OPBUS: RISK-AWARE FRAMEWORK FOR THE CONFORMANCE OF SECURITY-QUALITY REQUIREMENTS IN BUSINESS PROCESSES

A. J. Varela-Vaca, Rafael M. Gasca, Sergio Pozo

2011

Abstract

Several reports indicate that one of the most important business priorities is the improvement of business and IT management. Nowadays, business processes and in general service-based ones use other external services which are not under their jurisdiction. Organizations do not usually consider their exposition to security risks when business processes cross organizational boundaries. In this paper, we propose a risk-aware framework for security-quality requirements in business processes management. This framework is focused on the inclusion of security issues from design to execution. The framework provides innovative mechanisms based on model-based diagnosis and constraint programming in order to carry out the risk assessment of business processes and the automatic check of the conformance of security requirements.

References

  1. Cope E. W., Kuster J. M., Etzweiler, D., Deleris , L. A., and Ray B., “Incorporating risk into business process models,” IBM Journal of Research and Development, vol. 54, no. 3, pp. 4:1 -4:13, 2010.
  2. Cope E. W., Kuster J. M., Etzweiler, D., Deleris , L. A., and Ray B., “Incorporating risk into business process models,” IBM Journal of Research and Development, vol. 54, no. 3, pp. 4:1 -4:13, 2010.
  3. ENISE, “Integration of Risk Management with Business processes”. Available at: http://www.enisa.europa.eu/ act/rm/cr/business-process-integration. 2010.
  4. ENISE, “Integration of Risk Management with Business processes”. Available at: http://www.enisa.europa.eu/ act/rm/cr/business-process-integration. 2010.
  5. Gartner Inc., “Gartner CIO report,” Available at: http://www.gartner.com/it/page.jsp?id=1283413, 2010.
  6. Gartner Inc., “Gartner CIO report,” Available at: http://www.gartner.com/it/page.jsp?id=1283413, 2010.
  7. S. Huang, Y. Chu, Shing-Han Li, D. C. Yen, Enhancing conflict detecting mechanism for Web Services composition: A business process flow model transformation approach, Information and Software Technology, Vol. 50, pp. 1069-1087, 2008.
  8. S. Huang, Y. Chu, Shing-Han Li, D. C. Yen, Enhancing conflict detecting mechanism for Web Services composition: A business process flow model transformation approach, Information and Software Technology, Vol. 50, pp. 1069-1087, 2008.
  9. Jakoubi, S. and Tjoa, S., “A reference model for riskaware business process management,” 4th International Conference on Risks and Security of Internet and Systems (CRiSIS), 2009, pp. 82 -89, 2009.
  10. Jakoubi, S. and Tjoa, S., “A reference model for riskaware business process management,” 4th International Conference on Risks and Security of Internet and Systems (CRiSIS), 2009, pp. 82 -89, 2009.
  11. Korherr B. and Beate List, “Extending the EPC and the BPMN with Business Process Goals and Performance Measures”, International Conference on Enterprise Information Systems, 2007.
  12. Korherr B. and Beate List, “Extending the EPC and the BPMN with Business Process Goals and Performance Measures”, International Conference on Enterprise Information Systems, 2007.
  13. Lambert, J. H., Jennings, R. K., and Joshi N. N., “Integration of risk identification with business process models,” Syst. Eng., vol. 9, no. 3, pp. 187- 198, 2006.
  14. Lambert, J. H., Jennings, R. K., and Joshi N. N., “Integration of risk identification with business process models,” Syst. Eng., vol. 9, no. 3, pp. 187- 198, 2006.
  15. Menzel, M.; Thomas, I.; Meinel, C., "Security Requirements Specification in Service-Oriented Business Process Management," ARES 7809, pp.41-48, 16-19 2009.
  16. Menzel, M.; Thomas, I.; Meinel, C., "Security Requirements Specification in Service-Oriented Business Process Management," ARES 7809, pp.41-48, 16-19 2009.
  17. Muehlen M. and Ho D. T.-Y., “Risk management in the bpm lifecycle,” in Business Process Management Workshops, pp. 454-466, 2005.
  18. Muehlen M. and Ho D. T.-Y., “Risk management in the bpm lifecycle,” in Business Process Management Workshops, pp. 454-466, 2005.
  19. Van Hentenryck P.,“Constraint programming,” in Proceedings of the 5th International Conference on Evolutionary Multi-Criterion Optimization, ser. EMO 7809. Berlin, Heidelberg: Springer-Verlag, 2009.
  20. Van Hentenryck P.,“Constraint programming,” in Proceedings of the 5th International Conference on Evolutionary Multi-Criterion Optimization, ser. EMO 7809. Berlin, Heidelberg: Springer-Verlag, 2009.
  21. Varela-Vaca A. J., Gasca R.M., Diana Borrego, Pozo S., "Towards Dependable Business Processes with FaultTolerance Approach,” 3rd International Conference on Dependability (DEPEND). Venecia, Italy. ISBN 978-0-7695-4090-0, 2010.
  22. Varela-Vaca A. J., Gasca R.M., Diana Borrego, Pozo S., "Towards Dependable Business Processes with FaultTolerance Approach,” 3rd International Conference on Dependability (DEPEND). Venecia, Italy. ISBN 978-0-7695-4090-0, 2010.
  23. Varela-Vaca A.J., Gasca R. M., Jiminez-Ramirez A. "A Model-Driven Engineering approach with Diagnosis of Non-Conformance of Security Objectives in Business Process Models," 5th IEEE International Conference on Research Challenges in Information Science (RCIS 2011) ISBN 978-1-4244-8671-7 to be published.
  24. Varela-Vaca A.J., Gasca R. M., Jiminez-Ramirez A. "A Model-Driven Engineering approach with Diagnosis of Non-Conformance of Security Objectives in Business Process Models," 5th IEEE International Conference on Research Challenges in Information Science (RCIS 2011) ISBN 978-1-4244-8671-7 to be published.
  25. Weske, M. “Business Process Management: Concepts, Languages, Architectures”, Springer, 2007.
  26. Weske, M. “Business Process Management: Concepts, Languages, Architectures”, Springer, 2007.
  27. Wolter, C., Menzel, M., Schaad A. , Miseldine P., and Meinel C.,“Model driven business process security requirement specification,” Journal of Systems Architecture-Embedded Systems Design, vol.55, no. 4, pp. 211-223, 2009.
  28. Wolter, C., Menzel, M., Schaad A. , Miseldine P., and Meinel C.,“Model driven business process security requirement specification,” Journal of Systems Architecture-Embedded Systems Design, vol.55, no. 4, pp. 211-223, 2009.
Download


