Role based access control on MLS systems without kernel changes
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proactive Secret Sharing Or: How to Cope With Perpetual Leakage
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Security Analysis of Electronic Business Processes
Electronic Commerce Research
Spidering Hacks
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
IEEE Security and Privacy
Security requirement analysis of business processes
Electronic Commerce Research
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
A BPMN Extension for the Modeling of Security Requirements in Business Processes
IEICE - Transactions on Information and Systems
Engineering Safety and Security Related Requirements for Software Intensive Systems
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Non-functional requirements in business process modeling
APCCM '08 Proceedings of the fifth Asia-Pacific conference on Conceptual Modelling - Volume 79
Statistical techniques for detecting traffic anomalies through packet header data
IEEE/ACM Transactions on Networking (TON)
Agent mediated provision of insurance services: two case studies: fraud and repairs
Proceedings of the 10th international conference on Electronic commerce
XSS Attacks: Cross Site Scripting Exploits and Defense
XSS Attacks: Cross Site Scripting Exploits and Defense
SQL Injection Attacks and Defense
SQL Injection Attacks and Defense
Mal-activity diagrams for capturing attacks on business processes
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Secure Systems Development with UML
Secure Systems Development with UML
Incorporating risk into business process models
IBM Journal of Research and Development
Protection Against Denial of Service Attacks
The Computer Journal
Business Process-Based Information Security Risk Assessment
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Secure business process model specification through a UML 2.0 activity diagram profile
Decision Support Systems
A survey on detection techniques to prevent cross-site scripting attacks on current web applications
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Aligning mal-activity diagrams and security risk management for security requirements definitions
REFSQ'12 Proceedings of the 18th international conference on Requirements Engineering: foundation for software quality
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
| Hi-index | 0.00 |
Business process modelling and security engineering are two important concerns when developing information system. However current practices report that security is addressed at the later development stages (i.e. design and implementation). This raises a question whether the business processes are performed securely. In this paper, we propose a method to introduce security requirements to the business processes through the collaboration between business and security analysts. To support this collaboration we present a set of security risk-oriented patterns. We test our proposal in two industrial business models. The case findings characterise pattern performance when identifying business assets, risks, and countermeasures.