Formalization of security patterns as a means to infer security controls in business processes
The growing trend towards the automation and externalization of business processes by means of Technology Infrastructure (TI), such as Business Process Management Systems, has increased the security risks in the organizations. In the majority of cases, the issue of security is overlooked by default...
| Autores: | , |
|---|---|
| Tipo de recurso: | artículo |
| Estado: | Versión enviada para evaluación y publicación |
| Fecha de publicación: | 2015 |
| País: | España |
| Institución: | Universidad de Sevilla (US) |
| Repositorio: | idUS. Depósito de Investigación de la Universidad de Sevilla |
| OAI Identifier: | oai:idus.us.es:11441/139505 |
| Acceso en línea: | https://hdl.handle.net/11441/139505 https://doi.org/10.1093/jigpal/jzu042 |
| Access Level: | acceso abierto |
| Palabra clave: | Business process Security patterns Feature model Constraint programming Optimization |
| id |
ES_c4d5bb38fc773efcd32e5d35b57ed285 |
|---|---|
| oai_identifier_str |
oai:idus.us.es:11441/139505 |
| network_acronym_str |
ES |
| network_name_str |
España |
| repository_id_str |
|
| spelling |
Formalization of security patterns as a means to infer security controls in business processesVarela Vaca, Ángel JesúsMartínez Gasca, RafaelBusiness processSecurity patternsFeature modelConstraint programmingOptimizationThe growing trend towards the automation and externalization of business processes by means of Technology Infrastructure (TI), such as Business Process Management Systems, has increased the security risks in the organizations. In the majority of cases, the issue of security is overlooked by default in these systems. Therefore, the early selection and implementation of security controls that mitigate risks is a real and crucial need. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. In addition, security controls are implemented out separately from the organization perspective and involve many stakeholders. This separation makes difficult to ensure the effectiveness of these controls with regard to organizational requirements. In this article, we propose a formalization of security controls based on security pattern templates and feature models. This formalization allows applying feature domain-oriented analysis and constraint programming techniques for the automatic inference, selection and generation of optimal security controls with regard to single and multiple business objectivesJunta de Andalucía P08-TIC-04095Ministerio de Educación y Ciencia TIN2009-13714Oxford University PressLenguajes y Sistemas InformáticosTIC-258: Data-centric Computing Research HubJunta de AndalucíaMinisterio de Educación y Ciencia (MEC). España2015info:eu-repo/semantics/articleinfo:eu-repo/semantics/submittedVersionapplication/pdfapplication/pdfhttps://hdl.handle.net/11441/139505https://doi.org/10.1093/jigpal/jzu042reponame:idUS. Depósito de Investigación de la Universidad de Sevillainstname:Universidad de Sevilla (US)InglésLogic Journal of the IGPL, 23 (1), 57-72.P08-TIC-04095TIN2009-13714https://academic.oup.com/jigpal/article/23/1/57/685166info:eu-repo/semantics/openAccessoai:idus.us.es:11441/1395052026-06-17T12:51:07Z |
| dc.title.none.fl_str_mv |
Formalization of security patterns as a means to infer security controls in business processes |
| title |
Formalization of security patterns as a means to infer security controls in business processes |
| spellingShingle |
Formalization of security patterns as a means to infer security controls in business processes Varela Vaca, Ángel Jesús Business process Security patterns Feature model Constraint programming Optimization |
| title_short |
Formalization of security patterns as a means to infer security controls in business processes |
| title_full |
Formalization of security patterns as a means to infer security controls in business processes |
| title_fullStr |
Formalization of security patterns as a means to infer security controls in business processes |
| title_full_unstemmed |
Formalization of security patterns as a means to infer security controls in business processes |
| title_sort |
Formalization of security patterns as a means to infer security controls in business processes |
| dc.creator.none.fl_str_mv |
Varela Vaca, Ángel Jesús Martínez Gasca, Rafael |
| author |
Varela Vaca, Ángel Jesús |
| author_facet |
Varela Vaca, Ángel Jesús Martínez Gasca, Rafael |
| author_role |
author |
| author2 |
Martínez Gasca, Rafael |
| author2_role |
author |
| dc.contributor.none.fl_str_mv |
Lenguajes y Sistemas Informáticos TIC-258: Data-centric Computing Research Hub Junta de Andalucía Ministerio de Educación y Ciencia (MEC). España |
| dc.subject.none.fl_str_mv |
Business process Security patterns Feature model Constraint programming Optimization |
| topic |
Business process Security patterns Feature model Constraint programming Optimization |
| description |
The growing trend towards the automation and externalization of business processes by means of Technology Infrastructure (TI), such as Business Process Management Systems, has increased the security risks in the organizations. In the majority of cases, the issue of security is overlooked by default in these systems. Therefore, the early selection and implementation of security controls that mitigate risks is a real and crucial need. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. In addition, security controls are implemented out separately from the organization perspective and involve many stakeholders. This separation makes difficult to ensure the effectiveness of these controls with regard to organizational requirements. In this article, we propose a formalization of security controls based on security pattern templates and feature models. This formalization allows applying feature domain-oriented analysis and constraint programming techniques for the automatic inference, selection and generation of optimal security controls with regard to single and multiple business objectives |
| publishDate |
2015 |
| dc.date.none.fl_str_mv |
2015 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/submittedVersion |
| format |
article |
| status_str |
submittedVersion |
| dc.identifier.none.fl_str_mv |
https://hdl.handle.net/11441/139505 https://doi.org/10.1093/jigpal/jzu042 |
| url |
https://hdl.handle.net/11441/139505 https://doi.org/10.1093/jigpal/jzu042 |
| dc.language.none.fl_str_mv |
Inglés |
| language_invalid_str_mv |
Inglés |
| dc.relation.none.fl_str_mv |
Logic Journal of the IGPL, 23 (1), 57-72. P08-TIC-04095 TIN2009-13714 https://academic.oup.com/jigpal/article/23/1/57/685166 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf application/pdf |
| dc.publisher.none.fl_str_mv |
Oxford University Press |
| publisher.none.fl_str_mv |
Oxford University Press |
| dc.source.none.fl_str_mv |
reponame:idUS. Depósito de Investigación de la Universidad de Sevilla instname:Universidad de Sevilla (US) |
| instname_str |
Universidad de Sevilla (US) |
| reponame_str |
idUS. Depósito de Investigación de la Universidad de Sevilla |
| collection |
idUS. Depósito de Investigación de la Universidad de Sevilla |
| repository.name.fl_str_mv |
|
| repository.mail.fl_str_mv |
|
| _version_ |
1869418936470077440 |
| score |
15,300724 |