Security in Business Process Engineering
نویسندگان
چکیده
We present a general methodology for integrating arbitrary security requirements in the development of business processes in a both elegant and rigorous way. We show how trust relationships between different parties and their respective security goals can be reflected in a specification, which results in a realistic modeling of business processes in the presence of malicious adversaries. Special attention is given to the incorporation of cryptography in the development process with the main goal of achieving specifications that are sufficiently simple to be suited for formal verification, yet allow for a provably secure cryptographic implementation.
منابع مشابه
Towards a Security Engineering Process Model for Electronic Business Processes
Business process management (BPM) and accompanying systems aim at enabling enterprises to become adaptive. In spite of the dependency of enterprises on secure business processes, BPM languages and techniques provide only little support for security. Several complementary approaches have been proposed for security in the domain of BPM. Nevertheless, support for a systematic procedure for the dev...
متن کاملA business process-driven approach to security engineering
A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common that customers and end users are able to express their security needs at the business process level. Furthermore, systems are often developed by automating existing manual business process...
متن کاملASIC design protection against reverse engineering during the fabrication process using automatic netlist obfuscation design flow
Fab-less business model in semiconductor industry has led to serious concerns about trustworthy hardware. In untrusted foundries and manufacturing companies, submitted layout may be analyzed and reverse engineered to steal the information of a design or insert malicious Trojans. Understanding the netlist topology is the ultimate goal of the reverse engineering process. In this paper, we propose...
متن کاملTowards a Business Process-Driven Framework for Security Engineering with the UML
A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is commonly at the business process level that customers and end users are able to express their security needs. In addition, systems are often developed by automating existing manual business proce...
متن کاملKey Issues of a Formally Based Process Model for Security Engineering
In this paper we outline a new process model for security engineering. This process model extends object oriented, use case oriented software development by systematic security requirements elicitation and realization. In particular, we integrate the modeling of security requirements, threat and risk analysis on the one hand with the modeling of business processes, use cases and the constructio...
متن کاملSecurity Requirements Engineering for Secure Business Processes
Traditional approaches to business process modelling deal with security only after the business process has been defined, namely without considering security needs as input for the definition. This may require very costly corrections if new security issues are discovered. Moreover, security concerns are mainly considered at the system level without providing the rationale for their existence, t...
متن کامل