Hybrid Security Approach for Behavioural Privacy of Business Processes in a Cloud Environment

Business processes are surely at the heart of companies but they are also the target of numerous security attacks, especially when using nowadays technologies like Cloud computing. Hence, ensuring business processes' security is one of the main concerns in both industry and research area. Securing a business process involves securing its three main aspects namely, the informational, the logical (behavioural), and the organisational aspect. While most of the works in the literature focus on the security of the informational aspect, Goettelmann et al. in [9] propose an obfuscation technique that aims to guarantee explicitly the security of the logical aspect of a business process i.e. persevering the privacy of the company's know-how expressed through the business process. This paper proposes an alternative solution to the obfuscation technique that is based on the strengths of this latter while addressing its identified limits. Our approach combines the ideas of the obfuscation technique and security annotations. The proposed solution is described via a metamodel that exhibits the main concepts it is based on, and a global functional architecture describing the principal steps of the solution, mainly a deployment configuration of the business process, meeting a set of defined constraints (and rules). A comparison between the obfuscation technique and our proposed approach according to security level and deployment costs is also illustrated, through examples.