Security-by-design is an emerging paradigm that aims to deal with security concerns from the early phases of the system development. Although this paradigm can provide theoretical guarantees that the designed system complies with the defined processes and security policies, in many application domains users are allowed to deviate from them to face unpredictable situations and emergencies. Some deviations can be harmless and, in some cases, necessary to ensure business continuity, whereas other deviations might threat central aspects of the system, such as its security. In this paper, we propose a tool supported method for the identification of security-critical deviations in process executions using compliance checking analysis. We implemented the approach as part of the STS-Tool and evaluated it using a real loan management process of a Dutch financial institute.

(2018). From security-by-design to the identification of security-critical deviations in process executions . Retrieved from https://hdl.handle.net/10446/324066

From security-by-design to the identification of security-critical deviations in process executions

Salnitri, Mattia;
2018-01-01

Abstract

Security-by-design is an emerging paradigm that aims to deal with security concerns from the early phases of the system development. Although this paradigm can provide theoretical guarantees that the designed system complies with the defined processes and security policies, in many application domains users are allowed to deviate from them to face unpredictable situations and emergencies. Some deviations can be harmless and, in some cases, necessary to ensure business continuity, whereas other deviations might threat central aspects of the system, such as its security. In this paper, we propose a tool supported method for the identification of security-critical deviations in process executions using compliance checking analysis. We implemented the approach as part of the STS-Tool and evaluated it using a real loan management process of a Dutch financial institute.
WOS:000545266500019
2-s2.0-85048636334
2018
Inglese
Information Systems in the Big Data Era. CAiSE Forum 2018, Proceedings
978-3-319-92900-2
317
218
234
cartaceo
online
Switzerland
Springer
CAiSE Forum 2018 held as part of the 30th International Conference on Advanced Information Systems Engineering. Tallinn, Estonia, June 11-15, 2018
30
Tallinn (Estonia)
June 11-15, 2018
internazionale
contributo
Settore IINF-05/A - Sistemi di elaborazione delle informazioni
info:eu-repo/semantics/conferenceObject
5
Salnitri, Mattia; Alizadeh, M.; Giovanella, D.; Zannone, N.; Giorgini, P.
1.4 Contributi in atti di convegno - Contributions in conference proceedings::1.4.01 Contributi in atti di convegno - Conference presentations
reserved
Non definito
273
(2018). From security-by-design to the identification of security-critical deviations in process executions . Retrieved from https://hdl.handle.net/10446/324066
File allegato/i alla scheda:
File Dimensione del file Formato  
978-3-319-92901-9_compressed.pdf

Solo gestori di archivio

Versione: publisher's version - versione editoriale
Licenza: Licenza default Aisberg
Dimensione del file 6.35 MB
Formato Adobe PDF
  Visualizza/Apri
6.35 MB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/324066
Citazioni
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 6
social impact