Skip to main content
SpringerLink
Log in

Supporting Secure Business Process Design via Security Process Patterns

  • Conference paper
  • First Online:
Enterprise, Business-Process and Information Systems Modeling (BPMDS 2017, EMMSAD 2017)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 287))

Abstract

Security is an important non-functional characteristic of the business processes used by organisations for the coordination of their activities. Nevertheless, the implementation of security at the operational level can be challenging due to the limited security expertise of process designers and the delayed consideration of security during process development. To overcome such issues, expert knowledge and proven security solutions can be captured in the form of process patterns, which can easily be reused and integrated to business processes with minimal security-related knowledge required. In this work we introduce process-level security patterns, each of which contains the main activities required for the operationalisation of different security requirements. The introduced patterns are then used as a component of an existing framework for the creation of secure business process designs, the application of which, is illustrated through a working example. A preliminary evaluation of the proposed patterns is conducted via a workshop session.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The questionnaire and a summary of the responses can be accessed in: http://www.sense-brighton.eu/process-patterns-questionnaire/.

References

  1. Ahmed, N., Matulevičius, R.: Securing business processes using security risk-oriented patterns. Comput. Stand. Interfaces 36(4), 723–733 (2014)

    Article  Google Scholar 

  2. Argyropoulos, N., Márquez Alcañiz, L., Mouratidis, H., Fish, A., Rosado, D.G., Guzmán, I.G.-R., Fernández-Medina, E.: Eliciting security requirements for business processes of legacy systems. In: Ralyté, J., España, S., Pastor, Ó. (eds.) PoEM 2015. LNBIP, vol. 235, pp. 91–107. Springer, Cham (2015). doi:10.1007/978-3-319-25897-3_7

    Chapter  Google Scholar 

  3. Argyropoulos, N., Kalloniatis, C., Mouratidis, H., Fish, A.: Incorporating privacy patterns into semi-automatic business process derivation. In: IEEE 10th International Conference on Research Challenges in Information Science (RCIS), pp. 1–12. IEEE (2016)

    Google Scholar 

  4. Argyropoulos, N., Mouratidis, H., Fish, A.: Towards the derivation of secure business process designs. In: Jeusfeld, M.A., Karlapalem, K. (eds.) ER 2015. LNCS, vol. 9382, pp. 248–258. Springer, Cham (2015). doi:10.1007/978-3-319-25747-1_25

    Chapter  Google Scholar 

  5. Decreus, K., Poels, G.: A goal-oriented requirements engineering method for business processes. In: Soffer, P., Proper, E. (eds.) CAiSE Forum 2010. LNBIP, vol. 72, pp. 29–43. Springer, Heidelberg (2011). doi:10.1007/978-3-642-17722-4_3

    Chapter  Google Scholar 

  6. Decreus, K., Poels, G., Kharbili, M.E., Pulvermueller, E.: Policy-enabled goal-oriented requirements engineering for semantic business process management. Int. J. Intell. Syst. 25(8), 784–812 (2010)

    Article  Google Scholar 

  7. Fernandez, E.B., Pan, R.: A pattern language for security models. In: Proceedings of PLoP. vol. 1 (2001)

    Google Scholar 

  8. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Using privacy process patterns for incorporating privacy requirements into the system design process. In: 2nd International Conference on Availability, Reliability and Security (ARES 2007), pp. 1009–1017. IEEE (2007)

    Google Scholar 

  9. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)

    Article  Google Scholar 

  10. Kienzle, D.M., Elder, M.C.: Security patterns for web application development. University of Virginia Technical report (2002)

    Google Scholar 

  11. Lavérdiere, M., Mourad, A., Hanna, A., Debbabi, M.: Security design patterns: Survey and evaluation. In: 2006 Canadian Conference on Electrical and Computer Engineering, pp. 1605–1608. IEEE (2006)

    Google Scholar 

  12. Leitner, M., Miller, M., Rinderle-Ma, S.: An analysis and evaluation of security aspects in the business process model and notation. In: 8th International Conference on Availability, Reliability and Security (ARES 2013), pp. 262–267. IEEE (2013)

    Google Scholar 

  13. Li, T., Paja, E., Mylopoulos, J., Horkoff, J., Beckers, K.: Security attack analysis using attack patterns. In: IEEE 10th International Conference on Research Challenges in Information Science (RCIS), pp. 1–13. IEEE (2016)

    Google Scholar 

  14. Mouratidis, H., Argyropoulos, N., Shei, S.: Security requirements engineering for cloud computing: the Secure Tropos approach. In: Karagiannis, D., Mayr, H.C., Mylopoulos, J. (eds.) Domain-Specific Conceptual Modeling, Concepts, Methods and Tools, pp. 357–380. Springer, Cham (2016)

    Chapter  Google Scholar 

  15. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)

    Article  Google Scholar 

  16. Mouratidis, H., Weiss, M., Giorgini, P.: Modeling secure systems using an agent-oriented approach and security patterns. Int. J. Softw. Eng. Knowl. Eng. 16(03), 471–498 (2006)

    Article  Google Scholar 

  17. Neubauer, T., Klemen, M., Biffl, S.: Secure business process management: a roadmap. In: 1st International Conference on Availability, Reliability and Security (ARES 2006), p. 8. IEEE (2006)

    Google Scholar 

  18. Object Management Group: Business Process Model Notation (BPMN) Version 2.0. Technical report (2011)

    Google Scholar 

  19. Rosado, D.G., Gutiérrez, C., Fernández-Medina, E., Piattini, M.: Security patterns and requirements for internet-based applications. Internet Res. 16(5), 519–536 (2006)

    Article  Google Scholar 

  20. Salnitri, M., Dalpiaz, F., Giorgini, P.: Designing secure business processes with SecBPMN. Softw. Syst. Model., 1–21 (2016)

    Google Scholar 

  21. Weske, M.: Business Process Management: Concepts, Languages, Architectures. Springer, Heidelberg (2010)

    Google Scholar 

  22. Yoshioka, N., Washizaki, H., Maruyama, K.: A survey on security patterns. Prog. Inform. 5(5), 35–47 (2008)

    Article  Google Scholar 

Download references

Acknowledgement

This research received funding from the Visual Privacy Management in User Centric Open Environments (VisiOn) project, supported by the EU Horizon 2020 programme, Grant agreement No 653642.

Author information

Authors and Affiliations

  1. School of Computing, Engineering and Mathematics, University of Brighton, Brighton, UK

    Nikolaos Argyropoulos, Haralambos Mouratidis & Andrew Fish

Authors
  1. Nikolaos Argyropoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrew Fish
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikolaos Argyropoulos .

Editor information

Editors and Affiliations

  1. University of Haifa , Haifa, Israel

    Iris Reinhartz-Berger

  2. University of Duisburg-Essen , Duisburg, Germany

    Jens Gulden

  3. Université de Paris 1 Panthéon - Sorbonne, Paris, France

    Selmin Nurcan

  4. Luxembourg Institute of Science and Technology, Esch-sur-Alzette, Luxembourg

    Wided Guédria

  5. Saint Louis University , St. Louis, Missouri, USA

    Palash Bera

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Argyropoulos, N., Mouratidis, H., Fish, A. (2017). Supporting Secure Business Process Design via Security Process Patterns. In: Reinhartz-Berger, I., Gulden, J., Nurcan, S., Guédria, W., Bera, P. (eds) Enterprise, Business-Process and Information Systems Modeling. BPMDS EMMSAD 2017 2017. Lecture Notes in Business Information Processing, vol 287. Springer, Cham. https://doi.org/10.1007/978-3-319-59466-8_2

Download citation

Publish with us

Policies and ethics

Search

Navigation