IRIS

Security-by-design is an emerging paradigm that aims to deal with security concerns from the early phases of the system development. Although this paradigm can provide theoretical guarantees that the designed system complies with the defined processes and security policies, in many application domains users are allowed to deviate from them to face unpredictable situations and emergencies. Some deviations can be harmless and, in some cases, necessary to ensure business continuity, whereas other deviations might threat central aspects of the system, such as its security. In this paper, we propose a tool supported method for the identification of security-critical deviations in process executions using compliance checking analysis. We implemented the approach as part of the STS-Tool and evaluated it using a real loan management process of a Dutch financial institute.

From security-by-design to the identification of security-critical deviations in process executions / Salnitri, Mattia; Alizadeh, Mahdi; Giovanella, Daniele; Zannone, Nicola; Giorgini, Paolo. - 317:(2018), pp. 218-234. (Intervento presentato al convegno CAiSE Forum 2018 held as part of the 30th International Conference on Advanced Information Systems Engineering, CAiSE 2018 tenutosi a Tallinn nel 11th-15th June 2018) [10.1007/978-3-319-92901-9_19].

From security-by-design to the identification of security-critical deviations in process executions

Salnitri, Mattia;Giovanella, Daniele;Zannone, Nicola;Giorgini, Paolo
2018-01-01

Abstract

Security-by-design is an emerging paradigm that aims to deal with security concerns from the early phases of the system development. Although this paradigm can provide theoretical guarantees that the designed system complies with the defined processes and security policies, in many application domains users are allowed to deviate from them to face unpredictable situations and emergencies. Some deviations can be harmless and, in some cases, necessary to ensure business continuity, whereas other deviations might threat central aspects of the system, such as its security. In this paper, we propose a tool supported method for the identification of security-critical deviations in process executions using compliance checking analysis. We implemented the approach as part of the STS-Tool and evaluated it using a real loan management process of a Dutch financial institute.
2018
Information Systems in the Big Data Era: CAiSE Forum 2018 Proceedings
Cham
Springer Verlag
9783319929002
978-3-319-92901-9
2-s2.0-85048636334
WOS:000545266500019
Salnitri, Mattia; Alizadeh, Mahdi; Giovanella, Daniele; Zannone, Nicola; Giorgini, Paolo
From security-by-design to the identification of security-critical deviations in process executions / Salnitri, Mattia; Alizadeh, Mahdi; Giovanella, Daniele; Zannone, Nicola; Giorgini, Paolo. - 317:(2018), pp. 218-234. (Intervento presentato al convegno CAiSE Forum 2018 held as part of the 30th International Conference on Advanced Information Systems Engineering, CAiSE 2018 tenutosi a Tallinn nel 11th-15th June 2018) [10.1007/978-3-319-92901-9_19].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/228481
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 2
social impact