Til hovedinnhold

Threat Representation Methods for Composite Service Process Models

Threat Representation Methods for Composite Service Process Models

Kategori
Vitenskapelig artikkel
Sammendrag
The Business Process Modeling Notation (BPMN) has become a popular standard for expressing high level business processes as well as technical specifications for software systems. However, the specification does not contain native support to express security information, which should not be overlooked in today’s world where every organization is exposed to threats and has assets to protect. Although a substantial amount of work enhancing BPMN 1.x with security related information already exists, the opportunities provided by version 2.0 have not received much attention in the security community so far. This paper gives an overview of security in BPMN and investigates several possibilities of representing threats in BPMN 2.0, in particular for design-time specification and runtime execution of composite services with dynamic behavior. Enriching BPMN with threat information enables a process-centric threat modeling approach that complements risk assessment and attack scenarios. We have included examples showing the use of error events, escalation events and text annotations for process, collaboration, choreography and conversation diagrams.
Språk
Engelsk
Forfatter(e)
Institusjon(er)
  • SINTEF Digital / Software Engineering, Safety and Security
År
Publisert i
International Journal of Secure Software Engineering (IJSSE)
ISSN
1947-3036
Forlag
IGI Global
Årgang
4
Hefte nr.
2