Modelling secure and fair electronic commerce

Röhm, Alexander; Pernul, Günther; Herrmann, Gaby

doi:10.1109/csac.1998.738608

Cited by 12 publications

(11 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A complete description of a business process, however, considers also at least two other perspectives (cf. [51]): At first, the informational perspective represents the information entities, their structure, and relationships between them. At second, the organizational perspective depicts in which place of an enterprise and by which agents activities are performed.…”

Section: Resultsmentioning

confidence: 99%

Security requirement analysis of business processes

Herrmann

2006

Electron Commerce Res

View full text Add to dashboard Cite

Economic globalization leads to complex decentralized company structures calling for the extensive use of distributed IT-systems. The business processes of a company have to reflect these changes of infrastructure. In particular, due to new electronic applications and the inclusion of a higher number of-potentially unknown-persons, the business processes are more vulnerable against malicious attacks than traditional processes. Thus, a business should undergo a security analysis. Here, the vulnerabilities of the business process are recognized, the risks resulting from the vulnerabilities are calculated, and suitable safeguards reducing the vulnerabilities are selected. Unfortunately, a security analysis tends to be complex and affords expensive security expert support. In order to reduce the expense and to enable domain experts with in-depth insight in business processes but with limited knowledge about security to develop secure business processes, we developed the framework MoSS B P facilitating the handling of business process security requirements from their specification to their realization. In particular, MoSS BP provides graphical concepts to specify security requirements, repositories of various mechanisms enforcing the security requirements, and a collection of reference models and case studies enabling the modification of the business processes. In this paper, the MoSS BP -framework is presented. Additionally, we introduce a tool supporting the MoSS B P -related security analysis of business processes and the incorporation of safeguards. This tool is based on object-oriented process models and acts with graph rewrite systems. Finally, we clarify the application of the MoSS B P -framework by means of a business process for tender-handling which is provided by anonymity-preserving safeguards.

show abstract

Section: Resultsmentioning

confidence: 99%

Security requirement analysis of business processes

Herrmann

2006

Electron Commerce Res

View full text Add to dashboard Cite

show abstract

“…In figure 8 we show the life cycle of the BILL-PAYMENT-ORDER in terms of the participating entities and their different states, using a UML state-chart diagram. As Röhm et al (1998) have emphasised in a similar example, the state 'valid' is important securitywise as it represents an object of type bill payment order, which although signed, the certificate of the signatory is expired or is revoked. In this case it becomes clear that as the payment order must be re-signed.…”

Section: Dynamic Viewmentioning

confidence: 99%

“…Additional roles may be needed for key management (figure 9). Using the five views for analysing and modelling the security semantics of business processes as proposed initially by Röhm et al (1998), the preceding sections offer a summarised view of a single process and the security requirements that had to be infused and performed by the 'Billing Mall'. It becomes clear that by modelling and analysing the security semantics of the business transactions it supports, the IS and its security are not treated as separate developments.…”

Section: Structural Viewmentioning

confidence: 99%

“…Röhm et al (1998) suggests that in order for this to be achieved, a business transaction must be viewed from multiple perspectives with each view extended by the security semantics of the information security strategy. In the following section we present an example of analysing the different views of the 'BILL-PAYMENT-ORDER' business process (step 17 in figure 3) and its security requirement 'non-repudiation'.…”

Section: Information Security Strategy Implementationmentioning

confidence: 99%

See 1 more Smart Citation

A Model and Implementation Guidelines for Information Security Strategies in Web Environments

Margaritis¹,

Kolokotronis²,

Papadopoulou³

et al. 2001

Advances in Information Security Management &Amp; Small Systems Security

View full text Add to dashboard Cite

The decentralised nature of web-based information systems demands a careful evaluation of the pantheon of security issues in order to avoid the potential occurrence of business risks that could not be easily mitigated. Understanding that information security is not merely a technical solution implemented at each one of the endpoints of the inter-organizational application, this paper presents an integrated approach based on a rigorous multi-level and multidimensional model. Through synthesis and aiming to contribute towards implementing the most effective security strategy possible, the approach has as a starting point the overall business goals and objectives. Based on those it aids the development of a strategy from the lower levels of securing data in storage and transition to the higher levels of business processes. Its use and applicability is demonstrated over 'Billing Mall' -a system for Electronic Bill Presentment and Payment.Abstract:

show abstract

“…The main works related to security requirements specification in business processes [9][10][11][12][13] all coincide in the idea that it is necessary to capture the point of view of the business expert with regard to security, and to include these specifications within the software development process.…”

Section: Introductionmentioning

confidence: 99%

CIM to PIM Transformation: A Reality

Rodríguez

Fernández‐Medina

Piattini

IFIP International Federation for Information Processing

View full text Add to dashboard Cite

Within the scope of MDA, the model transformation is orientated towards solving the problems of time, cost and quality associated with software creation. Moreover, business process modeling, through the use of industrial standards such as UML or BPMN, offers us a good opportunity to incorporate requirements at high levels of abstraction. We consider Secure Business Process models such as the Computation Independent Model (CIM). In this paper we show that it is possible to define CIM to PIM (Platform Independent Model) transformations, using QVT rules. Through our rules, we obtain certain UML analysis-level classes and use cases which will be part of the PIM of an information system. We illustrate our approach with a case study concerned with payment for the consumption of electrical energy. Because these models represent a different abstraction of the same system, an integration/transformation mechanism is required to establish how to go from one level (e.g. CIM) to another (e.g. PIM). Thus, transformations are a core element in the MDA. In the last few years, the most ambitious bet is QVT (QueryA^iew/Transformation) [3], the transformation language proposed by the OMG. QVT plays an important role in tiie OMG metamodel family, because it includes special features which can be used to perform transformations within these frameworks.Please use the following format when citing this chapter:

show abstract

Modelling secure and fair electronic commerce

Abstract: Abstract

Cited by 12 publications

References 10 publications

Security requirement analysis of business processes

Security requirement analysis of business processes

A Model and Implementation Guidelines for Information Security Strategies in Web Environments

CIM to PIM Transformation: A Reality

Contact Info

Product

Resources

About