Artículo
Formalization of security patterns as a means to infer security controls in business processes
Autor/es | Varela Vaca, Ángel Jesús
Martínez Gasca, Rafael |
Departamento | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos |
Fecha de publicación | 2015 |
Fecha de depósito | 2022-11-16 |
Publicado en |
|
Resumen | The growing trend towards the automation and externalization of business processes by means of Technology Infrastructure
(TI), such as Business Process Management Systems, has increased the security risks in the organizations. ... The growing trend towards the automation and externalization of business processes by means of Technology Infrastructure (TI), such as Business Process Management Systems, has increased the security risks in the organizations. In the majority of cases, the issue of security is overlooked by default in these systems. Therefore, the early selection and implementation of security controls that mitigate risks is a real and crucial need. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. In addition, security controls are implemented out separately from the organization perspective and involve many stakeholders. This separation makes difficult to ensure the effectiveness of these controls with regard to organizational requirements. In this article, we propose a formalization of security controls based on security pattern templates and feature models. This formalization allows applying feature domain-oriented analysis and constraint programming techniques for the automatic inference, selection and generation of optimal security controls with regard to single and multiple business objectives |
Agencias financiadoras | Junta de Andalucía Ministerio de Educación y Ciencia (MEC). España |
Identificador del proyecto | P08-TIC-04095
TIN2009-13714 |
Cita | Varela Vaca, Á.J. y Martínez Gasca, R. (2015). Formalization of security patterns as a means to infer security controls in business processes. Logic Journal of the IGPL, 23 (1), 57-72. https://doi.org/10.1093/jigpal/jzu042. |
Ficheros | Tamaño | Formato | Ver | Descripción |
---|---|---|---|---|
Formalization of security patterns ... | 738.3Kb | [PDF] | Ver/ | |