Automation of service-based security-aware business processes in the Cloud

Lins, Fernando; Damasceno, Julio; Medeiros, Robson Wagner Albuquerque de; Sousa, Erica; Rosa, Nelson Souto

doi:10.1007/s00607-015-0476-3

Cited by 8 publications

(3 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The work of [67] introduces BPA-Sec4Cloud, an approach for automating service-based security-aware business processes in cloud environments. During the design stage, an abstract business process model is constructed and annotated with high-level security requirements.…”

Section: Mda-based Model Transformationsmentioning

confidence: 99%

Implementation and Design of Secure Business Process Models Based on Organisational Goals

Patrick

2022

Preprint

View full text Add to dashboard Cite

Business processes are essential instruments used for the coordination of organisational activities in order to produce value in the form of products and services. Information security is an important non-functional characteristic of business processes due to the involvement of sensitive data exchanged between their participants. Therefore, potential security shortfalls can severely impact organisational reputation, customer trust and cause compliance issues. Nevertheless, despite its importance, security is often considered as a technical concern and treated as an afterthought during the design of information systems and the business processes which they support. The consideration of security during the early design stages of information systems is highly beneficial. Goal-oriented security requirements engineering ap- proaches can contribute to the early elicitation of system requirements at a high level of abstraction and capture the organisational context and rationale behind design choices. Aligning such requirements with process activities at the operational level augments the traceability between system models of different abstraction levels and leads to more robust and context-aware operationalisations of security. Therefore, there needs to be a well-defined and verifiable interconnection between a system’s security requirements and its business process models. This work introduces a framework for the design of secure business process models. It uses security-oriented goal models as its starting point to capture a socio-technical view of the system to-be and its security requirements during its early design stages. Concept mappings and model transformation rules are also introduced as a structured way of extracting business process skeletons from such goal models, in order to facilitate the alignment between the two different levels of abstraction. The extracted business process skeletons, are refined to complete business process models through the use of a set of security patterns, which standardise proven solutions to recurring security problems. Finally, the framework also offers security verification capabilities of the produced process models through the introduction of security-related attributes and model checking algorithms. Evaluation of this work is performed: (i) through individual evaluation of its components via their application in real-life systems, (ii) a workshop-based modelling exercise where participants used and evaluated parts of the framework and (iii) a case study from the public administration domain where the overall framework was applied in cooperation with stakeholders of the studied system. The evaluation indicated that the developed framework provides a structured approach which supports stakeholders in designing and evaluating secure business process models.

show abstract

Section: Mda-based Model Transformationsmentioning

confidence: 99%

Implementation and Design of Secure Business Process Models Based on Organisational Goals

Patrick

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…This is realised through the call of the algorithm SERVICEDISCOVERY (see line 15). If such services can be identified for all the abstract partner services of an AW, GENERATESECURE-WORKFLOWS replaces the abstract services in AW with concrete services and/or workflows (see lines [16][17][18][19][20][21][22][23][24][25] and returns the instantiated workflow as part of the possible solutions list (see line 30).…”

Section: Algorithmmentioning

confidence: 99%

“…BPA-Sec4Cloud [17] transforms BPMN processes annotated with security requirements into cloud platform specific services and BPEL processes that comply with the security requirements at execution time. The Sec-MoSC tool [33] supports the addition of required security properties to BPMN processes [7] and the selection of default mechanisms for implementing them.…”

Section: Related Workmentioning

confidence: 99%

Pattern-Based Design and Verification of Secure Service Compositions

Pino

Spanoudakis

Krotsiani

et al. 2020

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract-Ensuring the preservation of security is a key requirement and challenge for Service-Based Systems (SBS) due to the use of third party software services not operating under different security perimeters. In this paper, we present an approach for verifying the security properties of SBS workflows and adapting them if such properties are not preserved. Our approach uses secure service composition patterns. These patterns encode proven dependencies between service level and workflow level security properties. These dependencies are used in reasoning processes supporting the verification of SBS workflows with respect to workflow security properties and their adaptation in ways that guarantee the properties if necessary. Our approach has been implemented by extending the Eclipse BPEL Designer and validated experimentally. The experimental evaluation has produced positive results, indicating that even for complex workflows and large sets of secure service composition patterns verification can be performed efficiently. Permanent repository link

show abstract

SecFlow: Adaptive Security-Aware Workflow Management System in Multi-cloud Environments

Soveizi,

Turkmen

2024

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Automation of service-based security-aware business processes in the Cloud

Cited by 8 publications

References 22 publications

Implementation and Design of Secure Business Process Models Based on Organisational Goals

Implementation and Design of Secure Business Process Models Based on Organisational Goals

Pattern-Based Design and Verification of Secure Service Compositions

SecFlow: Adaptive Security-Aware Workflow Management System in Multi-cloud Environments

Contact Info

Product

Resources

About