THE SI* MODELING FRAMEWORK: METAMODEL AND APPLICATIONS

2009 ◽  
Vol 19 (05) ◽  
pp. 727-746 ◽  
Author(s):  
NICOLA ZANNONE
Keyword(s):  
Business Processes ◽  
System Development ◽  
Security Requirements ◽  
Modeling Language ◽  
Modeling Languages ◽  
Modeling Framework ◽  
Development Environment ◽  
Design Alternatives ◽  
Security Requirements Engineering ◽  
Early Phases

Security Requirements Engineering is emerging spurred by the realization that security must be dealt from the early phases of the system development process. Modeling languages in this field are challenging as they must provide concepts appropriate in order to talk about security within an organization. In previous work we introduced the SI* modeling language tailored to capture security aspects of socio-technical systems. SI* is founded on four main notions, namely supervision, permission, delegation, and trust. In this paper, we present the SI* metamodel. We also present some frameworks and methodologies founded on this modeling language for the analysis of security and dependability requirements as well as the exploration of design alternatives and the generation of skeletons of secure business processes. The paper also presents a development environment that uses the SI* metamodel as its basis core.

A Compliance-Driven Framework for Privacy and Security in Highly Regulated Socio-Technical Environments

2021 ◽  
pp. 933-962
Author(s):  
Ayda Saidane ◽  
Saleh Al-Sharieh
Keyword(s):  
Business Processes ◽  
System Development ◽  
Regulatory Compliance ◽  
Security And Privacy ◽  
Modeling Framework ◽  
Privacy And Security ◽  
Legitimate User ◽  
Simulation Based ◽  
Driven System ◽  
City System

Regulatory compliance is a top priority for organizations in highly regulated ecosystems. As most operations are automated, the compliance efforts focus on the information systems supporting the business processes of the organizations and, to a lesser extent, on the humans using, managing, and maintaining them. Yet, the human factor is an unpredictable and challenging component of a secure system development and should be considered throughout the development process as both a legitimate user and a threat. In this chapter, the authors propose COMPARCH as a compliance-driven system engineering framework for privacy and security in socio-technical systems. It consists of (1) a risk-based requirement management process, (2) a test-driven security and privacy modeling framework, and (3) a simulation-based validation approach. The satisfaction of the regulatory requirements is evaluated through the simulation traces analysis. The authors use as a running example an E-CITY system providing municipality services to local communities.

FROM E-R TO “A-R” — MODELLING STRATEGIC ACTOR RELATIONSHIPS FOR BUSINESS PROCESS REENGINEERING

1995 ◽  
Vol 04 (02n03) ◽  
pp. 125-144 ◽  
Author(s):  
ERIC S.K. YU ◽  
JOHN MYLOPOULOS
Keyword(s):  
Business Processes ◽  
System Development ◽  
Information Structures ◽  
Development Environment ◽  
Organizational Contexts ◽  
Organizational Settings ◽  
Social Actors ◽  
Comprehensive Information ◽  
Systematic Exploration ◽  
Modelling Techniques

As information systems are increasingly expected to work with humans cooperatively in complex organizational contexts, conceptual modelling techniques need to be extended to relate information structures and processes to business and organizational objectives. We propose a framework which focuses on the modelling of strategic actor relationships (“A-R”) for a richer conceptual model of business processes in their organizational settings. Organizations are viewed as being made up of social actors who are intentional — have motivations, wants, and beliefs — and strategic — they evaluate their relationships to each other in terms of opportunities and vulnerabilities. The framework supports formal modelling of the network of dependency relationships among actors, and the systematic exploration and assessment of alternative process designs in reengineering. The semantics of the modelling concepts are axiomatically characterized. By embedding the framework in the Telos language, the framework can also potentially serve as an early-requirements phase tool in a comprehensive information system development environment.

Formative User-Centered Evaluation of Security Modeling

2012 ◽  
Vol 3 (1) ◽  
pp. 1-19 ◽  
Author(s):  
Sandra Trösterer ◽  
Elke Beck ◽  
Fabiano Dalpiaz ◽  
Elda Paja ◽  
Paolo Giorgini ◽  
...  
Keyword(s):  
Security Requirements ◽  
Modeling Language ◽  
Complex Activity ◽  
Evaluation Approach ◽  
Security Requirements Engineering ◽  
Security Modeling ◽  
Social Organizational ◽  
High Level ◽  
User Centered

Developing a security modeling language is a complex activity. Particularly, it becomes very challenging for Security Requirements Engineering (SRE) languages where social/organizational concepts are used to represent high-level business aspects, while security aspects are typically expressed in a technical jargon at a lower level of abstraction. In order to reduce this socio-technical mismatch and reach a high quality outcome, appropriate evaluation techniques need to be chosen and carried out throughout the development process of the modeling language. In this article, the authors present and discuss the formative user-centered evaluation approach, namely an evaluation technique that starts since the early design stages and actively involves end-users. The authors demonstrate the approach in a real case study presenting the results of the evaluation. From the gained empirical evidence, we may conclude that formative user-centered evaluation is highly recommended to investigate any security modeling language.

Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns

2013 ◽  
Vol 55 (6) ◽  
Author(s):  
Raimundas Matulevičius ◽  
Naved Ahmed
Keyword(s):  
Business Process ◽  
Process Model ◽  
Business Processes ◽  
System Development ◽  
Security Requirements ◽  
Business Process Model ◽  
Security Risk ◽  
Step Method ◽  
Requirements Definition ◽  
Development Stages

AbstractAlthough importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we discuss how security risk-oriented patterns could help solving the above problem. Using the illustrative example, we present a two-step method for (i) pattern occurrence discovery in, and (ii) for security requirements definition from the business process model. We hope that our proposal could help elicit security requirements at the early system development stages, however, we still need to validate it empirically.

scholarly journals CONFIGURABLE WORKFLOW MODELS

2008 ◽  
Vol 17 (02) ◽  
pp. 177-221 ◽  
Author(s):  
FLORIAN GOTTSCHALK ◽  
WIL M. P. VAN DER AALST ◽  
MONIQUE H. JANSEN-VULLERS ◽  
MARCELLO LA ROSA
Keyword(s):  
Business Processes ◽  
Modeling Language ◽  
Modeling Languages ◽  
Workflow Model ◽  
Workflow Modeling

Workflow modeling languages allow for the specification of executable business processes. They, however, typically do not provide any guidance for the adaptation of workflow models, i.e. they do not offer any methods or tools explaining and highlighting which adaptations of the models are feasible and which are not. Therefore, an approach to identify so-called configurable elements of a workflow modeling language and to add configuration opportunities to workflow models is presented in this paper. Configurable elements are the elements of a workflow model that can be modified such that the behavior represented by the model is restricted. More precisely, a configurable element can be either set to enabled, to blocked, or to hidden. To ensure that such configurations lead only to desirable models, our approach allows for imposing so-called requirements on the model's configuration. They have to be fulfilled by any configuration, and limit therefore the freedom of configuration choices. The identification of configurable elements within the workflow modeling language of YAWL and the derivation of the new "configurable YAWL" language provide a concrete example for a rather generic approach. A transformation of configured models into lawful YAWL models demonstrates its applicability.

A Compliance-Driven Framework for Privacy and Security in Highly Regulated Socio-Technical Environments

2019 ◽  
pp. 15-50
Author(s):  
Ayda Saidane ◽  
Saleh Al-Sharieh
Keyword(s):  
Business Processes ◽  
System Development ◽  
Regulatory Compliance ◽  
Security And Privacy ◽  
Modeling Framework ◽  
Privacy And Security ◽  
Legitimate User ◽  
Simulation Based ◽  
Driven System ◽  
City System

Regulatory compliance is a top priority for organizations in highly regulated ecosystems. As most operations are automated, the compliance efforts focus on the information systems supporting the business processes of the organizations and, to a lesser extent, on the humans using, managing, and maintaining them. Yet, the human factor is an unpredictable and challenging component of a secure system development and should be considered throughout the development process as both a legitimate user and a threat. In this chapter, the authors propose COMPARCH as a compliance-driven system engineering framework for privacy and security in socio-technical systems. It consists of (1) a risk-based requirement management process, (2) a test-driven security and privacy modeling framework, and (3) a simulation-based validation approach. The satisfaction of the regulatory requirements is evaluated through the simulation traces analysis. The authors use as a running example an E-CITY system providing municipality services to local communities.

Cross-disciplinary engineering with AutomationML and SysML

2016 ◽  
Vol 64 (4) ◽  
Author(s):  
Luca Berardinelli ◽  
Stefan Biffl ◽  
Arndt Lüder ◽  
Emanuel Mätzler ◽  
Tanja Mayerhofer ◽  
...  
Keyword(s):  
Production System ◽  
Electrical Engineering ◽  
Structural Modeling ◽  
Modeling Language ◽  
Modeling Languages ◽  
Systems Modeling ◽  
Software Modeling ◽  
Model Driven ◽  
Early Phases

AbstractAutomationML (AML) is an emerging standard in the automation domain to represent and exchange artifacts between heterogeneous engineering tools used in different disciplines, such as mechanical and electrical engineering. The Systems Modeling Language (SysML) is a modeling standard influenced by software modeling languages, such as UML, typically adopted in the early phases of engineering processes. This paper investigates commonalities and differences of the structural modeling parts of AML (CAEX) and SysML (block diagrams) in support of establishing tool-independent interoperability. This support for cross-disciplinary modeling is facilitated by a bridge between AML and SysML built on model-driven interoperability techniques. We demonstrate the interoperability between AML and SysML with a case study concerning a lab-sized production system.

Implementation of Booking Performance Application Using Bootstrap Case Study in PT XYZ

2019 ◽  
Vol 4 (1) ◽  
pp. 10
Author(s):  
Arfan Sansprayada ◽  
Kartika Mariskhana
Keyword(s):  
Information System ◽  
Business Processes ◽  
System Development ◽  
Basic Requirement ◽  
Application Development ◽  
Information System Development ◽  
Special Expertise ◽  
A Company ◽  
Need For Information

Abstract—The need for information system development in a company is a basic requirement that must be met by each company in order to run its business processes properly. This is the basic key in a company in order to provide maximum results to find as many profits or profits. Application development or requirements in the application also provide speed for employees to carry out their activities to work properly and optimally. The development of the era requires that companies must be productive and have innovations so that the business wheel of the company can run well. This is based on the development of technology that is so fast that it requires special expertise in its application. This research is expected to be able to help some problems that exist in a company. Where its application can make it easier for employees to carry out their respective duties and roles in order to maximize their potential. For companies, the application of this application can accommodate the company's business wheels so that they can be properly and correctly documented .   Keywords : Systems, Information, Applications

Sign in / Sign up

Export Citation Format

Share Document