Preserving compliance with security requirements in socio-technical systems

被引：0

作者：

Salnitri, Mattia ^{[1
]}

Paja, Elda ^{[1
]}

Giorgini, Paolo ^{[1
]}

机构：

[1] University of Trento, Trento

来源：

Communications in Computer and Information Science | 2014年 / 470卷

关键词：

Business processes; Compliance; Security policies; Security requirements; Socio-technical systems;

D O I：

10.1007/978-3-319-12574-9_5

中图分类号：

学科分类号：

摘要：

Socio-technical systems are an interplay of social (humans and organizations) and technical components interacting with one another to achieve their objectives. Security is a central issue in such complex systems, and it cannot be tackled only through technical mechanisms: the encryption of sensitive data while being transmitted, does not assure that the receiver will not disclose them to unauthorized parties. Therefore, dealing with security in socio-technical systems requires an analysis: (i) from a social and organizational perspective, to elicit the objectives and security requirements of each component; (ii) from a procedural perspective, to define how the actors behave and interact with each other. But, socio-technical systems need to adapt to changes of the external environment, making the need to deal with security a problem that has to be faced during all the systems’ life-cycle. We propose an iterative and incremental process to elicit security requirements and verify the socio-technical system’s compliance with such requirements throughout the systems’ life cycle. © Springer International Publishing Switzerland 2014.

引用

页码：49 / 61

页数：12

共 27 条

[1] (2014)
[2] Anderson R., Security Engineering: A Guide to Building Dependable Distributed Systems, (2008)
[3] Beeri C., Eyal A., Kamenkovich S., Milo T., Querying business processes with BP-QL, Inf. Syst, 33, 6, pp. 477-507, (2008)
[4] Brucker A.D., Hang I., Luckemeyer G., Ruparel R., SecureBPMN: Modeling and enforcing access control requirements in business processes, Proceedings of SACMAT’12, pp. 123-126, (2012)
[5] Cherdantseva Y., Hilton J., A reference model of information assurance and security, Proceedings of ARES ’13, pp. 546-555, (2013)
[6] Crook R., Ince D., Lin L., Nuseibeh B., Security requirements engineering: When anti-requirements hit the fan, Proceedings of RE’02, pp. 203-205, (2002)
[7] Dalpiaz F., Paja E., Giorgini P., Security requirements engineering via commitments, Proceedings of STAST’11, pp. 1-8, (2011)
[8] Deutch D., Milo T., Querying structural and behavioral properties of business processes, DBPL 2007. LNCS,, 4797, pp. 169-185, (2007)
[9] Ghose A.K., Koliadis G., Auditing business process compliance, ICSOC 2007. LNCS, 4749, pp. 169-180, (2007)
[10] Giorgini P., Massacci F., Mylopoulos J., Zannone N., Modeling security requirements through ownership, permission and delegation, Proceedings of RE’05, pp. 167-176, (2005)

← 1 2 3 →