Enhancing secure business process design with security process patterns

Nikolaos Argyropoulos, Haralambos Mouratidis, Andrew Fish

Research output: Contribution to journalArticleResearchpeer-review

Abstract

Business process definition and analysis are an important activity for any organisation. As research has demonstrated, well-defined business processes can reduce cost, improve productivity and provide organisations with competitive advantages. In the last few years, the need to ensure the security of business processes has been identified as a major research challenge. Limited security expertise of business process developers together with a clear lack of appropriate methods and techniques to support the security analysis of business processes is important prohibitors to providing answers to that research challenge. This paper introduces the first attempt in the literature to produce a novel pattern-based approach to support the design and analysis of secure business processes. Our work draws on elements from the security requirements engineering area and the security patterns area, combined with business process modelling, and it produces a set of process-level security patterns which are used to implement security in a given business process model. Such an approach advances the existing literature by providing a structured way of operationalising security at the business process level of abstraction. The applicability of the work is illustrated through an application to a real-life information system, and the effectiveness and usability of the work are evaluated via a workshop-based experiment. The evaluation clearly indicates that non-experts are able to comprehend and utilise the developed patterns to construct secure business process designs.

Original languageEnglish
Pages (from-to)1-23
JournalSoftware and Systems Modeling
DOIs
Publication statusPublished - 13 Jul 2019

Fingerprint

Process Design
Business Process
Process design
Industry
Business Process Modeling
Requirements Engineering
Security Analysis
Business Model
Requirements engineering
Expertise
Process Model
Usability
Productivity
Well-defined
Information Systems
Information systems
Evaluation
Costs

Keywords

  • Business process modelling
  • Business process security
  • Security process patterns
  • Security requirements engineering

Cite this

@article{9e90764bb2f846a7818ee50557393212,
title = "Enhancing secure business process design with security process patterns",
abstract = "Business process definition and analysis are an important activity for any organisation. As research has demonstrated, well-defined business processes can reduce cost, improve productivity and provide organisations with competitive advantages. In the last few years, the need to ensure the security of business processes has been identified as a major research challenge. Limited security expertise of business process developers together with a clear lack of appropriate methods and techniques to support the security analysis of business processes is important prohibitors to providing answers to that research challenge. This paper introduces the first attempt in the literature to produce a novel pattern-based approach to support the design and analysis of secure business processes. Our work draws on elements from the security requirements engineering area and the security patterns area, combined with business process modelling, and it produces a set of process-level security patterns which are used to implement security in a given business process model. Such an approach advances the existing literature by providing a structured way of operationalising security at the business process level of abstraction. The applicability of the work is illustrated through an application to a real-life information system, and the effectiveness and usability of the work are evaluated via a workshop-based experiment. The evaluation clearly indicates that non-experts are able to comprehend and utilise the developed patterns to construct secure business process designs.",
keywords = "Business process modelling, Business process security, Security process patterns, Security requirements engineering",
author = "Nikolaos Argyropoulos and Haralambos Mouratidis and Andrew Fish",
year = "2019",
month = "7",
day = "13",
doi = "10.1007/s10270-019-00743-y",
language = "English",
pages = "1--23",
journal = "Software and Systems Modeling",
issn = "1619-1366",

}

Enhancing secure business process design with security process patterns. / Argyropoulos, Nikolaos; Mouratidis, Haralambos; Fish, Andrew.

In: Software and Systems Modeling, 13.07.2019, p. 1-23.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Enhancing secure business process design with security process patterns

AU - Argyropoulos, Nikolaos

AU - Mouratidis, Haralambos

AU - Fish, Andrew

PY - 2019/7/13

Y1 - 2019/7/13

N2 - Business process definition and analysis are an important activity for any organisation. As research has demonstrated, well-defined business processes can reduce cost, improve productivity and provide organisations with competitive advantages. In the last few years, the need to ensure the security of business processes has been identified as a major research challenge. Limited security expertise of business process developers together with a clear lack of appropriate methods and techniques to support the security analysis of business processes is important prohibitors to providing answers to that research challenge. This paper introduces the first attempt in the literature to produce a novel pattern-based approach to support the design and analysis of secure business processes. Our work draws on elements from the security requirements engineering area and the security patterns area, combined with business process modelling, and it produces a set of process-level security patterns which are used to implement security in a given business process model. Such an approach advances the existing literature by providing a structured way of operationalising security at the business process level of abstraction. The applicability of the work is illustrated through an application to a real-life information system, and the effectiveness and usability of the work are evaluated via a workshop-based experiment. The evaluation clearly indicates that non-experts are able to comprehend and utilise the developed patterns to construct secure business process designs.

AB - Business process definition and analysis are an important activity for any organisation. As research has demonstrated, well-defined business processes can reduce cost, improve productivity and provide organisations with competitive advantages. In the last few years, the need to ensure the security of business processes has been identified as a major research challenge. Limited security expertise of business process developers together with a clear lack of appropriate methods and techniques to support the security analysis of business processes is important prohibitors to providing answers to that research challenge. This paper introduces the first attempt in the literature to produce a novel pattern-based approach to support the design and analysis of secure business processes. Our work draws on elements from the security requirements engineering area and the security patterns area, combined with business process modelling, and it produces a set of process-level security patterns which are used to implement security in a given business process model. Such an approach advances the existing literature by providing a structured way of operationalising security at the business process level of abstraction. The applicability of the work is illustrated through an application to a real-life information system, and the effectiveness and usability of the work are evaluated via a workshop-based experiment. The evaluation clearly indicates that non-experts are able to comprehend and utilise the developed patterns to construct secure business process designs.

KW - Business process modelling

KW - Business process security

KW - Security process patterns

KW - Security requirements engineering

UR - http://www.scopus.com/inward/record.url?scp=85068966252&partnerID=8YFLogxK

U2 - 10.1007/s10270-019-00743-y

DO - 10.1007/s10270-019-00743-y

M3 - Article

SP - 1

EP - 23

JO - Software and Systems Modeling

JF - Software and Systems Modeling

SN - 1619-1366

ER -