A Model-Driven engineering approach with diagnosis of non-conformance of security objectives in business process models

Abstract: Abstract-Several reports indicate that the highest business priorities include: business improvement, security, and IT management. The importance of security and risk management is gaining that even government statements in some cases have imposed the inclusion of security and risk management within business management. Risk assessment has become an essential mechanism for business security analysts, since it allows the identification and evaluation of any threats, vulnerabilities, and risks to which organizat… Show more

“…In previous works, we defined a lightweight extension of the BPMN 2.0 meta-model [22], [23]. This extension derives from two main models UML Profile for Modeling Quality of Service and Fault Tolerance (hereinafter QFTP) [24] and Business Motivation Model (BMM ) [25].…”

“…Each activity is enriched the corresponding metrics along three security dimensions and linked to the threats from the scenario. More information about the elements of the extension is provided in [22] and [23].…”

Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models

“…In previous works, we defined a lightweight extension of the BPMN 2.0 meta-model [22], [23]. This extension derives from two main models UML Profile for Modeling Quality of Service and Fault Tolerance (hereinafter QFTP) [24] and Business Motivation Model (BMM ) [25].…”

“…Each activity is enriched the corresponding metrics along three security dimensions and linked to the threats from the scenario. More information about the elements of the extension is provided in [22] and [23].…”

Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models

“…Elham et al used alignment technique on process execution logs and petri-net patterns of the constraints to ensure comprehensive conformance of processes [18]. Varela-Vaca et al [21] extended the business process meta-model for risk assessment and presented methods to detect security non-conformance in a model. These approaches look at the system in the model from functional perspective.…”

Towards end-to-end multi-dimensional quality evaluation of business processes

“…cesses onto risk-aware business process models by providing a risk model as an extension of these models; and (2) the provisioning of verification methods for the risk assessment of business process models, and for the diagnosis of tasks whose risks are non-conformant with regard to acceptable risk level. Firstly, we propose a light extension to business process models [2] that enables the risk identification, risk estimation and the establishment of business objectives of the business process tasks and artifacts. Risk assessment strives to compute the risks (risk estimation) in order to evaluate (risk evaluation) whether risks are acceptable in accordance with business objectives.…”

“…Automatic techniques are provided [5] in order to perform risk estimation and risk evaluation of an entire business process. We propose computing risk estimation based on various control-flow patterns [2]. Thereafter, risk estimation and business processes are diagnosed in order to identify which elements within the model are non-conformant to the expected risk criteria.…”

OPBUS: A framework for improving the dependability of risk-aware business processes