Skip to main content
SpringerLink
Log in
Book cover

International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions pp 13–23Cite as

A Security Pattern-Driven Approach toward the Automation of Risk Treatment in Business Processes

  • Conference paper

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 189))

Abstract

Risk management has become an essential mechanism for business and security analysts, since it enable the identification, evaluation and treatment of any threats, vulnerabilities, and risks to which organizations maybe be exposed. In this paper, we discuss the need to provide a standard representation of security countermeasures in order to automate the selection of countermeasures for business processes. The main contribution lies in the specification of security pattern as standard representation for countermeasures. Classical security pattern structure is extended to incorporate new features that enable the automatic selection of security patterns. Furthermore, a prototype has been developed which support the specification of security patterns in a graphical way.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. UML Profile for Modeling QoS and Fault Tolerance Characteristics and Mechanisms (2009), http://www.omg.org/spec/QFTP/1.1

  2. Common Weakness Enumeration (2011), http://cwe.mitre.org/index.html

  3. NIST National Vulnerability Database (2011), http://nvd.nist.gov/

  4. OPBUS tools (2012), http://estigia.lsi.us.es/angel/OPBUS/

  5. Corchado, E., Herrero, L.: Neural visualization of network traffic data for intrusion detection. Applied Soft Computing 11(2), 2042–2056 (2011)

    Article  Google Scholar 

  6. Menzel, M., Warschofsky, R., Meinel, C.: A pattern-driven generation of security policies for service-oriented architectures. In: 2010 IEEE International Conference on Web Services (ICWS), pp. 243–250 (July 2010)

    Google Scholar 

  7. Menzel, M.: Model-driven Security in Service-oriented Architectures. Ph.D. thesis. Hasso-Plattner - University of Potsdam (2010)

    Google Scholar 

  8. Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: International Conference on Availability, Reliability and Security (ARES), pp. 41–48. IEEE Computer Society (2009)

    Google Scholar 

  9. Mrutyunjaya, Abraham, A., Das, S., Patra, M.R.: Intelligent Decision Technologies 5(4), 347–356 (2011)

    Google Scholar 

  10. Rosemann, M., zur Muehlen, M.: Integrating risks in business process models. In: 16th Australasian Conference on Information Systems (ACIS 2005), Paper 50, pp. 1–10 (2005)

    Google Scholar 

  11. Schumacher, M. (ed.): Security Engineering with Patterns - Origins, Theoretical Models, and New Applications. LNCS, vol. 2754. Springer, Heidelberg (2003)

    Google Scholar 

  12. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. John Wiley and Sons, Ltd (2006)

    Google Scholar 

  13. Varela-Vaca, A.J., Gasca, R.M.: OPBUS: Fault Tolerance against integrity attacks in business processes. In: 3rd International Conference on Computational Intelligence in Security for Information Systems, CISIS 2010 (2010)

    Google Scholar 

  14. Varela-Vaca, A., Gasca, R., Jimenez-Ramirez, A.: A model-driven engineering approach with diagnosis of non-conformance of security objectives in business process models. In: 2011 Fifth International Conference on Research Challenges in Information Science (RCIS), pp. 1–6 (May 2011)

    Google Scholar 

  15. Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. Journal of Systems Architecture - Embedded Systems Design 55(4), 211–223 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Languages and Systems Department, Quivir Research Group, ETS. Ingeniería Informática, University of Seville, Avd. Reina Mercedes S/N, Seville, Spain

    Angel Jesus Varela-Vaca, Rafael M. Gasca & Sergio Pozo

  2. Hasso-Plattner-Institute, Prof.-Dr.-Helmert Str. 2-3, 14482, Potsdam, Germany

    Robert Warschofsky & Christoph Meinel

Authors
  1. Angel Jesus Varela-Vaca
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert Warschofsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rafael M. Gasca
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sergio Pozo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christoph Meinel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Angel Jesus Varela-Vaca .

Editor information

Editors and Affiliations

  1. , Department of Civil Engineering, University of Burgos, Campus Vena (Edif.C), C/ Francisco de Vitoria, s/n, Burgos, 09006, Spain

    Álvaro Herrero

  2. VŠB-TU Ostrava, 17. listopadu 15, Ostrava, 70833, Czech Republic

    Václav Snášel

  3. MIR Labs, Scientific Network for Innovation, Machine Intelligence Research Labs, Auburn, 98071, USA

    Ajith Abraham

  4. VŠB-TU Ostrava, 17. listopadu 15, Ostrava, 70833, Czech Republic

    Ivan Zelinka

  5. , Department of Civil Engineering, University of Burgos, Campus Vena (Edif.C), C/ Francisco de Vitoria, s/n, Burgos, 09006, Spain

    Bruno Baruque

  6. Universidad de Salamanca, Plaza de la Merced S/N, Salamanca, 37008, Spain

    Héctor Quintián

  7. University of Coruña, Avda. 19 de febrero, s/n, Coruña, 15405 A, Spain

    José Luis Calvo

  8. y León, Pol. Ind. Villalonquéjar, Instituto Tecnológico de Castilla, Lopez Bravo 70, Burgos, 09001, Spain

    Javier Sedano

  9. Universidad de Salamanca, Plaza de la Merced S/N, Salamanca, 37008, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Varela-Vaca, A.J., Warschofsky, R., Gasca, R.M., Pozo, S., Meinel, C. (2013). A Security Pattern-Driven Approach toward the Automation of Risk Treatment in Business Processes. In: Herrero, Á., et al. International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions. Advances in Intelligent Systems and Computing, vol 189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33018-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33018-6_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33017-9

  • Online ISBN: 978-3-642-33018-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation