IDEAS home Printed from https://ideas.repec.org/a/spr/ijsaem/v9y2018i3d10.1007_s13198-017-0653-1.html
   My bibliography  Save this article

Enforcing compliance of hierarchical business process with visual security constraints

Author

Listed:
  • Li Duan

    (University of Science and Technology Beijing)

  • Yang Zhang

    (Beijing University of Posts and Telecommunications)

  • Chang-ai Sun

    (University of Science and Technology Beijing)

  • Junliang Chen

    (Beijing University of Posts and Telecommunications)

Abstract

When modelling secure business processes, business analysts firstly specify security constraints and compliance properties that design-time processes should satisfy. Thus, it is a critical task to check whether the process model under security constraints complies with prospective security compliance properties. For some special tasks within a process, they may contain some internal business logics (named as sub-processes) that is a hierarchical process. In security compliance issues of a hierarchical process, security compliance properties are usually represented as complex logic formulas which are not easily understood by business analysts. This paper presents an approach for checking security properties compliance of the hierarchical process. We present the abstract process model and security constraints model respectively via BPMN graphic notation and resource assignments on process behaviours; the expected security compliance properties are modelled by a visual compliance rule graph, which is absorbed easily by a business analyst; model checking technology is applied to verify the security of the hierarchical process model.

Suggested Citation

  • Li Duan & Yang Zhang & Chang-ai Sun & Junliang Chen, 2018. "Enforcing compliance of hierarchical business process with visual security constraints," International Journal of System Assurance Engineering and Management, Springer;The Society for Reliability, Engineering Quality and Operations Management (SREQOM),India, and Division of Operation and Maintenance, Lulea University of Technology, Sweden, vol. 9(3), pages 703-715, June.
  • Handle: RePEc:spr:ijsaem:v:9:y:2018:i:3:d:10.1007_s13198-017-0653-1
    DOI: 10.1007/s13198-017-0653-1
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s13198-017-0653-1
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.

    File URL: https://libkey.io/10.1007/s13198-017-0653-1?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Mincong Tang & Meng’gang Li & Tao Zhang, 2016. "The impacts of organizational culture on information security culture: a case study," Information Technology and Management, Springer, vol. 17(2), pages 179-186, June.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Bo Shen & Youwei Ke, 2017. "Causes analysis and risk control of firm knowledge loss," International Journal of System Assurance Engineering and Management, Springer;The Society for Reliability, Engineering Quality and Operations Management (SREQOM),India, and Division of Operation and Maintenance, Lulea University of Technology, Sweden, vol. 8(3), pages 2001-2008, November.
    2. Lukas Kralik & Roman Senkerik & Roman Jasek, 2016. "Model for comprehensive approach to security management," International Journal of System Assurance Engineering and Management, Springer;The Society for Reliability, Engineering Quality and Operations Management (SREQOM),India, and Division of Operation and Maintenance, Lulea University of Technology, Sweden, vol. 7(2), pages 129-137, June.
    3. Ghafoori, Arman & Gupta, Manjul & Merhi, Mohammad I. & Gupta, Samrat & Shore, Adam P., 2024. "Toward the role of organizational culture in data-driven digital transformation," International Journal of Production Economics, Elsevier, vol. 271(C).
    4. Lara Khansa & Reza Barkhi & Soumya Ray & Zachary Davis, 2018. "Cyberloafing in the workplace: mitigation tactics and their impact on individuals’ behavior," Information Technology and Management, Springer, vol. 19(4), pages 197-215, December.
    5. Berlilana & Tim Noparumpa & Athapol Ruangkanjanases & Taqwa Hariguna & Sarmini, 2021. "Organization Benefit as an Outcome of Organizational Security Adoption: The Role of Cyber Security Readiness and Technology Readiness," Sustainability, MDPI, vol. 13(24), pages 1-20, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:ijsaem:v:9:y:2018:i:3:d:10.1007_s13198-017-0653-1. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.