Security in business process engineering

Authors:
Michael Backes;Birgit Pfitzmann;Michael Waidner
Affiliations:
IBM Zurich Research Laboratory, Rüschlikon, Switzerland;IBM Zurich Research Laboratory, Rüschlikon, Switzerland;IBM Zurich Research Laboratory, Rüschlikon, Switzerland
Venue:
BPM'03 Proceedings of the 2003 international conference on Business process management
Year:
2003

Citing 19
Cited 9

Communicating sequential processes

Communicating sequential processes
Model checking

Model checking
Proving security protocols with model checkers by data independence techniques

Journal of Computer Security
The inductive approach to verifying cryptographic protocols

Journal of Computer Security
Distributed Algorithms

Distributed Algorithms
Modeling Reactive Systems with Statecharts: The Statemate Approach

Modeling Reactive Systems with Statecharts: The Statemate Approach
From Business Process Model to Consistent Implementation: A Case for Formal Verification Methods

EDOC '02 Proceedings of the 6th International Enterprise Distributed Object Computing Conference
Towards Development of Secure Systems Using UMLsec

FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Cryptographically Sound and Machine-Assisted Verification of Security Protocols

STACS '03 Proceedings of the 20th Annual Symposium on Theoretical Aspects of Computer Science
Computational Probabilistic Non-interference

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Deriving Cryptographically Sound Implementations Using Composition and Formally Verified Bisimulation

FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
Secure Intrusion-tolerant Replication on the Internet

DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
PVS: A Prototype Verification System

CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
Modelling and verifying key-exchange protocols using CSP and FDR

CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Polynomial Fairness and Liveness

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Theory and application of trapdoor functions

SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science

Collaborative business and data privacy: toward a cyber-control?

Computers in Industry - Special issue: The digital factory: an instrument of the present and the future
Collaborative business and data privacy: Toward a cyber-control?

Computers in Industry - Special issue: The digital factory: an instrument of the present and the future
Towards CIM to PIM transformation: from secure business processes defined in BPMN to use-cases

BPM'07 Proceedings of the 5th international conference on Business process management
Semi-formal transformation of secure business processes into analysis class and use case models: An MDA approach

Information and Software Technology
Secure business process model specification through a UML 2.0 activity diagram profile

Decision Support Systems
Capturing security requirements in business processes through a UML 2.0 activity diagrams profile

CoMoGIS'06 Proceedings of the 2006 international conference on Advances in Conceptual Modeling: theory and practice
Towards a UML 2.0 extension for the modeling of security requirements in business processes

TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Analysis-level classes from secure business processes through model transformations

TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions

Information and Software Technology

Quantified Score

Hi-index	0.01

Visualization

Abstract

We present a general methodology for integrating arbitrary security requirements in the development of business processes in a both elegant and rigorous way. We show how trust relationships between different parties and their respective security goals can be reflected in a specification, which results in a realistic modeling of business processes in the presence of malicious adversaries. Special attention is given to the incorporation of cryptography in the development process with the main goal of achieving specifications that are sufficiently simple to be suited for formal verification, yet allow for a provably secure cryptographic implementation.