Eliciting Security Requirements for Business Processes of Legacy Systems

被引：6

作者：

Argyropoulos, Nikolaos ^{[1
]}

Marquez Alcaniz, Luis ^{[2
]}

Mouratidis, Haralambos ^{[1
]}

Fish, Andrew ^{[1
]}

Rosado, David G. ^{[3
]}

Garcia-Rodriguez de Guzman, Ignacio ^{[3
]}

Fernandez-Medina, Eduardo ^{[3
]}

机构：

[1] Univ Brighton, Watts Bldg,Lewes Rd, Brighton BN2 4GJ, E Sussex, England

[2] Spanish Natl Author Markets & Competit CNMC, Madrid, Spain

[3] Univ Castilla La Mancha, E-13071 Ciudad Real, Spain

来源：

PRACTICE OF ENTERPRISE MODELING, POEM 2015 | 2015年 / 235卷

关键词：

Legacy systems; Business process modelling; Goal-oriented security requirements; Secure Tropos; BPMN; MARBLE; INFORMATION-SYSTEMS; MANAGEMENT; DESIGN; MODELS;

D O I：

10.1007/978-3-319-25897-3_7

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE TM framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by nontechnical stakeholders in alignment with organisational objectives.

引用

页码：91 / 107

页数：17

共 50 条

[11] Dynamic Security Rules for Legacy Systems
Al-Ali, Rima
Hnetynka, Petr
Havlik, Jiri
Krivka, Vlastimil
Heinrich, Robert
Seifermann, Stephan
Walter, Maximilian
Juan-Verdejo, Adrian
13TH EUROPEAN CONFERENCE ON SOFTWARE ARCHITECTURE (ECSA 2019), VOL 2, 2019, : 277 - 284
[12] Explaining the Business-Technological Age of Legacy Information Systems
Rosenkranz, Sebastian
Staegemann, Daniel
Volk, Matthias
Turowski, Klaus
IEEE ACCESS, 2024, 12 : 84579 - 84611
[13] A process model for eliciting requirements of socio-technical systems
Sarnikar, Surendra
El-Gayar, Omar
Wahbeh, Abdullah
AMCIS 2014 PROCEEDINGS, 2014,
[14] Towards functional safety and security for adaptive and flexible business processes
Geist, Verena
Natschlaeger, Christine
Illibauer, Christa
Schewe, Klaus-Dieter
JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS, 2018, 30 (05)
[15] Analyzing Security Requirements in Timed Workflow Processes
Du, Yanhua
Wang, Yang
Yang, Benyuan
Hu, Hesuan
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (01) : 190 - 207
[16] Deriving business processes with service level agreements from early requirements
Frankova, Ganna
Seguran, Magali
Gilcher, Florian
Trabelsi, Slim
Doerflinger, Joerg
Aiello, Marco
JOURNAL OF SYSTEMS AND SOFTWARE, 2011, 84 (08) : 1351 - 1363
[17] Assessing Security Risk and Requirements for Systems of Systems
Ki-Aries, Duncan
2018 IEEE 26TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE 2018), 2018, : 454 - 459
[18] A Practical Application of Total Systems Intervention and Critical Systems Heuristics: Towards Improvement of Business Intelligence Business Requirements
Venter, Carin
PROCEEDINGS OF THE 17TH EUROPEAN CONFERENCE ON RESEARCH METHODOLOGY FOR BUSINESS AND MANAGEMENT STUDIES (ECRM 2018), 2018, : 405 - 413
[19] Business to System Requirements Agile Mapping
Pankowska, Malgorzata
ICE-B: PROCEEDINGS OF THE 17TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS, VOL 3: ICE-B, 2020, : 37 - 48
[20] Alignment of business processes and requirements through model integration
Bouzidi, Aljia
Haddar, Nahla
Ben Abdallah, Mounira
Haddar, Kais
2018 IEEE/ACS 15TH INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS (AICCSA), 2018,

← 1 2 3 4 5 →