Naved Ahmed

Securing business processes using security risk-oriented patterns

Business process modelling and security engineering are two important concerns when developing information system. However current practices report that security is addressed at the later development stages (i.e. design and implementation). This raises a question whether the business processes are performed securely. In this paper, we propose a method to introduce security requirements to the business processes through the collaboration between business and security analysts. To support this collaboration we present a set of security risk-oriented patterns. We test our proposal in two industrial business models. The case findings characterise pattern performance when identifying business assets, risks, and countermeasures.

Towards Definition of Secure Business Processes

Business process modelling is one of the major aspects in the modern system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Although BPMN is a good approach to understand business processes, there is a limited work to understand how it could deal with business security and security risk management. This is a problem, since both business processes and security concerns should be understood in parallel to support a development of the secure systems. In this paper we analyse BPMN with respect to the domain model of the IS security risk management (ISSRM). We apply a structured approach to understand key aspects of BPMN and how modeller could express secure assets, risks and risk treatment using BPMN. We align the main BPMN constructs with the key concepts of the ISSRM domain model. We show applicability of our approach on a running example related to the Internet store. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. In addition we open a possibility for the business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).

Modelling families of business process variants

Business processes usually do not exist as singular entities that can be managed in isolation, but rather as families of business process variants. When modelling such families of variants, analysts are confronted with the choice between modelling each variant separately, or modelling multiple or all variants in a single model. Modelling each variant separately leads to a proliferation of models that share common parts, resulting in redundancies and inconsistencies. Meanwhile, modelling all variants together leads to less but more complex models, thus hindering on comprehensibility. This paper introduces a method for modelling families of process variants that addresses this trade-off. The key tenet of the method is to alternate between steps of decomposition (breaking down processes into sub-processes) and deciding which parts should be modelled together and which ones should be modelled separately. We have applied the method to two case studies: one concerning the consolidation of existing process models, and another dealing with green-field process discovery. In both cases, the method produced fewer models with respect to the baseline and reduced duplicity by up to 50% without significant impact on complexity. Managing the trade-off of modelling process variants together versus separately.Method for alternating decomposition with managing variants together or separately.Applied on consolidation and greenfield process discovery case studies.Results show reduced duplicity by 50% without significant impact on complexity.

An Extension of Business Process Model and Notation for Security Risk Management

Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation BPMN has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprises business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management ISSRM and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confidentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches if these both are aligned to the ISSRM domain model.

Towards Security Risk-Oriented Misuse Cases

Security has turn out to be a necessity of information systems (ISs) and information per se. Nevertheless, existing practices report on numerous cases when security aspects were considered only at the end of the development process, thus, missing the systematic security analysis. Misuse case diagrams help identify security concerns at early stages of the IS development. Despite this fundamental advantage, misuse cases tend to be rather imprecise; they do not comply with security risk management strategies, and, thus, could lead to misinterpretation of the security-related concepts. Such limitations could potentially result in poor security solutions. This paper applies a systematic approach to understand how misuse case diagrams could help model organisational assets, potential risks, and security countermeasures to mitigate these risks. The contribution helps understand how misuse cases could deal with security risk management and support reasoning for security requirements and their implementation in the software system.

A taxonomy for assessing security in business process modelling

The idea of business processes as a key concept to underpin organisational activities are increasingly recognised. Business processes must be able to accommodate security engineering from the early stages rather at the later stages of process development (i.e., design and implementation). This raises a question whether the business processes are performed securely. In this paper, we take a deeper look into the various taxonomies in which the business process models and security have been classified. We find that existing taxonomies do not support security across all the business modelling perspectives. The main contribution of this paper is that we propose a comprehensive three dimensional taxonomy of business process security which identifies the manner to facilitates business processes and security. This taxonomy is subsequently used to classify a set of security risk-oriented patterns and identify their potential occurrences to deploy these security patterns in business processes. The application of the taxonomy is illustrated using a running example.

Criteria and Heuristics for Business Process Model Decomposition

It is generally agreed that large process models should be decomposed into sub-processes in order to enhance understandability and maintainability. Accordingly, a number of process decomposition criteria and heuristics have been proposed in the literature. This paper presents a review of the field revealing distinct classes of criteria and heuristics. The study raises the question of how different decomposition heuristics affect process model understandability and maintainability. To address this question, an experiment is conducted where two different heuristics, one based on breakpoints and the other on data objects, were used to decompose a flat process model. The results of the experiment show that, although there are minor differences, the heuristics cause very similar results in regard to understandability and maintainability as measured by various process model metrics.

Towards transformation guidelines from secure tropos to misuse cases (position paper)

(IS) requires that the security concerns should be properly articulated well ahead in early requirement engineering (RE) along with other functional and non-functional requirements. In this paper, based on the domain model for IS security risk management (SRM) we propose a set of transformation guidelines to translate Secure Tropos models to the misuse case diagrams. We believe that such a model translation would help developers to elicit real security needs by integrating the security analysis starting from early requirement stages to all the stages of development process. The translation aligns the IS security concerns with functional requirements and maintains traceability of the security decisions to their origin.

Presentation and Validation of Method for Security Requirements Elicitation from Business Processes

In recent years, the business process modelling is matured towards expressing enterprise’s organisational behaviour. This shows potential to perform early security analysis to capture enterprise security needs. Traditionally security in business processes is addressed either by representing security concepts graphically or by enforcing security constraints. But such security approaches miss the elicitation of security needs and their translation to security requirements for system-to-be. This paper proposes a method to elicit security objectives from business process models and translate them to security requirements. As a result, the method contributes to an alignment of business processes with the technology that supports the execution of business processes. The approach applicability is illustrated in few examples and its validity is reported in the comparative study.

Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns

Abstract Although importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we discuss how security risk-oriented patterns could help solving the above problem. Using the illustrative example, we present a two-step method for (i) pattern occurrence discovery in, and (ii) for security requirements definition from the business process model. We hope that our proposal could help elicit security requirements at the early system development stages, however, we still need to validate it empirically.