Security and Safety of Assets in Business Processes

By Ganna Monakova, Achim D. Brucker, and Andreas Schaad.

Business processes and service compositions are defined independent of the realizing systems. The visualization of security and safety constraints on the business process model level appears to be a promising approach to system independent specification of the security and safety requirements. Such requirements can be realized through business process annotation and used for communication or documentation, but they also can have an execution semantics that allows for automating the security and safety controls. In this paper, we present a tool-supported framework that extends modeling and execution of business processes with specification, execution and monitoring of the security and safety constraints that are used to protect business assets. We illustrate our approach on basis of a case study modeling a supply chain for perishable goods.

Keywords:
BPMN, Monitoring, Resource Modeling, Safety, Security

Please cite this work as follows:
G. Monakova, A. D. Brucker, and A. Schaad, “Security and safety of assets in business processes,” in ACM symposium on applied computing (SAC), 2012, pp. 1667–1673. doi: 10.1145/2245276.2232045. Author copy: https://logicalhacking.com/publications/monakova.ea-securing-2012/

BibTeX
@InProceedings{ monakova.ea:securing:2012,
  author       = {Ganna Monakova and Achim D. Brucker and Andreas Schaad},
  title        = {Security and Safety of Assets in Business Processes},
  booktitle    = {ACM Symposium on Applied Computing (SAC)},
  year         = {2012},
  areas        = {software, security,bpm},
  publisher    = {ACM Press },
  address      = {New York, NY, USA },
  pages        = {1667--1673},
  doi          = {10.1145/2245276.2232045},
  isbn         = {978-1-4503-0857-1},
  location     = {Trento, Italy},
  copyright    = {ACM},
  keywords     = {BPMN, Monitoring, Resource Modeling, Safety, Security},
  copyrighturl = {https://dl.acm.org/authorize?},
  abstract     = {Business processes and service compositions are defined
                  independent of the realizing systems. The visualization of
                  security and safety constraints on the business process model
                  level appears to be a promising approach to system independent
                  specification of the security and safety requirements. Such
                  requirements can be realized through business process
                  annotation and used for communication or documentation, but
                  they also can have an execution semantics that allows for
                  automating the security and safety controls. In this paper, we
                  present a tool-supported framework that extends modeling and
                  execution of business processes with specification, execution
                  and monitoring of the security and safety constraints that are
                  used to protect business assets. We illustrate our approach on
                  basis of a case study modeling a supply chain for perishable
                  goods.},
  note         = {Author copy: \url{https://logicalhacking.com/publications/monakova.ea-securing-2012/}},
  pdf          = {https://logicalhacking.com/publications/monakova.ea-securing-2012/monakova.ea-securing-2012.pdf},
}