3 research outputs found

    Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security

    Get PDF
    The main contribution of this thesis is Secure*BPMN, a graphical security modelling extension for the de-facto industry standard business process modelling language BPMN 2.0.1. Secure*BPMN enables a cognitively effective representation of security concerns in business process models. It facilitates the engagement of experts with different backgrounds, including non-security and nontechnical experts, in the discussion of security concerns and in security decision-making. The strength and novelty of Secure*BPMN lie in its comprehensive semantics based on a Reference Model of Information Assurance & Security (RMIAS) and in its cognitively effective syntax. The RMIAS, which was developed in this project, is a synthesis of the existing knowledge of the Information Assurance & Security domain. The RMIAS helps to build an agreed-upon understanding of Information Assurance & Security, which experts with different backgrounds require before they may proceed with the discussion of security issues. The development process of the RMIAS, which was made explicit, and the multiphase evaluation carried out confirmed the completeness and accuracy of the RMIAS, and its suitability as a foundation for the semantics of Secure*BPMN. The RMIAS, which has multiple implications for research, education and practice is a secondary contribution of this thesis, and is a contribution to the Information Assurance & Security domain in its own right. The syntax of Secure*BPMN complies with the BPMN extensibility rules and with the scientific principles of cognitively effective notation design. The analytical and empirical evaluations corroborated the ontological completeness, cognitive effectiveness, ease of use and usefulness of Secure*BPMN. It was verified that Secure*BPMN has a potential to be adopted in practice

    Modeling and verification of ATM security policies with SecBPMN

    No full text
    Abstract—High Performance Computing (HPC) techniques are essential in complex systems such as Socio-Technical Sys-tems (STSs), where humans and organizations are elements of the same system along with technical infrastructures and hardware/software components. For example, several HPC ap-proaches have been successfully applied to support and facil-itate distribution or aggregation of computation power among independent and atomic components (e.g., smart meters to solve and/or simulate complex models). However, HPC techniques have to be studied and developed without underestimating the problem of security that, given the interaction-centric nature of STSs, has to be considered not only from the single component perspective but for the system as a whole. In our previous work, we have proposed SecBPMN, a framework to support the design of secure STSs. It is used to model the interaction design and security policies of a STS and it supports their verification through a querying engine. In this paper, we describe how SecBPMN has been successfully used for the study of security in an Air Traffic Management (ATM) system, and we show how it can result also an efficient support when of HPC techniques when applied in complex and heterogeneous environments
    corecore