Attribute-based security verification of business process models

Nikolaos Argyropoulos, Haralambos Mouratidis, Andrew Fish

    Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBNpeer-review

    Abstract

    Business processes, as the instruments used by organisations to produce value, need to comply with a number of internally and externally imposed standards and restrictions. Since the majority of such processes involve the exchange of sensitive third party information, their compliance to security constraints needs to be verified before they can be implemented. Current attempts for the verification of security compliance of design-time business process models involve the transformation of both the model and the desired security properties into formal specifications, which can be then used as input for automated model checkers. Such an approach is usually costly both in terms of time and specialised knowledge, while also its coverage can be limited to specific types of security requirements. In this work we introduce an approach for the verification of security in business process models based on structural properties of the workflow of the process. To that end, we introduce a series of attributes to existing BPMN 2.0 concepts and algorithms for checking the compliance of a process model against the most common security requirements. Finally, a real-world business process is used to demonstrate and evaluate the applicability of our proposal.

    Original languageEnglish
    Title of host publicationProceedings - 2017 IEEE 19th Conference on Business Informatics, CBI 2017
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages43-52
    Number of pages10
    Volume1
    ISBN (Electronic)9781538630341
    DOIs
    Publication statusPublished - 14 Aug 2017
    Event19th IEEE Conference on Business Informatics, CBI 2017 - Thessaloniki, Greece
    Duration: 24 Jul 201727 Jul 2017

    Publication series

    NameConference on Business Informatics
    PublisherIEEE
    ISSN (Print)2378-1963
    ISSN (Electronic)2378-1971

    Conference

    Conference19th IEEE Conference on Business Informatics, CBI 2017
    Country/TerritoryGreece
    CityThessaloniki
    Period24/07/1727/07/17

    Bibliographical note

    © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including
    reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

    Keywords

    • BPMN
    • Business Process Modelling
    • Business Process Security
    • Security Verification

    Fingerprint

    Dive into the research topics of 'Attribute-based security verification of business process models'. Together they form a unique fingerprint.

    Cite this