A PATTERN-BASED DEVELOPMENT OF SECURE BUSINESS PROCESSES
Name
Naiad Hossain Khan
Abstract
Every security concerned enterprise selects its own security measures in order to avoid unexpected events and accidents. The main objective of these security measures is to protect the enterprise’s own resources and assets from damage. Most of the time, the accidents or disasters take place in enterprise are similar in nature, and are caused by similar kind of vulnerabilities. However, many security analysts find it difficult to select the right security measure for a particular problem because the previous proven solutions are not properly documented. In this context Security Patterns could be helpful since they present the proven solutions that potentially could be reused in the similar situations.
In this thesis, we develop a set of ten Security Risk-oriented Patterns (SRP) and define the way how they could be used to define security countermeasures within the business process models. In principle, patterns are modelling language-independent. Moreover, to ease their application, we represent them in a graphical form using the Business Process Modelling Notation (BPMN) modelling approach.
We demonstrate the usability of the Security Risk-oriented Patterns (SRP) by applying them on two industrial business models. We present the quantitative analysis of their application. We show that Security Risk-oriented Patterns (SRP) help to determine security risks in business models and suggest rationale for security solutions.
The results of this research could potentially encourage the security analysts to follow pattern-based approach to develop secure business processes, thus, contributing to secure Information Systems (IS).
Graduation Thesis language
English
Graduation Thesis type
Master of Science in Engineering (4+2) Computer Science*
Supervisor(s)
Dr. Raimundas Matulevičius, Naved Ahmed
Defence year
2012