Modeling and Verifying Security Policies in Business Processes

Salnitri, Mattia; Dalpiaz, Fabiano; Giorgini, Paolo

doi:10.1007/978-3-662-43745-2_14

Cited by 39 publications

(35 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SecBPMN [10] is framework for modeling business processes with security aspects, to model security policies and to verify if such security policies are satisfies by the business processes. It is composed by: SecBPMN-ml, SecBPMN-Q and a software components.…”

Section: Secbpmnmentioning

confidence: 99%

“…Assuming the predicates that details the security annotations of the security policy are less restrictive of the predicates of the business process, the business process satisfies the security policy. For further details, please refer to [10].…”

Section: Secbpmnmentioning

confidence: 99%

“…In [10], we have introduced SecBPMN, a framework composed of a language for modeling business processes including security concerns, called SecBPMN-ml ( SecBPMN-modeling language), a query language for specifying security policies, called SecBPMN-Q (SecBPMN-Query) and a software which permits to verify whether a SecBPMN-Q security policy is satisfied by a SecBPMN-ml business process. In this paper, we illustrate the application of SecBPMN to the SWIM a ATM case study.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Modeling and verification of ATM security policies with SecBPMN

Salnitri

Giorgini

2014

2014 International Conference on High Performance Computing &Amp; Simulation (HPCS)

Self Cite

View full text Add to dashboard Cite

Abstract-High Performance Computing (HPC) techniques are essential in complex systems such as Socio-Technical Systems (STSs), where humans and organizations are elements of the same system along with technical infrastructures and hardware/software components. For example, several HPC approaches have been successfully applied to support and facilitate distribution or aggregation of computation power among independent and atomic components (e.g., smart meters to solve and/or simulate complex models). However, HPC techniques have to be studied and developed without underestimating the problem of security that, given the interaction-centric nature of STSs, has to be considered not only from the single component perspective but for the system as a whole. In our previous work, we have proposed SecBPMN, a framework to support the design of secure STSs. It is used to model the interaction design and security policies of a STS and it supports their verification through a querying engine. In this paper, we describe how SecBPMN has been successfully used for the study of security in an Air Traffic Management (ATM) system, and we show how it can result also an efficient support when of HPC techniques when applied in complex and heterogeneous environments.

show abstract

Section: Secbpmnmentioning

confidence: 99%

Section: Secbpmnmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Modeling and verification of ATM security policies with SecBPMN

Salnitri

Giorgini

2014

2014 International Conference on High Performance Computing &Amp; Simulation (HPCS)

Self Cite

View full text Add to dashboard Cite

show abstract

“…It requires a system to ensure completeness, accuracy and absence of unauthorized modifications in all its components [8]. It can be linked to one task, data object or message flow (Tab.…”

Section: Security Enforcement Rulesmentioning

confidence: 99%

“…SecBPMN [8] and SecureBPMN [9] are two examples of modeling languages where specific annotations are introduced to extend BPMN with security concepts. However, no approach has been proposed so far to handle with security as a global concern across process-centric and artifact-centric dimensions.…”

Section: Introductionmentioning

confidence: 99%

From Secure Business Process Models to Secure Artifact-Centric Specifications

Salnitri

Brucker

Giorgini

2015

Enterprise, Business-Process and Information Systems Modeling

Self Cite

View full text Add to dashboard Cite

Abstract. Making today's systems secure is an extremely difficult and challenging problem. Socio and technical issues interplay and contribute in creating vulnerabilities that cannot be easily prevented without a comprehensive engineering method. This paper presents a novel approach to support process-aware secure systems modeling and automated generation of secure artifact-centric implementations. It combines social and technical perspectives in developing secure systems. This work is the result of an academic and industrial collaboration, where SecBPMN2, a research prototype, has been integrated with SAP River, an industrial artifact-centric language.

show abstract

A Valid BPMN Extension for Supporting Security Requirements Based on Cyber Security Ontology

Chergui

Benslimane

2018

Model and Data Engineering

View full text Add to dashboard Cite

Modeling and Verifying Security Policies in Business Processes

Cited by 39 publications

References 23 publications

Modeling and verification of ATM security policies with SecBPMN

Modeling and verification of ATM security policies with SecBPMN

From Secure Business Process Models to Secure Artifact-Centric Specifications

A Valid BPMN Extension for Supporting Security Requirements Based on Cyber Security Ontology

Contact Info

Product

Resources

About