Advanced search
Publication Cover
Connection Science Volume 35, 2023 - Issue 1
Submit an article Journal homepage
754
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Automated threat modelling and risk analysis in e-Government using BPMN

Daniele GranataDepartment of Engineering, University of Campania Luigi Vanvitelli, Aversa, CE, ItalyCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-6776-9485View further author information
ORCID Icon,
Massimiliano RakDepartment of Engineering, University of Campania Luigi Vanvitelli, Aversa, CE, ItalyORCID Iconhttps://orcid.org/0000-0001-6708-4032View further author information
ORCID Icon,
Giovanni SalzilloDepartment of Engineering, University of Campania Luigi Vanvitelli, Aversa, CE, ItalyORCID Iconhttps://orcid.org/0000-0001-6491-9655View further author information
ORCID Icon,
Giacomo Di GuidaDepartment of Engineering, University of Campania Luigi Vanvitelli, Aversa, CE, ItalyView further author information
&
Salvatore PetrilloDepartment of Engineering, University of Campania Luigi Vanvitelli, Aversa, CE, ItalyView further author information
Article: 2284645 | Received 11 Jul 2023, Accepted 14 Nov 2023, Published online: 02 Dec 2023

References

  • Altuhhova, O. (2012). An extension of business process model and notation for security risk management. International Journal of Information System Modeling and Design (IJISMD), 4(4), 93–113.
  • Barrett, M. P. (n.d.). Nist framework for improving critical infrastructure cybersecurity. 55.
  • Brucker, A. D., Hang, I., Lückemeyer, G., & Ruparel, R. (2012). SecureBPMN: Modeling and enforcing access control requirements in business processes. In Proceedings of the 17th ACM symposium on access control models and technologies association for computing machinery (pp. 123–126). ACM. https://doi.org/10.1145/2295136.2295160
  • Casey, T. (n.d.). Threat agent library helps identify information security risks. 12.
  • Cherdantseva, Y., & Hilton, J. (2013). A reference model of information assurance & security. In 2013 International conference on availability, reliability and security (pp. 546–555). IEEE.
  • Cherdantseva, Y., Hilton, J., & Rana, O. (2012). Towards securebpmn-aligning BPMN with the information assurance and security domain. In International workshop on business process modeling notation (pp. 107–115). Springer.
  • Chergui, M. E. A., & Benslimane, S. M. (2020). Towards a bpmn security extension for the visualization of cyber security requirements. International Journal of Technology Diffusion (IJTD), 11(2), 1–17. https://doi.org/10.4018/IJTD
  • Daniele, G., Massimiliano, R., & Wissam, M. (2023). Automated generation of 5G fine-grained threat models: A systematic approach. IEEE Access, 1–1. http://doi.org/10.1109/ACCESS.2023.3333209
  • European Cybersecurity Act (2019). Regulation (eu) 2019/881 of the European Parliament and of the Council of 17 april 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing regulation (eu) no 526/2013 (cybersecurity act).
  • Ficco, M., Granata, D., Rak, M., & Salzillo, G. (2021). Threat modeling of edge-based iot applications. In International conference on the quality of information and communications technology (pp. 282–296). Springer.
  • Granata, D., & Rak, M. (2021). Design and development of a technique for the automation of the risk analysis process in IT Security. In Proceedings of the 11th International Conference on Cloud Computing and Services Science – CLOSER (pp. 87–98). SCITEPRESS.
  • Granata, D., & Rak, M. (2023). Systematic analysis of automated threat modelling techniques: Comparison of open-source tools. Software Quality Journal : Special Issue on IT Quality Challenges in a Digital Society, 1–37. https://doi.org/10.1007/s11219-023-09634-4
  • Granata, D., Rak, M., & Salzillo, G. (2022). Risk analysis automation process in it security for cloud applications. In D. Ferguson, M. Helfert, & C. Pahl (Eds.), Cloud computing and services science (pp. 47–68). Springer International Publishing.
  • Granata, D., Rak, M., Salzillo, G., & Barbato, U. (2021). Security in IoT pairing & authentication protocols, a threat model, a case study analysis. In Italian conference on cybersecurity 2021 (Vol. 2490, pp. 207–218). ITASEC. CEUR-WS; 2021.
