Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models

Organizations execute daily activities to meet their objectives. The performance of these activities can be fundamental for achieving a business objective, but they also imply the assumption of certain security risks that might go against a company's security policies. A risk may be de ned as t...

Descripción completa

Detalles Bibliográficos
Autores: Varela Vaca, Ángel Jesús, Parody Núñez, María Luisa, Martínez Gasca, Rafael, Gómez López, María Teresa
Tipo de recurso: artículo
Estado:Versión enviada para evaluación y publicación
Fecha de publicación:2019
País:España
Institución:Universidad de Sevilla (US)
Repositorio:idUS. Depósito de Investigación de la Universidad de Sevilla
OAI Identifier:oai:idus.us.es:11441/97496
Acceso en línea:https://hdl.handle.net/11441/97496
https://doi.org/10.1109/ACCESS.2019.2901408
Access Level:acceso abierto
Palabra clave:Business process management
Business Process Model
Security-risk assessment
Model-based diagnosis
Constraint programming
id ES_d39a9ce141c927d2cde13d4e4dc92c27
oai_identifier_str oai:idus.us.es:11441/97496
network_acronym_str ES
network_name_str España
repository_id_str
spelling Automatic Verification and Diagnosis of Security Risk Assessments in Business Process ModelsVarela Vaca, Ángel JesúsParody Núñez, María LuisaMartínez Gasca, RafaelGómez López, María TeresaBusiness process managementBusiness Process ModelSecurity-risk assessmentModel-based diagnosisConstraint programmingOrganizations execute daily activities to meet their objectives. The performance of these activities can be fundamental for achieving a business objective, but they also imply the assumption of certain security risks that might go against a company's security policies. A risk may be de ned as the effects of uncertainty on the achievement of the goals of a company, some of which can be associated with security aspects (e.g., data corruption or data leakage). The execution of the activities can be choreographed using business processes models, in which the risk of the entire business process model derives from a combination of the single activity risks (executed in an isolated manner). In this paper, a risk assessment method is proposed to enable the analysis and evaluation of a set of activities combined in a business process model to ascertain whether the model conforms to the security-risk objectives. To achieve this objective, we use a business process extension with security-risk information to: 1) de ne an algorithm to verify the level of risk of process models; 2) design an algorithm to diagnose the risk of the activities that fail to conform to the level of risk established in security-risk objectives; and 3) the implementation of a tool that supports the described proposal. In addition, a real case study is presented, and a set of scalability benchmarks of performance analysis is carried out in order to check the usefulness and suitability of automation of the algorithms.Ministerio de Ciencia y Tecnología TIN2015-63502-C3-2-RIEEE Computer SocietyLenguajes y Sistemas InformáticosMinisterio de Ciencia Y Tecnología (MCYT). España2019info:eu-repo/semantics/articleinfo:eu-repo/semantics/submittedVersionapplication/pdfapplication/pdfhttps://hdl.handle.net/11441/97496https://doi.org/10.1109/ACCESS.2019.2901408reponame:idUS. Depósito de Investigación de la Universidad de Sevillainstname:Universidad de Sevilla (US)InglésIEEE Access, 7, 26448-26465.TIN2015-63502-C3-2-Rhttps://ieeexplore.ieee.org/document/8651587info:eu-repo/semantics/openAccessoai:idus.us.es:11441/974962026-06-17T12:51:07Z
dc.title.none.fl_str_mv Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models
title Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models
spellingShingle Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models
Varela Vaca, Ángel Jesús
Business process management
Business Process Model
Security-risk assessment
Model-based diagnosis
Constraint programming
title_short Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models
title_full Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models
title_fullStr Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models
title_full_unstemmed Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models
title_sort Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models
dc.creator.none.fl_str_mv Varela Vaca, Ángel Jesús
Parody Núñez, María Luisa
Martínez Gasca, Rafael
Gómez López, María Teresa
author Varela Vaca, Ángel Jesús
author_facet Varela Vaca, Ángel Jesús
Parody Núñez, María Luisa
Martínez Gasca, Rafael
Gómez López, María Teresa
author_role author
author2 Parody Núñez, María Luisa
Martínez Gasca, Rafael
Gómez López, María Teresa
author2_role author
author
author
dc.contributor.none.fl_str_mv Lenguajes y Sistemas Informáticos
Ministerio de Ciencia Y Tecnología (MCYT). España
dc.subject.none.fl_str_mv Business process management
Business Process Model
Security-risk assessment
Model-based diagnosis
Constraint programming
topic Business process management
Business Process Model
Security-risk assessment
Model-based diagnosis
Constraint programming
description Organizations execute daily activities to meet their objectives. The performance of these activities can be fundamental for achieving a business objective, but they also imply the assumption of certain security risks that might go against a company's security policies. A risk may be de ned as the effects of uncertainty on the achievement of the goals of a company, some of which can be associated with security aspects (e.g., data corruption or data leakage). The execution of the activities can be choreographed using business processes models, in which the risk of the entire business process model derives from a combination of the single activity risks (executed in an isolated manner). In this paper, a risk assessment method is proposed to enable the analysis and evaluation of a set of activities combined in a business process model to ascertain whether the model conforms to the security-risk objectives. To achieve this objective, we use a business process extension with security-risk information to: 1) de ne an algorithm to verify the level of risk of process models; 2) design an algorithm to diagnose the risk of the activities that fail to conform to the level of risk established in security-risk objectives; and 3) the implementation of a tool that supports the described proposal. In addition, a real case study is presented, and a set of scalability benchmarks of performance analysis is carried out in order to check the usefulness and suitability of automation of the algorithms.
publishDate 2019
dc.date.none.fl_str_mv 2019
dc.type.none.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/submittedVersion
format article
status_str submittedVersion
dc.identifier.none.fl_str_mv https://hdl.handle.net/11441/97496
https://doi.org/10.1109/ACCESS.2019.2901408
url https://hdl.handle.net/11441/97496
https://doi.org/10.1109/ACCESS.2019.2901408
dc.language.none.fl_str_mv Inglés
language_invalid_str_mv Inglés
dc.relation.none.fl_str_mv IEEE Access, 7, 26448-26465.
TIN2015-63502-C3-2-R
https://ieeexplore.ieee.org/document/8651587
dc.rights.none.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
application/pdf
dc.publisher.none.fl_str_mv IEEE Computer Society
publisher.none.fl_str_mv IEEE Computer Society
dc.source.none.fl_str_mv reponame:idUS. Depósito de Investigación de la Universidad de Sevilla
instname:Universidad de Sevilla (US)
instname_str Universidad de Sevilla (US)
reponame_str idUS. Depósito de Investigación de la Universidad de Sevilla
collection idUS. Depósito de Investigación de la Universidad de Sevilla
repository.name.fl_str_mv
repository.mail.fl_str_mv
_version_ 1869420474271793152
score 15,301603