dc.creator | Varela Vaca, Ángel Jesús | es |
dc.creator | Parody Núñez, María Luisa | es |
dc.creator | Martínez Gasca, Rafael | es |
dc.creator | Gómez López, María Teresa | es |
dc.date.accessioned | 2020-06-06T15:43:26Z | |
dc.date.available | 2020-06-06T15:43:26Z | |
dc.date.issued | 2019 | |
dc.identifier.citation | Varela Vaca, Á.J., Parody Núñez, M.L., Martínez Gasca, R. y Gómez López, M.T. (2019). Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models. IEEE Access, 7, 26448-26465. | |
dc.identifier.issn | 2169-3536 | es |
dc.identifier.uri | https://hdl.handle.net/11441/97496 | |
dc.description.abstract | Organizations execute daily activities to meet their objectives. The performance of these
activities can be fundamental for achieving a business objective, but they also imply the assumption of certain
security risks that might go against a company's security policies. A risk may be de ned as the effects of
uncertainty on the achievement of the goals of a company, some of which can be associated with security
aspects (e.g., data corruption or data leakage). The execution of the activities can be choreographed using
business processes models, in which the risk of the entire business process model derives from a combination
of the single activity risks (executed in an isolated manner). In this paper, a risk assessment method is
proposed to enable the analysis and evaluation of a set of activities combined in a business process model
to ascertain whether the model conforms to the security-risk objectives. To achieve this objective, we use a
business process extension with security-risk information to: 1) de ne an algorithm to verify the level of risk
of process models; 2) design an algorithm to diagnose the risk of the activities that fail to conform to the level
of risk established in security-risk objectives; and 3) the implementation of a tool that supports the described
proposal. In addition, a real case study is presented, and a set of scalability benchmarks of performance
analysis is carried out in order to check the usefulness and suitability of automation of the algorithms. | es |
dc.description.sponsorship | Ministerio de Ciencia y Tecnología TIN2015-63502-C3-2-R | es |
dc.format | application/pdf | es |
dc.format.extent | 18 | es |
dc.language.iso | eng | es |
dc.publisher | IEEE Computer Society | es |
dc.relation.ispartof | IEEE Access, 7, 26448-26465. | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
dc.subject | Business process management | es |
dc.subject | Business Process Model | es |
dc.subject | Security-risk assessment | es |
dc.subject | Model-based diagnosis | es |
dc.subject | Constraint programming | es |
dc.title | Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models | es |
dc.type | info:eu-repo/semantics/article | es |
dcterms.identifier | https://ror.org/03yxnpp24 | |
dc.type.version | info:eu-repo/semantics/submittedVersion | es |
dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos | es |
dc.relation.projectID | TIN2015-63502-C3-2-R | es |
dc.relation.publisherversion | https://ieeexplore.ieee.org/document/8651587 | es |
dc.identifier.doi | 10.1109/ACCESS.2019.2901408 | es |
dc.journaltitle | IEEE Access | es |
dc.publication.volumen | 7 | es |
dc.publication.initialPage | 26448 | es |
dc.publication.endPage | 26465 | es |
dc.contributor.funder | Ministerio de Ciencia Y Tecnología (MCYT). España | es |