Security Analysis of Electronic Business Processes

Authors:
Susanne Röhrig;Konstantin Knorr
Affiliations:
secunet SwissIT AG, Hauptbahnhofstrasse 12, CH-4501 Solothurn, Switzerland roehrig@swiss-it.ch;Siemens CT IC CERT, MCH P 10 377, Otto-Hahn-Ring 6, 81730 Munich, Germany konstantin.knorr@siemens.com
Venue:
Electronic Commerce Research
Year:
2004

Citing 10
Cited 7

Process modeling

Communications of the ACM - Special issue on analysis and modeling in software development
Process innovation: reengineering work through information technology

Process innovation: reengineering work through information technology
Information Security: An Integrated Collection of Essays

Information Security: An Integrated Collection of Essays
Dealing with Security Requirements During the Development of Information Systems

CAiSE '93 Proceedings of Advanced Information Systems Engineering
Modeling and Analyzing Separation of Duties in Workflow Environments

IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Security Requirements of E-Business Processes

I3E '01 Proceedings of the IFIP Conference on Towards The E-Society: E-Commerce, E-Business, E-Government
A Prototype Secure Workflow Server

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A Language for Modeling Secure Business Transactions

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Dynamic access control through Petri net workflows

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference

Multiobjective decision support for defining secure business processes: a case study

International Journal of Business Intelligence and Data Mining
Automatic information flow analysis of business process models

BPM'12 Proceedings of the 10th international conference on Business Process Management
A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions

Information and Software Technology
Enhanced security in internet voting protocol using blind signature and dynamic ballots

Electronic Commerce Research
The prediction of network efficiency in the smart grid

Electronic Commerce Research
The security service rating design for IT convergence services

Electronic Commerce Research
Securing business processes using security risk-oriented patterns

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

This article introduces POSeM, a method that uses business process descriptions to derive appropriate security safeguards. This is achieved by assigning security levels to the components of a business process such as actors, artefacts, and activities with a specially developed description language. These levels are checked for consistency, and security measures are derived using a configurable rule base that maps security objectives to safeguards. POSeM in practice is illustrated by an application to electronic business, i.e., the publication process of information for a company's web-site. Both the advantages of POSeM and its possible refinements are discussed.