Designing Secure Business Processes Through Secure Activity Resource Coordination (SARC)
نویسندگان
چکیده
Business processes enable organizations to achieve business goals. Organizations require that their business processes exchange information in a secure environment. Access control mechanisms must be incorporated into the analysis, modeling, and design of business processes to prevent unauthorized access to information resources, to provide non-repudiation mechanisms, and to allow for segregation of duties. Existing methods in the design of secure information systems lack a conceptualization of secure business process. We develop the modeling concepts and modeling grammar that are used by the Secure Activity Resource Coordination (SARC) artifact to represent a secure business process. SARC can be used by business analysts to analyze and model secure business process. Using a real-world business process, we show how SARC can be used to create models that depict the secure activity resource coordination for secure business processes. We plan to empirically evaluate the SARC artifact against the enhanced Use Case and standard UML activity diagram.
منابع مشابه
Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes
Systems development methodologies incorporate security requirements as an afterthought in the non-functional requirements of systems. The lack of appropriate access control on information exchange among business activities can leave organizations vulnerable to information assurance threats. The gap between systems development and systems security leads to software development efforts that lack ...
متن کاملAutomatic Support for Verification of Secure Transactions in Distributed Environment using Symbolic Model Checking
Symbolic model checking has been used to formally verify specifications of secure transactions in a system for business-to-business applications. The fundamental principles behind symbolic model checking are presented along with techniques used to model mutual exclusion of processes and atomic transactions. The computational resources required to check the example process are presented, and the...
متن کاملTowards Definition of Secure Business Processes
Business process modelling is one of the major aspects in the modern system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Although BPMN is a good approach to understand business processes, there is a limited work to understand how it could deal with business security and security risk management. This is a problem, sin...
متن کاملSecurity for Enterprise Resource Planning Systems
ABSTRACT Enterprise Resource Planning (ERP) is the technology that provides the unified business function to the organization by integrating the core processes. ERP now is experiencing the transformation that will make it highly integrated, more intelligent, more collaborative, web-enabled, and even wireless. The ERP system is becoming the system with high vulnerability and high confidentiality...
متن کاملA Secure XML/Java-Based Implementation of Auction Services for Complex Resource Allocation Problems
This paper describes a novel resource allocation service that can be used in cooperations of enterprises to comprehensively and efficiently coordinate resource-related goals and activities. It can also be used to establish “classic” markets for interdependent goods or services. The approach is based on bundled-goods auctions and allows to achieve a high degree of analysability, economic efficie...
متن کامل