To main content

Security Requirements Engineering for Secure Business Processes

Abstract

Traditional approaches to business process modelling deal with security only after the business process has been defined, namely without considering security needs as input for the definition. This may require very costly corrections if new security issues are discovered. Moreover, security concerns are mainly considered at the system level without providing the rationale for their existence, that is, without taking into account the social or organizational perspective, which is essential for business processes related to considerably large organizations. In this paper, we introduce a framework for engineering secure business processes. We propose a security requirements engineering approach to model and analyze participants’ objectives and interactions, and then derive from them a set of security requirements that are used to annotate business processes. We capture security requirements through the notion of social commitment, that is a promise with contractual validity between participants. We illustrate the framework by means of an Air Traffic Management scenario.

Category

Academic article

Language

English

Author(s)

Affiliation

  • University of Trento
  • France
  • SINTEF Digital / Software Engineering, Safety and Security

Year

2012

Published in

Lecture Notes in Business Information Processing

ISSN

1865-1348

Publisher

Springer

Volume

106

Issue

part 2

Page(s)

77 - 89

View this publication at Cristin