Cristin-resultat-ID: 1077112
Sist endret: 17. desember 2013, 07:56
NVI-rapporteringsår: 2013
Resultat
Vitenskapelig artikkel
2013

Threat Representation Methods for Composite Service Process Models

Bidragsytere:
  • Per Håkon Meland og
  • Erlend Andreas Gjære

Tidsskrift

International Journal of Secure Software Engineering (IJSSE)
ISSN 1947-3036
e-ISSN 1947-3044
NVI-nivå 1

Om resultatet

Vitenskapelig artikkel
Publiseringsår: 2013
Publisert online: 2013
Trykket: 2013
Volum: 4
Hefte: 2

Beskrivelse Beskrivelse

Tittel

Threat Representation Methods for Composite Service Process Models

Sammendrag

The Business Process Modeling Notation (BPMN) has become a popular standard for expressing high level business processes as well as technical specifications for software systems. However, the specification does not contain native support to express security information, which should not be overlooked in today’s world where every organization is exposed to threats and has assets to protect. Although a substantial amount of work enhancing BPMN 1.x with security related information already exists, the opportunities provided by version 2.0 have not received much attention in the security community so far. This paper gives an overview of security in BPMN and investigates several possibilities of representing threats in BPMN 2.0, in particular for design-time specification and runtime execution of composite services with dynamic behavior. Enriching BPMN with threat information enables a process-centric threat modeling approach that complements risk assessment and attack scenarios. We have included examples showing the use of error events, escalation events and text annotations for process, collaboration, choreography and conversation diagrams.

Bidragsytere

Per Håkon Meland

  • Tilknyttet:
    Forfatter
    ved Software Engineering, Safety and Security ved SINTEF AS

Erlend Andreas Gjære

  • Tilknyttet:
    Forfatter
    ved Software Engineering, Safety and Security ved SINTEF AS
1 - 2 av 2