Eliciting Security Requirements for Business Processes of Legacy Systems

The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLETM framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by nontechnical stakeholders in alignment with organisational objectives.

Mots clés

Legacy systems Business process modelling Goal-oriented security requirements Secure Tropos BPMN MARBLE

Domaines

Informatique [cs] Sciences de l'information et de la communication

Liste complète des métadonnées

Format du dépôt	Fichier
Type de dépôt	Communication dans un congrès
Titre	en Eliciting Security Requirements for Business Processes of Legacy Systems
Résumé	en The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLETM framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by nontechnical stakeholders in alignment with organisational objectives.
Auteur(s)	Nikolaos Argyropoulos ¹ , Luis Márquez Alcañiz ² , Haralambos Mouratidis ¹ , Andrew Fish ¹ , David G. Rosado ³ , Ignacio De Guzmán ³ , Eduardo Fernández-Medina ³ 1 University of Brighton ( 209121 ) - Mithras House, Lewes Road - Brighton BN2 4AT - Royaume-Uni 2 CNMC - National Authority for Markets and Competition [Madrid] ( 480058 ) - - Espagne 3 UCLM - Universidad de Castilla-La Mancha = University of Castilla-La Mancha ( 416782 ) - Paseo de la Universidad 4, 13071 Ciudad Real Spain - Espagne
Licence	Paternité
Langue du document	Anglais
Source	Lecture Notes in Business Information Processing
Vulgarisation	Non
Actes	Oui
Comité de lecture	Oui
Invité	Non
Audience	Internationale
Date de publication	2015
Titre de la collection	The Practice of Enterprise Modeling
Volume	LNBIP-235
Page/Identifiant	91-107
Titre du congrès	8th Practice of Enterprise Modelling (P0EM)
Date début congrès	2015-11-10
Date fin congrès	2015-11-12
Ville	Valencia
Pays	Espagne
Commentaire	Part 3: Securing Enterprises
Domaine(s)	Informatique [cs] Sciences de l'Homme et Société/Sciences de l'information et de la communication
Éditeur commercial	Springer
Éditeur scientifique	Jolita Ralyté Sergio España Óscar Pastor
Collaboration/Projet	TC 8 WG 8.1
Mots-clés	en Legacy systems, Business process modelling, Goal-oriented security requirements, Secure Tropos, BPMN, MARBLE
DOI	10.1007/978-3-319-25897-3_7

Fichier principal

978-3-319-25897-3_7_Chapter.pdf ( 861.91 Ko )

Origine : Fichiers produits par l'(les) auteur(s)

Hal Ifip : Connectez-vous pour contacter le contributeur

https://inria.hal.science/hal-01442267

Soumis le : vendredi 20 janvier 2017 à 15:07:36

Dernière modification le : lundi 14 novembre 2022 à 14:36:05

Archivage à long terme le : vendredi 21 avril 2017 à 15:31:41

Dates et versions

hal-01442267, version 1 (20-01-2017)

Licence

Paternité - CC BY 4.0

Identifiants

HAL Id : hal-01442267 , version 1
DOI : 10.1007/978-3-319-25897-3_7

Citer

Nikolaos Argyropoulos, Luis Márquez Alcañiz, Haralambos Mouratidis, Andrew Fish, David G. Rosado, et al.. Eliciting Security Requirements for Business Processes of Legacy Systems. 8th Practice of Enterprise Modelling (P0EM), Nov 2015, Valencia, Spain. pp.91-107, ⟨10.1007/978-3-319-25897-3_7⟩. ⟨hal-01442267⟩

Exporter

BibTeX TEI Dublin Core DC Terms EndNote Datacite

Collections

IFIP IFIP-TC IFIP-LNBIP IFIP-WG IFIP-TC8 IFIP-WG8-1 IFIP-LNBIP-235

96 Consultations

290 Téléchargements

Dernière date de mise à jour le 07/04/2024