Paper Citation


in Harvard Style

J. Varela-Vaca A., M. Gasca R. and Pozo S. (2011). OPBUS: RISK-AWARE FRAMEWORK FOR THE CONFORMANCE OF SECURITY-QUALITY REQUIREMENTS IN BUSINESS PROCESSES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 370-374. DOI: 10.5220/0003515503700374


in Harvard Style

J. Varela-Vaca A., M. Gasca R. and Pozo S. (2011). OPBUS: RISK-AWARE FRAMEWORK FOR THE CONFORMANCE OF SECURITY-QUALITY REQUIREMENTS IN BUSINESS PROCESSES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 370-374. DOI: 10.5220/0003515503700374


in Bibtex Style

@conference{secrypt11,
author={A. J. Varela-Vaca and Rafael M. Gasca and Sergio Pozo},
title={OPBUS: RISK-AWARE FRAMEWORK FOR THE CONFORMANCE OF SECURITY-QUALITY REQUIREMENTS IN BUSINESS PROCESSES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={370-374},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003515503700374},
isbn={978-989-8425-71-3},
}


in Bibtex Style

@conference{secrypt11,
author={A. J. Varela-Vaca and Rafael M. Gasca and Sergio Pozo},
title={OPBUS: RISK-AWARE FRAMEWORK FOR THE CONFORMANCE OF SECURITY-QUALITY REQUIREMENTS IN BUSINESS PROCESSES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={370-374},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003515503700374},
isbn={978-989-8425-71-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - OPBUS: RISK-AWARE FRAMEWORK FOR THE CONFORMANCE OF SECURITY-QUALITY REQUIREMENTS IN BUSINESS PROCESSES
SN - 978-989-8425-71-3
AU - J. Varela-Vaca A.
AU - M. Gasca R.
AU - Pozo S.
PY - 2011
SP - 370
EP - 374
DO - 10.5220/0003515503700374


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - OPBUS: RISK-AWARE FRAMEWORK FOR THE CONFORMANCE OF SECURITY-QUALITY REQUIREMENTS IN BUSINESS PROCESSES
SN - 978-989-8425-71-3
AU - J. Varela-Vaca A.
AU - M. Gasca R.
AU - Pozo S.
PY - 2011
SP - 370
EP - 374
DO - 10.5220/0003515503700374