Designing secure business processes for blockchains with SecBPMN2BC

Collaborative business processes can be seen as smart contracts, as they are oftentimes adopted to express agreements among different organizations. Indeed, they provide mechanisms to formalize the obligations of each involved party. For instance, collaborative business processes can specify when a certain task should be executed, under which conditions a service should be offered to the other participants, and how physical objects and information should be manipulated. In this setting, to prevent misuse of smart contracts and services and information provided, it is paramount to guarantee by design that security requirements are fulfilled. With the rise in popularity of blockchains, several approaches exploiting the trusted smart contract execution environment offered by this technology to enforce collaborative business processes have been proposed. Yet, the complexity of business processes, security requirements, and blockchain applications calls for an engineering approach that guides the design of secure business processes. Such an approach should both take advantage of the possibilities offered by blockchain technology to enforce some security requirements (e.g., non-repudiation), and take into account the limitations blockchain poses for other security requirements (e.g., confidentiality). However, we are not aware of any existing work that aims at addressing such issues following a similar approach. In this article, we propose SecBPMN2BC: a model-driven approach to designing business processes with security requirements that are meant to be deployed on blockchains. SecBPMN2BC consists of: (i) an extension of BPMN 2.0 that allows designing secure smart contracts; (ii) a set of algorithms and their implementation that check incompatible security requirements and help the design of smart contracts; (iii) a workflow that guides the application of the method. The method has been validated with a survey conducted on security and BPMN experts

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

Requirements are inherently prone to conflicts. Security, data-minimization, and fairness requirements are no exception. Importantly, undetected conflicts between such requirements can lead to severe effects, including privacy infringement and legal sanctions. Detecting conflicts between security, data-minimization, and fairness requirements is a challenging task, as such conflicts are context-specific and their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution of a task that writes data into a secure data storage, where the identity of the writer is needed for the purpose of accountability. Moreover, conflicts not arise from trade-offs between requirements elicited from the stakeholders, but also from misinterpretation of elicited requirements while implementing them in business processes, leading to a non-alignment between the data subjects’ requirements and their specifications. Both types of conflicts are substantial challenges for conflict detection. To address these challenges, we propose a BPMN-based framework that supports: (i) the design of business processes considering security, data-minimization and fairness requirements, (ii) the encoding of such requirements as reusable, domain-specific patterns, (iii) the checking of alignment between the encoded requirements and annotated BPMN models based on these patterns, and (iv) the detection of conflicts between the specified requirements in the BPMN models based on a catalog of domain-independent anti-patterns. The security requirements were reused from SecBPMN2, a security-oriented BPMN 2.0 extension, while the fairness and data-minimization parts are new. For formulating our patterns and anti-patterns, we extended a graphical query language called SecBPMN2-Q. We report on the feasibility and the usability of our approach based on a case study featuring a healthcare management system, and an experimental user study. \ua9 2020, The Author(s)

Goal-oriented requirements engineering: an extended systematic mapping study.

Over the last two decades, much attention has been paid to the area of goal-oriented requirements engineering (GORE), where goals are used as a useful conceptualization to elicit, model, and analyze requirements, capturing alternatives and conflicts. Goal modeling has been adapted and applied to many sub-topics within requirements engineering (RE) and beyond, such as agent orientation, aspect orientation, business intelligence, model-driven development, and security. Despite extensive efforts in this field, the RE community lacks a recent, general systematic literature review of the area. In this work, we present a systematic mapping study, covering the 246 top-cited GORE-related conference and journal papers, according to Scopus. Our literature map addresses several research questions: we classify the types of papers (e.g., proposals, formalizations, meta-studies), look at the presence of evaluation, the topics covered (e.g., security, agents, scenarios), frameworks used, venues, citations, author networks, and overall publication numbers. For most questions, we evaluate trends over time. Our findings show a proliferation of papers with new ideas and few citations, with a small number of authors and papers dominating citations; however, there is a slight rise in papers which build upon past work (implementations, integrations, and extensions). We see a rise in papers concerning adaptation/variability/evolution and a slight rise in case studies. Overall, interest in GORE has increased. We use our analysis results to make recommendations concerning future GORE research and make our data publicly available

