Resumen:
Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models

Fecha

2019-09-02

Editor

Sistedes

Publicado en

Actas de las XV Jornadas de Ingeniería de Ciencia e Ingeniería de Servicios (JCIS 2019)

Licencia

CC BY 4.0

Resumen

Organizations execute daily activities to meet their objectives. The performance of these activities can be fundamental for achieving a business objective, but they also imply the assumption of certain security risks that might go against a company's security policies. A risk may be defined as the effects of uncertainty on the achievement of the goals of a company, some of which can be associated with security aspects (e.g., data corruption or data leakage). The execution of the activities can be choreographed using business processes models, in which the risk of the entire business process model derives from a combination of the single activity risks (executed in an isolated manner). In this paper, the problem of automatic security risk management in the current BPMS is addresses. First, a formalization of the risk elements according to process models is included. These elements are supported as a BPMN 2.0 extension of risk information that is analyzed to determine nonconformance regarding risk goals. In addition, a diagnosis of the risk associated with the activity responsible for the nonconformance is also carried out. To this end, the proposal applies mechanisms based on the model-based diagnosis in which activities are in nonconformance with regard to the acceptable level of risk. The automation of diagnosis is carried out using artificial intelligence techniques based on constraint programming. The proposal is supported by the implementation of a plug-in that enables the graphical specification of the extension and the automation of the verification and diagnosis process. To the best of our knowledge, this is the first published work that addresses the risk-aware design of business processes with automatic techniques.

Descripción

Acerca de Varela Vaca, Ángel Jesús

Palabras clave

Business Process Management, Business Process Model, Constraint Programming, Model-based Diagnosis, Security-Risk Assessment
Página completa del ítem
Notificar un error en este resumen
Mostrar cita
Mostrar cita en BibTeX
Descargar cita en BibTeX