Formalization of security patterns as a means to infer security controls in business processes

The growing trend towards the automation and externalization of business processes by means of Technology Infrastructure (TI), such as Business Process Management Systems, has increased the security risks in the organizations. In the majority of cases, the issue of security is overlooked by default...

Descripción completa

Detalles Bibliográficos
Autores: Varela Vaca, Ángel Jesús, Martínez Gasca, Rafael
Tipo de recurso: artículo
Estado:Versión enviada para evaluación y publicación
Fecha de publicación:2015
País:España
Institución:Universidad de Sevilla (US)
Repositorio:idUS. Depósito de Investigación de la Universidad de Sevilla
OAI Identifier:oai:idus.us.es:11441/139505
Acceso en línea:https://hdl.handle.net/11441/139505
https://doi.org/10.1093/jigpal/jzu042
Access Level:acceso abierto
Palabra clave:Business process
Security patterns
Feature model
Constraint programming
Optimization
id ES_c4d5bb38fc773efcd32e5d35b57ed285
oai_identifier_str oai:idus.us.es:11441/139505
network_acronym_str ES
network_name_str España
repository_id_str
spelling Formalization of security patterns as a means to infer security controls in business processesVarela Vaca, Ángel JesúsMartínez Gasca, RafaelBusiness processSecurity patternsFeature modelConstraint programmingOptimizationThe growing trend towards the automation and externalization of business processes by means of Technology Infrastructure (TI), such as Business Process Management Systems, has increased the security risks in the organizations. In the majority of cases, the issue of security is overlooked by default in these systems. Therefore, the early selection and implementation of security controls that mitigate risks is a real and crucial need. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. In addition, security controls are implemented out separately from the organization perspective and involve many stakeholders. This separation makes difficult to ensure the effectiveness of these controls with regard to organizational requirements. In this article, we propose a formalization of security controls based on security pattern templates and feature models. This formalization allows applying feature domain-oriented analysis and constraint programming techniques for the automatic inference, selection and generation of optimal security controls with regard to single and multiple business objectivesJunta de Andalucía P08-TIC-04095Ministerio de Educación y Ciencia TIN2009-13714Oxford University PressLenguajes y Sistemas InformáticosTIC-258: Data-centric Computing Research HubJunta de AndalucíaMinisterio de Educación y Ciencia (MEC). España2015info:eu-repo/semantics/articleinfo:eu-repo/semantics/submittedVersionapplication/pdfapplication/pdfhttps://hdl.handle.net/11441/139505https://doi.org/10.1093/jigpal/jzu042reponame:idUS. Depósito de Investigación de la Universidad de Sevillainstname:Universidad de Sevilla (US)InglésLogic Journal of the IGPL, 23 (1), 57-72.P08-TIC-04095TIN2009-13714https://academic.oup.com/jigpal/article/23/1/57/685166info:eu-repo/semantics/openAccessoai:idus.us.es:11441/1395052026-06-17T12:51:07Z
dc.title.none.fl_str_mv Formalization of security patterns as a means to infer security controls in business processes
title Formalization of security patterns as a means to infer security controls in business processes
spellingShingle Formalization of security patterns as a means to infer security controls in business processes
Varela Vaca, Ángel Jesús
Business process
Security patterns
Feature model
Constraint programming
Optimization
title_short Formalization of security patterns as a means to infer security controls in business processes
title_full Formalization of security patterns as a means to infer security controls in business processes
title_fullStr Formalization of security patterns as a means to infer security controls in business processes
title_full_unstemmed Formalization of security patterns as a means to infer security controls in business processes
title_sort Formalization of security patterns as a means to infer security controls in business processes
dc.creator.none.fl_str_mv Varela Vaca, Ángel Jesús
Martínez Gasca, Rafael
author Varela Vaca, Ángel Jesús
author_facet Varela Vaca, Ángel Jesús
Martínez Gasca, Rafael
author_role author
author2 Martínez Gasca, Rafael
author2_role author
dc.contributor.none.fl_str_mv Lenguajes y Sistemas Informáticos
TIC-258: Data-centric Computing Research Hub
Junta de Andalucía
Ministerio de Educación y Ciencia (MEC). España
dc.subject.none.fl_str_mv Business process
Security patterns
Feature model
Constraint programming
Optimization
topic Business process
Security patterns
Feature model
Constraint programming
Optimization
description The growing trend towards the automation and externalization of business processes by means of Technology Infrastructure (TI), such as Business Process Management Systems, has increased the security risks in the organizations. In the majority of cases, the issue of security is overlooked by default in these systems. Therefore, the early selection and implementation of security controls that mitigate risks is a real and crucial need. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. In addition, security controls are implemented out separately from the organization perspective and involve many stakeholders. This separation makes difficult to ensure the effectiveness of these controls with regard to organizational requirements. In this article, we propose a formalization of security controls based on security pattern templates and feature models. This formalization allows applying feature domain-oriented analysis and constraint programming techniques for the automatic inference, selection and generation of optimal security controls with regard to single and multiple business objectives
publishDate 2015
dc.date.none.fl_str_mv 2015
dc.type.none.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/submittedVersion
format article
status_str submittedVersion
dc.identifier.none.fl_str_mv https://hdl.handle.net/11441/139505
https://doi.org/10.1093/jigpal/jzu042
url https://hdl.handle.net/11441/139505
https://doi.org/10.1093/jigpal/jzu042
dc.language.none.fl_str_mv Inglés
language_invalid_str_mv Inglés
dc.relation.none.fl_str_mv Logic Journal of the IGPL, 23 (1), 57-72.
P08-TIC-04095
TIN2009-13714
https://academic.oup.com/jigpal/article/23/1/57/685166
dc.rights.none.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
application/pdf
dc.publisher.none.fl_str_mv Oxford University Press
publisher.none.fl_str_mv Oxford University Press
dc.source.none.fl_str_mv reponame:idUS. Depósito de Investigación de la Universidad de Sevilla
instname:Universidad de Sevilla (US)
instname_str Universidad de Sevilla (US)
reponame_str idUS. Depósito de Investigación de la Universidad de Sevilla
collection idUS. Depósito de Investigación de la Universidad de Sevilla
repository.name.fl_str_mv
repository.mail.fl_str_mv
_version_ 1869418936470077440
score 15,300724