.isi??? 7
  • OpenAlex ND
social impact