| Title | Towards a Framework for the Extension and Visualisation of Cyber Security Requirements in Modelling Languages |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Maines, C. L., Zhou, B., Tang, S., Shi, Q. |
| Conference Name | 2017 10th International Conference on Developments in eSystems Engineering (DeSE) |
| Date Published | jun |
| Keywords | BPMN, BPMN processes, business data processing, business process, Business Process Model and Notation, Collaboration, Complexity theory, composability, computer security, cyber security concepts, cyber security requirements, formal specification, middleware, middleware security, modelling language, policy, policy-based governance, pubcrawl, resilience, Resiliency, security extension, security framework, security of data, Semantics, specification languages, Tools, visualization |
| Abstract | Every so often papers are published presenting a new extension for modelling cyber security requirements in Business Process Model and Notation (BPMN). The frequent production of new extensions by experts belies the need for a richer and more usable representation of security requirements in BPMN processes. In this paper, we present our work considering an analysis of existing extensions and identify the notational issues present within each of them. We discuss how there is yet no single extension which represents a comprehensive range of cyber security concepts. Consequently, there is no adequate solution for accurately specifying cyber security requirements within BPMN. In order to address this, we propose a new framework that can be used to extend, visualise and verify cyber security requirements in not only BPMN, but any other existing modelling language. The framework comprises of the three core roles necessary for the successful development of a security extension. With each of these being further subdivided into the respective components each role must complete. |
| DOI | 10.1109/DeSE.2017.29 |
| Citation Key | maines_towards_2017 |
Towards a Framework for the Extension and Visualisation of Cyber Security Requirements in Modelling Languages