Although importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we...
详细信息
Although importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we discuss how security risk-oriented patterns could help solving the above problem. Using the illustrative example, we present a two-step method for (i) pattern occurrence discovery in, and (ii) for security requirements definition from the business process model. We hope that our proposal could help elicit security requirements at the early system development stages, however, we still need to validate it empirically.
The complexity of distributed manufacturing and software development coupled with the increasing prevalence of cyber and supply chain attacks necessitates a greater understanding of the hardware and software component...
详细信息
ISBN:
(纸本)9798350317930
The complexity of distributed manufacturing and software development coupled with the increasing prevalence of cyber and supply chain attacks necessitates a greater understanding of the hardware and software components that comprise equipment in critical infrastructure. When a vulnerability in a single software library can have disastrous consequences, being able to identify where that library may exist in equipment or software becomes a prerequisite for protecting the overall infrastructure. This need has sparked a large effort around the development and incorporation of bill-of-materials (BOM) into security, asset management, and procurement practices to aid in mitigating, and responding to future attacks. While much of the current research is devoted to creating BOMs, it is equally important to develop methods for comparing them to answer questions, such as: How has my software changed? Are two pieces of equipment equivalent? Does this piece of equipment that just arrived match my historical information? In this work, we demonstrate how BOMs can be represented by graph structures. We then describe how these structures can be fed into a graph comparison algorithm to produce a novel interactive visualization that allows us to not only identify differences in BOMs but show exactly where they are in the product.
暂无评论