A survey on automation of security requirements in service-based business processes

Lins, Fernando; Sousa, Erica; Rosa, Nelson

doi:10.1504/ijwet.2018.092398

“…BPMN has been used on several occasions for modeling security in the context of business processes [8]. The motivation for this is the undoubted success that the language has as a modeling and orchestration tool within industry, but since the language only specifies functional requirements, security needs somehow to be added to the process Two examples of this are SecBPMN [17] and SecureBPMN [9].…”

Section: Related Workmentioning

confidence: 99%

Security governance as a service on the cloud

Bryce

¹

2019

View full text Add to dashboard Cite

Small companies need help to detect and to respond to increasing security related threats. This paper presents a cloud service that automates processes that make checks for such threats, implement mitigating procedures, and generally instructs client companies on the steps to take. For instance, a process that automates the search for leaked credentials on the Dark Web will, in the event of a leak, trigger processes that instruct the client on how to change passwords and perhaps a micro-learning process on credential management. The security governance service runs on the cloud as it needs to be managed by a security expert and because it should run on an infrastructure separated from clients. It also runs as a cloud service for economy of scale: the processes it runs can service many clients simultaneously, since many threats are common to all. We also examine how the service may be used to prove to independent auditors (e.g., cyber-insurance agents) that a company is taking the necessary steps to implement its security obligations.

show abstract

“…An integrated security and the Information System (IS) engineering technique in software development phases are proposed by Alotaibi and Liu to develop a secure IS. The security requirement is the significant nonfunctional attributes to derive the output model. Early steps on security analysis in the software life cycle contributes to producing a strong security supported system.…”

Section: Related Workmentioning

confidence: 99%

An automation framework design for secure software development

Mythily

¹

,

Valarmathi²,

Durai

³

et al. 2019

J Software Evolu Process

View full text Add to dashboard Cite

Business process modeling (BPM) is procedural-oriented advanced activity for representing process models with domain knowledge. It consists of all the functional requirements given by the users to build the software. However, nonfunctional requirements such as cost, time, performance, and security are used to evaluate the performance of a system. Among these requirements, security is the vital attribute to be taken care at the early stage of any software development. For example, even governing bodies are heavily dependents on the data system due to security exposures. So automation on model transformation from non-secured metamodel to secured metamodels improves the overall execution of the software evolution process. In this paper, the authors propose an Auto Secure Business Process (AutoSBP) system to automate security to the existing software models. The activity model of existing system is dismantled into attributes and actions to extract its business need.Based on the interpretation from business data, security implications are applied to the existing software models. To fine tune the security implications, ID3 decision learning algorithm is applied. The effect of the system-generated model assures the quality by its complexity metrics.

show abstract

“…BPMN has been used on several occasions for modeling security in the context of business processes [8]. The motivation for this is the undoubted success that the language has as a modeling and orchestration tool within industry, but since the language only specifies functional requirements, security needs somehow to be added to the process descriptions.…”

Section: Related Workmentioning

confidence: 99%

Security Governance as a Service on the Cloud

Bryce

¹

2018

2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion)

2

0

View full text Add to dashboard Cite

Small companies need help to detect and to respond to increasing security related threats. This paper presents a cloud service that automates processes that make checks for such threats, implement mitigating procedures, and generally instructs client companies on the steps to take. For instance, a process that automates the search for leaked credentials on the Dark Web will, in the event of a leak, trigger processes that instruct the client on how to change passwords and perhaps a micro-learning process on credential management. The security governance service runs on the cloud as it needs to be managed by a security expert and because it should run on an infrastructure separated from clients. It also runs as a cloud service for economy of scale: the processes it runs can service many clients simultaneously, since many threats are common to all. We also examine how the service may be used to prove to independent auditors (e.g., cyber-insurance agents) that a company is taking the necessary steps to implement its security obligations.

show abstract

A survey on automation of security requirements in service-based business processes

Cited by 5 publications

References 15 publications

Security governance as a service on the cloud

Security governance as a service on the cloud

An automation framework design for secure software development

Security Governance as a Service on the Cloud

Contact Info

Product

Resources

About