Mattia Salnitri

Modeling and Verifying Security Policies in Business Processes

Modern information systems are large-sized and comprise multiple heterogeneous and autonomous components. Autonomy enables decentralization, but it also implies that components providers are free to change, retire, or introduce new components. This is a threat to security, and calls for a continuous verification process to ensure compliance with security policies. Existing verification frameworks either have limited expressiveness—thereby inhibiting the specification of real-world requirements—, or rely on formal languages that are hardly employable for modeling and verifying large systems. In this paper, we overcome the limitations of existing approaches by proposing a framework that enables: (1) specifying information systems in SecBPMN, a security-oriented extension of BPMN; (2) expressing security policies through SecBPMN-Q, a query language for representing security policies; and (3) verifying SecBPMN-Q against SecBPMN specifications via an implemented query engine. We report on the applicability of our approach via a case study about air traffic management.

Taking goal models downstream: A systematic roadmap

Creating and reasoning with goal models is useful for capturing, understanding, and communicating about requirements in the early stages of information system (re)development. However, the utility of goal models is greatly enhanced when an awareness of system intentions can feed into other stages in the requirements analysis process (e.g. requirements elaboration, validation, planning), and can be used as part of the entire system life cycle (e.g., architecture, process design, coding, testing, monitoring, adaptation, and evolution). In order to understand the progress that has been made in integrating goal models with downstream system development, we ask: what approaches exist which map/integrate/transform goal-oriented languages to other software artifacts or languages? To answer this question, we conduct a systematic survey, producing a roadmap of work summarizing 174 publications. Results include a categorization of the “why?” and “how?” for each approach. Findings show that there are a wide variety of proposals with many proposed sources and targets, covering multiple paradigms, motivated by a variety of purposes. We conclude that although much work has been done in this area, the work is fragmented and is often still in a proposal stage.

Using Goal Models Downstream: A Systematic Roadmap and Literature Review

Goal models have proven useful for capturing, understanding, and communicating requirements during early stages of software development. However, the utility of goal models is greatly enhanced when they can be exploited during downstream stages of the requirements analysis process (e.g. requirements elaboration, validation, planning), and can be used as part of the entire system life cycle (e.g., architectural and behavioral process design, coding, testing, monitoring, adaptation, and evolution). In order to better understand the progress that has been made in integrating goal models with downstream system development, the authors ask: what approaches exist that map/integrate/transform goal models to later stage software artifacts? To answer this question, they conduct a systematic survey, producing a roadmap of work summarizing 243 publications. Results include a categorization of the “why?†and “how?†for each approach. Furthermore, they select the 50 most prominent publications, based on citation numbers, in order to perform an in-depth literature review. Findings show that there is a wide variety of proposals with a variety of proposed goal models and targets, covering multiple paradigms, motivated by a variety of purposes. The authors conclude that although much work has been done in this area, the work is fragmented, following multiple separate strands of goal-orientation, and is often still in early stages of maturity.

Goal-Oriented Requirements Engineering: A Systematic Literature Map

Over the last two decades, much attention has been paid to the area of Goal-Oriented Requirements Engineering(GORE), where goals are used as a useful conceptualization to elicit, model and analyze requirements, capturing alternatives and conflicts. Goal modeling has been adapted and applied to many sub-topics within RE and beyond, such as agent-orientation, aspect-orientation, business intelligence, model-driven development, security, and so on. Despite extensive efforts in this field, the RE community lacks a recent, general systematic literature review of the area. As a first step towards providing a GORE overview, we present a Systematic Literature Map, focusing on GORE-related publications at a high-level, categorizing and analyzing paper information in order to answer several research questions, while omitting a detailed analysis of individual paper quality. Our Literature Map covers the 246 top-cited GORE-related conference and journal papers, according to Scopus, classifying them into a number of descriptive paper types and topics, providing an analysis of the data, which is made publicly available. We use our analysis results to make recommendations concerning future GORE research.

Designing secure business processes with SecBPMN

Modern information systems are increasingly large and consist of an interplay of technical components and social actors (humans and organizations). Such interplay threatens the security of the overall system and calls for verification techniques that enable determining compliance with security policies. Existing verification frameworks either have a limited expressiveness that inhibits the specification of real-world requirements or rely on formal languages that are difficult to use for most analysts. In this paper, we overcome the limitations of existing approaches by presenting the SecBPMN framework. Our proposal includes: (1) the SecBPMN-ml modeling language, a security-oriented extension of BPMN for specifying composite information systems; (2) the SecBPMN-Q query language for representing security policies; and (3) a query engine that enables checking SecBPMN-Q policies against SecBPMN-ml specifications. We evaluate our approach by studying its understandability and perceived complexity with experts, running scalability analysis of the query engine, and through an application to a large case study concerning air traffic management.

Goal-oriented requirements engineering: an extended systematic mapping study

Abstract Over the last two decades, much attention has been paid to the area of goal-oriented requirements engineering (GORE), where goals are used as a useful conceptualization to elicit, model, and analyze requirements, capturing alternatives and conflicts. Goal modeling has been adapted and applied to many sub-topics within requirements engineering (RE) and beyond, such as agent orientation, aspect orientation, business intelligence, model-driven development, and security. Despite extensive efforts in this field, the RE community lacks a recent, general systematic literature review of the area. In this work, we present a systematic mapping study, covering the 246 top-cited GORE-related conference and journal papers, according to Scopus. Our literature map addresses several research questions: we classify the types of papers (e.g., proposals, formalizations, meta-studies), look at the presence of evaluation, the topics covered (e.g., security, agents, scenarios), frameworks used, venues, citations, author networks, and overall publication numbers. For most questions, we evaluate trends over time. Our findings show a proliferation of papers with new ideas and few citations, with a small number of authors and papers dominating citations; however, there is a slight rise in papers which build upon past work (implementations, integrations, and extensions). We see a rise in papers concerning adaptation/variability/evolution and a slight rise in case studies. Overall, interest in GORE has increased. We use our analysis results to make recommendations concerning future GORE research and make our data publicly available.

Preserving Compliance with Security Requirements in Socio-Technical Systems

Socio-technical systems are an interplay of social (humans and organizations) and technical components interacting with one another to achieve their objectives. Security is a central issue in such complex systems, and it cannot be tackled only through technical mechanisms: the encryption of sensitive data while being transmitted, does not assure that the receiver will not disclose them to unauthorized parties. Therefore, dealing with security in socio-technical systems requires an analysis: (i) from a social and organizational perspective, to elicit the objectives and security requirements of each component; (ii) from a procedural perspective, to define how the actors behave and interact with each other. But, socio-technical systems need to adapt to changes of the external environment, making the need to deal with security a problem that has to be faced during all the systems’ life-cycle. We propose an iterative and incremental process to elicit security requirements and verify the socio-technical system’s compliance with such requirements throughout the systems’ life cycle.

Aligning Service-Oriented Architectures with Security Requirements

Aligning requirements and architectures is a long-standing concern in software engineering. Alignment is crucial in the area of systems evolution, wherein requirements and system architectures keep changing after system deployment. We address a specific alignment problem, namely, checking the compliance of a service-oriented architecture—representing a composite service—with security requirements. Service-oriented architectures are dynamic (services can be replaced on-the-fly), and assessing compliance with security requirements is key, since non-compliance may lead to sanctions as well as privacy violation. After motivating and describing the problem, we propose algorithms to check two specific security requirements: non-disclosure and non-repudiation. We illustrate the approach using an e-government scenario.

Toward GDPR-Compliant Socio-Technical Systems: Modeling Language and Reasoning Framework

Privacy is a key aspect for the European Union (EU), where it is regulated by a specific law, the General Data Protection Regulation (GDPR). Compliance to the GDPR is a problem for organizations, it imposes strict constraints whenever they deal with personal data and, in case of infringement, it specifies severe consequences such as legal and monetary penalties. Such organizations frequently are complex systems, where personal data is processed by humans and technical services. Therefore, it becomes fundamental to consider privacy from the social perspective when designing such system, i.e., when relations between different components are specified. This is, indeed, also specified in the GDPR, which encourages to apply privacy-by-design principles. This paper proposes a method to support the design of GDPR compliant systems, based on a socio-technical approach composed of a modeling language and a reasoning framework.

Maintaining Secure Business Processes in Light of Socio-Technical Systems' Evolution

Todays systems are socio-technical, they are composed of social (humans and organizations) and technical components that interact with one another to achieve objectives they cannot achieve on their own. Security is a central issue in socio-technical systems and cannot be tackled through technical mechanisms alone. Instead, it requires enforcing security policies over the procedures that specify how components of these systems operate and interact (i.e., business processes). The continuous evolution of socio-technical systems, to adapt to external changes, may result in business processes that do not enforce security. Thus, it is important to preserve security through a constant update of business processes and/or security policies, to avoid security issues that may result in loss of reputation or monetary sanctions. To this end, in this paper we propose a framework to assist security engineers in maintaining secure business processes during socio-technical systems evolution. The framework is composed of: (i) SecBPMN2-ml, a modeling language for business processes, (ii) SecBPMN2-Q, a modeling language for security policies, and (iii) a software engine that verifies if security policies are enforced in business processes. The framework is applied to a case from the air traffic management domain.