Secure Business Process Engineering: a socio-technical approach

Dealing with security is a central activity for todays organizations. Security breaches impact on the activities executed in organizations, preventing them to execute their business processes and, therefore, causing millions of dollars of losses. Security by design principles underline the importance of considering security as early as during the design of organizations to avoid expensive fixes during later phases of their lifecycle. However, the design of secure business processes cannot take into account only security aspects on the sequences of activities. Security reports in the last years demonstrate that security breaches are more and more caused by attacks that take advantage of social vulnerabilities. Therefore, those aspects should be analyzed in order to design a business process robust to technical and social attacks. Still, the mere design of business processes does not guarantee that their correct execution, such business processes have to be correctly implemented and performed. We propose SEcure Business process Engineering (SEBE), a method that considers social and organizational aspects for designing and implementing secure business processes. SEBE provides an iterative and incremental process and a set of verification of transformation rules, supported by a software tool, that integrate different modeling languages used to specify social security aspects, business processes and the implementation code. In particular, SEBE provides a new modeling language which permits to specify business processes with security concepts and complex security constraints. We evaluated the effectiveness of SEBE for engineering secure business processes with two empirical evaluations and applications of the method to three real scenarios

Modeling and verification of ATM security policies with SecBPMN

Abstract—High Performance Computing (HPC) techniques are essential in complex systems such as Socio-Technical Sys-tems (STSs), where humans and organizations are elements of the same system along with technical infrastructures and hardware/software components. For example, several HPC ap-proaches have been successfully applied to support and facil-itate distribution or aggregation of computation power among independent and atomic components (e.g., smart meters to solve and/or simulate complex models). However, HPC techniques have to be studied and developed without underestimating the problem of security that, given the interaction-centric nature of STSs, has to be considered not only from the single component perspective but for the system as a whole. In our previous work, we have proposed SecBPMN, a framework to support the design of secure STSs. It is used to model the interaction design and security policies of a STS and it supports their verification through a querying engine. In this paper, we describe how SecBPMN has been successfully used for the study of security in an Air Traffic Management (ATM) system, and we show how it can result also an efficient support when of HPC techniques when applied in complex and heterogeneous environments

Fog Computing and Data as a Service: A Goal-Based Modeling Approach to Enable Effective Data Movements

Data as a Service (DaaS) organizes the data manage- ment life-cycle around the Service Oriented Computing principles. Data providers are supposed to take care not only of performing the life-cycle phases, but also of the data movements from where data are generated, to where they are stored, and, finally, consumed. Data movements become more frequent especially in Fog environments, i.e., where data are gen- erated by devices at the edge of the network (e.g., sensors), processed on the cloud, and consumed at the customer premises. This paper proposes a goal-based modeling approach for enabling effective data movements in Fog environments. The model considers the requirements of several customers to move data at the right time and in the right place, taking into account the heterogeneity of the resources involved in the data management

Designing secure business processes with SecBPMN

Modern information systems are increasingly large and consist of an interplay of technical components and social actors (humans and organizations). Such interplay threatens the security of the overall system and calls for verification techniques that enable determining compliance with security policies. Existing verification frameworks either have a limited expressiveness that inhibits the specification of real-world requirements or rely on formal languages that are difficult to use for most analysts. In this paper, we overcome the limitations of existing approaches by presenting the SecBPMN framework. Our proposal includes: (1) the SecBPMN-ml modeling language, a security-oriented extension of BPMN for specifying composite information systems; (2) the SecBPMN-Q query language for representing security policies; and (3) a query engine that enables checking SecBPMN-Q policies against SecBPMN-ml specifications. We evaluate our approach by studying its understandability and perceived complexity with experts, running scalability analysis of the query engine, and through an application to a large case study concerning air traffic management

Towards Assessing Data Bias in Clinical Trials

Algorithms and technologies are essential tools that pervade all aspects of our daily lives. In the last decades, health care research ben- efited from new computer-based recruiting methods, the use of federated architectures for data storage, the introduction of innovative analyses of datasets, and so on. Nevertheless, health care datasets can still be af- fected by data bias. Due to data bias, they provide a distorted view of reality, leading to wrong analysis results and, consequently, decisions. For example, in a clinical trial that studied the risk of cardiovascular diseases, predictions were wrong due to the lack of data on ethnic minorities. It is, therefore, of paramount importance for researchers to acknowledge data bias that may be present in the datasets they use, eventually adopt techniques to mitigate them and control if and how analyses results are impacted. This paper proposes a method to address bias in datasets that: (i) de- fines the types of data bias that may be present in the dataset, (ii) characterizes and quantifies data bias with adequate metrics, (iii) pro- vides guidelines to identify, measure, and mitigate data bias for different data sources. The method we propose is applicable both for prospective and retrospective clinical trials. We evaluate our proposal both through theoretical considerations and through interviews with researchers in the health care environment