Eliciting Security Requirements for Business Processes of Legacy Systems

被引:6
|
作者
Argyropoulos, Nikolaos [1 ]
Marquez Alcaniz, Luis [2 ]
Mouratidis, Haralambos [1 ]
Fish, Andrew [1 ]
Rosado, David G. [3 ]
Garcia-Rodriguez de Guzman, Ignacio [3 ]
Fernandez-Medina, Eduardo [3 ]
机构
[1] Univ Brighton, Watts Bldg,Lewes Rd, Brighton BN2 4GJ, E Sussex, England
[2] Spanish Natl Author Markets & Competit CNMC, Madrid, Spain
[3] Univ Castilla La Mancha, E-13071 Ciudad Real, Spain
来源
PRACTICE OF ENTERPRISE MODELING, POEM 2015 | 2015年 / 235卷
关键词
Legacy systems; Business process modelling; Goal-oriented security requirements; Secure Tropos; BPMN; MARBLE; INFORMATION-SYSTEMS; MANAGEMENT; DESIGN; MODELS;
D O I
10.1007/978-3-319-25897-3_7
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE TM framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by nontechnical stakeholders in alignment with organisational objectives.
引用
收藏
页码:91 / 107
页数:17
相关论文
共 50 条
  • [21] Towards a UML 2.0 extension for the modeling of security requirements in business processes
    Rodriguez, Alfonso
    Fernandez-Medina, Eduardo
    Piattini, Mario
    TRUST, PRIVACY, AND SECURITY IN DIGITAL BUSINESS, PROCEEDINGS, 2006, 4083 : 51 - 61
  • [22] Dynamic Assignment of Roles and Users for Business Processes Under Security Requirements
    Du, Yanhua
    Zhou, Yongchuan
    Hu, Hesuan
    IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2023, 19 (10) : 10344 - 10355
  • [23] Presentation and Validation of Method for Security Requirements Elicitation from Business Processes
    Ahmed, Naved
    Matulevicius, Raimundas
    INFORMATION SYSTEMS ENGINEERING IN COMPLEX ENVIRONMENTS, 2015, 204 : 20 - 35
  • [24] A survey on automation of security requirements in service-based business processes
    Lins F.A.A.
    Sousa E.T.G.
    Rosa N.S.
    International Journal of Web Engineering and Technology, 2018, 13 (01) : 3 - 29
  • [25] A Serious Game for Eliciting Social Engineering Security Requirements
    Beckers, Kristian
    Pape, Sebastian
    2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), 2016, : 16 - 25
  • [26] Eliciting and structuring business indicators in data warehouse requirements engineering
    Bhardwaj, Hanu
    Prakash, Naveen
    EXPERT SYSTEMS, 2016, 33 (04) : 405 - 413
  • [27] Eliciting security requirements method based on safety knowledge base
    Yu, Xiaofei
    Li, Xiaohong
    Zhang, Qianqian
    Communications in Computer and Information Science, 2013, 332 : 109 - 121
  • [28] Requirements for Security Enhancements to Legacy Software with RUP
    Mocanu, Virgil
    INFORMATION SECURITY JOURNAL, 2010, 19 (04): : 226 - 236
  • [29] Eliciting Software Safety Requirements in Complex Systems
    Menon, Catherine
    Kelly, Tim
    2010 IEEE INTERNATIONAL SYSTEMS CONFERENCE, 2010, : 616 - 621
  • [30] Eliciting a Security Architecture Requirements Baseline from Standards and Regulations
    Rouland, Quentin
    Gjorcheski, Stojanche
    Jaskolka, Jason
    2023 IEEE 31ST INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE WORKSHOPS, REW, 2023, : 224 - 229
12345