Eliciting security requirements for business processes of legacy systems

Nikolaos Argyropoulos; Luis Márquez Alcañiz; Haralambos Mouratidis; Andrew Fish; David G. Rosado; Ignacio García-Rodriguez de Guzmán; Eduardo Fernandez-Medina

doi:10.1007/978-3-319-25897-3_7

Eliciting security requirements for business processes of legacy systems

Nikolaos Argyropoulos, Luis Márquez Alcañiz, Haralambos Mouratidis, Andrew Fish, David G. Rosado, Ignacio García-Rodriguez de Guzmán, Eduardo Fernandez-Medina

University of Brighton

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by non-technical stakeholders in alignment with organisational objectives.

Original language	English
Title of host publication	The Practice of Enterprise Modeling
Place of Publication	Switzerland
Publisher	Springer International Publishing
Pages	91-107
Number of pages	17
Volume	235
ISBN (Print)	9783319258966
DOIs	https://doi.org/10.1007/978-3-319-25897-3_7
Publication status	Published - 26 Nov 2015
Event	The Practice of Enterprise Modeling - Valencia, Spain, November 10-12, 2015 Duration: 26 Nov 2015 → …

Publication series

Name	Lecture Notes in Business Information Processing

Conference

Conference	The Practice of Enterprise Modeling
Period	26/11/15 → …

Access to Document

10.1007/978-3-319-25897-3_7Licence: Unspecified

http://link.springer.com/chapter/10.1007/978-3-319-25897-3_7Licence: Unspecified

Cite this

Argyropoulos, N., Alcañiz, L. M., Mouratidis, H., Fish, A., Rosado, D. G., de Guzmán, I. G-R., & Fernandez-Medina, E. (2015). Eliciting security requirements for business processes of legacy systems. In The Practice of Enterprise Modeling (Vol. 235, pp. 91-107). (Lecture Notes in Business Information Processing). Springer International Publishing. https://doi.org/10.1007/978-3-319-25897-3_7

@inproceedings{f86bbbfd973547639ab182c83efaae9f,

title = "Eliciting security requirements for business processes of legacy systems",

abstract = "The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by non-technical stakeholders in alignment with organisational objectives.",

author = "Nikolaos Argyropoulos and Alca{\~n}iz, {Luis M{\'a}rquez} and Haralambos Mouratidis and Andrew Fish and Rosado, {David G.} and {de Guzm{\'a}n}, {Ignacio Garc{\'i}a-Rodriguez} and Eduardo Fernandez-Medina",

year = "2015",

month = nov,

day = "26",

doi = "10.1007/978-3-319-25897-3_7",

language = "English",

isbn = "9783319258966",

volume = "235",

series = "Lecture Notes in Business Information Processing",

publisher = "Springer International Publishing",

pages = "91--107",

booktitle = "The Practice of Enterprise Modeling",

note = "The Practice of Enterprise Modeling ; Conference date: 26-11-2015",

}

Argyropoulos, N, Alcañiz, LM, Mouratidis, H, Fish, A, Rosado, DG, de Guzmán, IG-R & Fernandez-Medina, E 2015, Eliciting security requirements for business processes of legacy systems. in The Practice of Enterprise Modeling. vol. 235, Lecture Notes in Business Information Processing, Springer International Publishing, Switzerland, pp. 91-107, The Practice of Enterprise Modeling, 26/11/15. https://doi.org/10.1007/978-3-319-25897-3_7

Eliciting security requirements for business processes of legacy systems. / Argyropoulos, Nikolaos; Alcañiz, Luis Márquez; Mouratidis, Haralambos et al.
The Practice of Enterprise Modeling. Vol. 235 Switzerland: Springer International Publishing, 2015. p. 91-107 (Lecture Notes in Business Information Processing).

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

TY - GEN

T1 - Eliciting security requirements for business processes of legacy systems

AU - Argyropoulos, Nikolaos

AU - Alcañiz, Luis Márquez

AU - Mouratidis, Haralambos

AU - Fish, Andrew

AU - Rosado, David G.

AU - de Guzmán, Ignacio García-Rodriguez

AU - Fernandez-Medina, Eduardo

PY - 2015/11/26

Y1 - 2015/11/26

N2 - The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by non-technical stakeholders in alignment with organisational objectives.

AB - The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by non-technical stakeholders in alignment with organisational objectives.

U2 - 10.1007/978-3-319-25897-3_7

DO - 10.1007/978-3-319-25897-3_7

M3 - Conference contribution with ISSN or ISBN

SN - 9783319258966

VL - 235

T3 - Lecture Notes in Business Information Processing

SP - 91

EP - 107

BT - The Practice of Enterprise Modeling

PB - Springer International Publishing

CY - Switzerland

T2 - The Practice of Enterprise Modeling

Y2 - 26 November 2015

ER -

Eliciting security requirements for business processes of legacy systems

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this