TY - GEN
T1 - Assessing business process security
T2 - 13th Americas Conference on Information Systems, AMCIS 2007
AU - Damiani, Ernesto
AU - Fugini, Mariagrazia
AU - Reed, Karl
PY - 2007
Y1 - 2007
N2 - The aim of this paper is to present some preliminary ideas about practical metrics and measurements useful for (i) assessing business process risk at design time and (ii) computing security and trust metrics at run time on business process orchestrations. In particular, the study is focused on a priori metrics applied to behavioral specifications of business processes (e.g., business rules and UML 2.0 /UMM diagrams) and to run-time metrics applied to the high-level eservices composing them. Design-time metrics deal with the risk connected to information leaking (including privacy-related concerns) and to other disclosure threats, while run-time service-oriented metrics regard security as a Quality of Service, and therefore include factors like trustworthiness, completeness, and correctness of the services composing the business process when deployed on a Service Oriented Architecture (SOA).
AB - The aim of this paper is to present some preliminary ideas about practical metrics and measurements useful for (i) assessing business process risk at design time and (ii) computing security and trust metrics at run time on business process orchestrations. In particular, the study is focused on a priori metrics applied to behavioral specifications of business processes (e.g., business rules and UML 2.0 /UMM diagrams) and to run-time metrics applied to the high-level eservices composing them. Design-time metrics deal with the risk connected to information leaking (including privacy-related concerns) and to other disclosure threats, while run-time service-oriented metrics regard security as a Quality of Service, and therefore include factors like trustworthiness, completeness, and correctness of the services composing the business process when deployed on a Service Oriented Architecture (SOA).
UR - http://www.scopus.com/inward/record.url?scp=84870197801&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84870197801
SN - 9781604233810
T3 - Association for Information Systems - 13th Americas Conference on Information Systems, AMCIS 2007: Reaching New Heights
SP - 4342
EP - 4350
BT - Association for Information Systems - 13th Americas Conference on Information Systems, AMCIS 2007
Y2 - 10 August 2007 through 12 August 2007
ER -