Title :
A business process-driven approach to security engineering
Author :
Maña, Antonio ; Montenegro, José A. ; Rudolph, Carsten ; Vivas, José Luis
Author_Institution :
Dept. of Comput. Sci., Univ. de Malaga, Spain
Abstract :
A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common that end users are able to express their security needs at the business process level. Since many security requirements originate at this level, it is natural to try to capture and express them within the context of business models where end users feel most comfortable and where they conceptually belong. In this paper, we develop these views, present an ongoing work intended to create a UML-based and business process-driven framework for the development of security-critical systems and propose an approach to a rigorous treatment of security requirements supported by formal methods.
Keywords :
formal specification; formal verification; safety-critical software; security of data; specification languages; systems analysis; UML-based framework; business models; business process; end users; formal methods; requirement engineering; requirements engineering; security engineering; security requirements; security specification; security-critical systems; unified modeling language; Computer science; Computer security; Context modeling; Cryptographic protocols; Data security; Design engineering; Humans; Laboratories; Programming; Software systems;
Conference_Titel :
Database and Expert Systems Applications, 2003. Proceedings. 14th International Workshop on
Print_ISBN :
0-7695-1993-8
DOI :
10.1109/DEXA.2003.1232069
