Eliciting security requirements for business processes of legacy systems

Nikolaos Argyropoulos, Luis Márquez Alcañiz, Haralambos Mouratidis, Andrew Fish, David G. Rosado, Ignacio García-Rodriguez de Guzmán, Eduardo Fernandez-Medina

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBNpeer-review


The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by non-technical stakeholders in alignment with organisational objectives.
Original languageEnglish
Title of host publicationThe Practice of Enterprise Modeling
Place of PublicationSwitzerland
PublisherSpringer International Publishing
Number of pages17
ISBN (Print)9783319258966
Publication statusPublished - 26 Nov 2015
EventThe Practice of Enterprise Modeling - Valencia, Spain, November 10-12, 2015
Duration: 26 Nov 2015 → …

Publication series

NameLecture Notes in Business Information Processing


ConferenceThe Practice of Enterprise Modeling
Period26/11/15 → …


Dive into the research topics of 'Eliciting security requirements for business processes of legacy systems'. Together they form a unique fingerprint.

Cite this