Til hovedinnhold

Representing Threats in BPMN 2.0

Representing Threats in BPMN 2.0

Kategori
Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
Sammendrag
The Business Process Modeling Notation (BPMN) has become a broadly accepted standard for process modeling, but is mostly being used to express the normal execution flow of business processes. In some situations there is also a need to express threats and unwanted incidents on that same abstraction level, for example to show how deviations from normal process flow should be handled. Enriching BPMN with threat information enables a process-centric threat modeling approach that complements risk assessment and attack scenarios. Though there has been a substantial amount of work enhancing BPMN 1.x with security related information, the opportunities provided by version 2.0 have not received a lot of attention in the security community. This paper shows several options and the benefit of representing threats in BPMN 2.0 for design-time specification and runtime execution of composite services with dynamic behavior. Our goal is to avoid downtime and preserve the overall security and trustworthiness of the composite service in an ever-changing Internet of Services. We have included examples showing the use of error events, escalation events and text annotations for process, collaboration, choreography and conversion diagrams.
Språk
Engelsk
Forfatter(e)
Institusjon(er)
  • SINTEF Digital / Software Engineering, Safety and Security
År
Forlag
IEEE conference proceedings
Bok
2012 Seventh International Conference on Availability, Reliability and Security (ARES), Prague, 20-24 August, 2012
ISBN
978-1-4673-2244-7
Side(r)
542 - 550