Abstract
The introduction of information technologies in health care systems often requires to re-engineer the business processes used to deliver care. Obviously, the new and re-engineered processes are observationally different and thus we cannot use existing model-based techniques to argue that they are somehow “equivalent”. In this paper we propose a method for passing from SI*, a modeling language for capturing and modeling functional, security, and trust organizational and system requirements, to business process specifications and vice versa. In particular, starting from an old secure business process, we reconstruct the functional and security requirements at organizational level that such a business process was supposed to meet (including the trust relations that existed among the members of the organization). To ensure that the re-engineered business process meets the elicited requirements, we employ a notion of equivalence based on goal-equivalence. Basically, we verify if the execution of the business process, described in terms of the trace it generates, satisfies the organizational model. We motivate and illustrate the method with an e-health case study.
This work has been partially funded by EU SENSORIA and SERENITY projects, MIUR-FIRB TOCAI project, and PAT MOSTRO project.
Chapter PDF
Similar content being viewed by others
References
Crazzolara, F.: Language, Semantics, and Methods for Security Protocols. Doctoral dissertation, BRICS, daimi. PhD thesis. xii+160 (May 2003)
Javier, F., Fabrega, T., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7, 191–230 (1999)
Hoare, C.A.R.: Communicating Sequential Processes. Commun. ACM 26(1), 100–106 (1983)
Johansson, H.J., McHugh, P., Pendlebury, A.J., Wheeler, W.A.: Business Process Reengineering–Breakpoint Strategies for Market Dominance. John Wiley & Sons, Chichester (1993)
Lowe, G.: Casper: A compiler for the analysis of security protocols. Journal of Computer Security 6(1–2), 53–84 (1998)
Massacci, F., Mylopoulos, J., Zannone, N.: An Ontology for Secure Socio-Technical Systems. In: Handbook of Ontologies for Business Interaction. The IDEA Group (2007)
Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, parts I and II. Journal of Information and Computation 100, 1–77 (1992)
van Glabbeek, R.J.: The linear time-branching time spectrum. In: Proceedings of the Theories of Concurrency: Unification and Extension, pp. 278–297 (1990)
White, S.A.: Business Process Modeling Notation (BPMN) Version 1.0. Business Process Management Initiative, BPMI. org. (May 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
López, H.A., Massacci, F., Zannone, N. (2009). Goal-Equivalent Secure Business Process Re-engineering. In: Di Nitto, E., Ripeanu, M. (eds) Service-Oriented Computing - ICSOC 2007 Workshops. ICSOC 2007. Lecture Notes in Computer Science, vol 4907. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-93851-4_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-93851-4_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-93850-7
Online ISBN: 978-3-540-93851-4
eBook Packages: Computer ScienceComputer Science (R0)