Assessing Business Process Security Awareness: A Service-Oriented Approach
نویسندگان
چکیده
The aim of this paper is to present some preliminary ideas about practical metrics and measurements useful for (i) assessing business process risk at design time and (ii) computing security and trust metrics at run time on business process orchestrations. In particular, the study is focused on a priori metrics applied to behavioral specifications of business processes (e.g., business rules and UML 2.0 /UMM diagrams) and to run-time metrics applied to the high-level eservices composing them. Design-time metrics deal with the risk connected to information leaking (including privacy-related concerns) and to other disclosure threats, while run-time service-oriented metrics regard security as a Quality of Service, and therefore include factors like trustworthiness, completeness, and correctness of the services composing the business process when deployed on a Service Oriented Architecture (SOA).
منابع مشابه
Securing Collaborative Business Processes: A Methodology for Security Management in Service-Based Infrastructure
In order to secure collaborative business processes, we present a methodological approach that early integrates security and risk management throughout the design process of service-oriented architectures. We develop our methodology based on two complementary axes: the first being the business needs while the second, is ensuring a consistent security between partners at the runtime. The informa...
متن کاملModelling Security Goals in Business Processes
Abstract: Various types of security goals, such as authentication or confidentiality, can be defined as policies for process-aware information systems, typically in a manual fashion. Therefore, we foster a model-driven transformation approach from modelled security goals in the context of process models to concrete security implementations. We argue that specific types of security goals may be ...
متن کاملAdapted Loss Database - A New Approach to Assess IT Risk in Automated Business Processes
Service-oriented architectures (SOA) provide companies with dynamic IT infrastructures to adapt business processes flexibly to new requirements. However, the success of SOA will also depend on the ability to manage risk resulting from frequent and context-specific changes of IT support for automated business processes. Assessing this IT risk is challenging, since frequently changing relations b...
متن کاملA Passive Testing Approach for Security Checking and its Practical Usage for Web Services Monitoring∗
To achieve a meaningful business goal, Web services are combined and connected together based on a predefined workflow. In this distributed configuration, tasks are executed by different entities usually managed by different business partners which makes the security monitoring of the whole business process complex. Indeed, the application of classical monitoring methods is not suitable in this...
متن کاملWhen Parameterized Model Driven Development Supports Aspect Based SOA
Service-Oriented Architectures (SOA) are widely used by companies to gain flexibility. Web services are the fitted technical solution used to support SOA by providing interoperability and loose coupling. Basic Web services are being assembled to composite Web services in order to directly support business processes. However, there is much to be done to obtain a genuine flawless Web service, and...
متن کامل