TY - GEN
T1 - Eliciting security requirements for business processes of legacy systems
AU - Argyropoulos, Nikolaos
AU - Alcañiz, Luis Márquez
AU - Mouratidis, Haralambos
AU - Fish, Andrew
AU - Rosado, David G.
AU - de Guzmán, Ignacio García-Rodriguez
AU - Fernandez-Medina, Eduardo
PY - 2015/11/26
Y1 - 2015/11/26
N2 - The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by non-technical stakeholders in alignment with organisational objectives.
AB - The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by non-technical stakeholders in alignment with organisational objectives.
U2 - 10.1007/978-3-319-25897-3_7
DO - 10.1007/978-3-319-25897-3_7
M3 - Conference contribution with ISSN or ISBN
SN - 9783319258966
VL - 235
T3 - Lecture Notes in Business Information Processing
SP - 91
EP - 107
BT - The Practice of Enterprise Modeling
PB - Springer International Publishing
CY - Switzerland
T2 - The Practice of Enterprise Modeling
Y2 - 26 November 2015
ER -