Eliciting Security Requirements for Business Processes of Legacy Systems

被引：6

作者：

Argyropoulos, Nikolaos ^{[1
]}

Marquez Alcaniz, Luis ^{[2
]}

Mouratidis, Haralambos ^{[1
]}

Fish, Andrew ^{[1
]}

Rosado, David G. ^{[3
]}

Garcia-Rodriguez de Guzman, Ignacio ^{[3
]}

Fernandez-Medina, Eduardo ^{[3
]}

机构：

[1] Univ Brighton, Watts Bldg,Lewes Rd, Brighton BN2 4GJ, E Sussex, England

[2] Spanish Natl Author Markets & Competit CNMC, Madrid, Spain

[3] Univ Castilla La Mancha, E-13071 Ciudad Real, Spain

来源：

PRACTICE OF ENTERPRISE MODELING, POEM 2015 | 2015年 / 235卷

关键词：

Legacy systems; Business process modelling; Goal-oriented security requirements; Secure Tropos; BPMN; MARBLE; INFORMATION-SYSTEMS; MANAGEMENT; DESIGN; MODELS;

D O I：

10.1007/978-3-319-25897-3_7

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE TM framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by nontechnical stakeholders in alignment with organisational objectives.

引用

页码：91 / 107

页数：17

共 50 条

[41] Building Security Awareness of Interdependent Services, Business Processes, and Systems in Cyberspace
Amanowicz, Marek
Kamola, Mariusz
ELECTRONICS, 2022, 11 (22)
[42] Eliciting and specifying requirements with use cases for embedded systems
Nasr, E
McDermid, J
Bernat, G
PROCEEDINGS OF THE SEVENTH IEEE INTERNATIONAL WORKSHOP ON OBJECT-ORIENTED REAL-TIME DEPENDABLE SYSTEMS, 2002, : 350 - 357
[43] Method for Eliciting and Analyzing Business Processes Based on Storytelling Theory
Antunes, Pedro
Pino, Jose A.
Tate, Mary
PROCEEDINGS OF THE 52ND ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, 2019, : 5558 - 5567
[44] Requirements of Dynamic Business Processes - a Survey
Rusinaite, Toma
Kalibatiene, Diana
Vasilecas, Olegas
PROCEEDINGS OF THE 2015 IEEE 3RD WORKSHOP ON ADVANCES IN INFORMATION, ELECTRONIC AND ELECTRICAL ENGINEERING (AIEEE 2015), 2015,
[45] Integrating business processes with requirements elicitation
Fiorini, ST
Leite, JCSD
deMacedoSoares, TDL
PROCEEDINGS OF THE 5TH WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES (WET ICE '96), 1996, : 226 - 231
[46] OPBUS: RISK-AWARE FRAMEWORK FOR THE CONFORMANCE OF SECURITY-QUALITY REQUIREMENTS IN BUSINESS PROCESSES
Varela-Vaca, A. J.
Gasca, Rafael M.
Pozo, Sergio
SECRYPT 2011: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2011, : 370 - 374
[47] BUSINESS PROCESSES AS BUSINESS SYSTEMS
Kaniski, Ivica
Vincek, Ivan
TEHNICKI GLASNIK-TECHNICAL JOURNAL, 2018, 12 (01): : 55 - 61
[48] VISUAL PROGRAMMING LANGUAGE FOR SECURITY REQUIREMENTS IN BUSINESS PROCESSES AS MODEL-DRIVEN SOFTWARE DEVELOPMENT
Zadic, Mirad
Nowak, Andrea
SECRYPT 2009: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2009, : 29 - 36
[49] Expert system for business decisions on security requirements
Dobelis, Eriks
ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS 2007: OTM 2007 WORKSHOPS, PT 1, PROCEEDINGS, 2007, 4805 : 46 - 47
[50] An Agent-based Security Business Data Integration Middleware for Heterogeneous Enterprise Legacy systems
Xu, Bin
2008 INTERNATIONAL SYMPOSIUM ON INTELLIGENT INFORMATION TECHNOLOGY APPLICATION, VOL II, PROCEEDINGS, 2008, : 819 - 823

← 1 2 3 4 5 →