  • Hacks, S., Lagerström, R., & Ritter, D. (2021). Towards automated attack simulations of bpmn-based processes. In 2021 IEEE 25th international Enterprise Distributed Object Computing conference (EDOC) (pp. 182–191). IEEE.
  • Leitner, M., Miller, M., & Rinderle-Ma, S. (2013). An analysis and evaluation of security aspects in the business process model and notation. In 2013 international conference on availability, reliability and security (pp. 262–267). IEEE.
  • Li, X., Miao, M., Liu, H., Ma, J., & Li, K.-C. (2017). An incentive mechanism for k-anonymity in lbs privacy protection based on credit mechanism. Soft Computing, 21, 3907–3917. https://doi.org/10.1007/s00500-016-2040-2
  • Liang, W., Yang, Y., Yang, C., Hu, Y., Xie, S., Li, K.-C., & Cao, J. (2023). Pdpchain: A consortium blockchain-based privacy protection scheme for personal data. IEEE Transactions on Reliability, 72(2), 586–598. https://doi.org/10.1109/TR.2022.3190932
  • Maines, C. L., Llewellyn-Jones, D., Tang, S., & Zhou, B. (2015). A cyber security ontology for bpmn-security extensions. In 2015 IEEE international conference on computer and information technology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing (pp. 1756–1763). IEEE.
  • Maines, C. L., Zhou, B., Tang, S., & Shi, Q. (2016). Adding a third dimension to BPMN as a means of representing cyber security requirements. In 2016 9th international conference on Developments in eSystems Engineering (DeSE) (pp. 105–110). IEEE.
  • Meland, P. H., & Gjære, E. A. (2012). Representing threats in bpmn 2.0. In 2012 seventh international conference on availability, reliability and security (pp. 542–550). IEEE.
  • Mülle, J., von Stackelberg, S., & Böhm, K. (2011). A security language for BPMN process models. KIT, Fakultät für Informatik.
  • Rak, M., Granata, D., Di Martino, B., & Colucci Cante, L. (2022). A semantic methodology for security controls verification in public administration business processes. In L. Barolli (Ed.), Complex, intelligent and software intensive systems (pp. 456–466). Springer International Publishing.
  • Raza, S. A., Qazi, W., Khan, K. A., & Salam, J. (2020, September). Social isolation and acceptance of the learning management system (LMS) in the time of COVID-19 pandemic: An expansion of the UTAUT model. Journal of Educational Computing Research, 59(2), 183–208. https://doi.org/10.1177/0735633120960421
  • Rodriguez, A., Fernández-Medina, E., & Piattini, M. (2007, March). A BPMN extension for the modeling of security requirements in business processes. IEICE Transactions on Information and Systems, E90D. https://doi.org/10.1093/ietisy/e90-d.4.745
  • Salnitri, M., Dalpiaz, F., & Giorgini, P. (2014). Modeling and verifying security policies in business processes. In Enterprise, business-process and information systems modeling (pp. 200–214). Springer.
  • Sang, K. S., & Zhou, B. (2015). BPMN security extensions for healthcare process. In 2015 IEEE international conference on computer and information technology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing (pp. 2340–2345). IEEE.
  • San Martín, L., Rodríguez, A., Caro, A., & Velásquez, I. (2022). Obtaining secure business process models from an enterprise architecture considering security requirements. Business Process Management Journal, 28(1), 150–177. https://doi.org/10.1108/BPMJ-01-2021-0025
  • Sharfuddin, S. (2020, May). The world after Covid-19. The Round Table, 109(3), 247–257. https://doi.org/10.1080/00358533.2020.1760498
  • Thompson, N., Mullins, A., & Chongsutakawewong, T. (2020 January). Does high e-government adoption assure stronger security? Results from a cross-country analysis of Australia and Thailand. Government Information Quarterly, 37(1), Article 101408. https://doi.org/10.1016/j.giq.2019.101408
  • Williams, J. (2020). OWASP risk rating methodology. https://owasp.org/www-community/OWASP_Risk_Rating_Methodology
  • WP29 (2017, April). Guidelines on data protection impact assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (Tech. rep).
  • Zareen, S., Akram, A., & S. Ahmad Khan (2020). Security requirements engineering framework with bpmn 2.0. 2 extension model for development of information systems. Applied Sciences, 10(14), 4981. https://doi.org/10.3390/app10144981
  • Zhao, J. J., & Zhao, S. Y. (2010, January). Opportunities and threats: A security assessment of state e-government websites. Government Information Quarterly, 27(1), 49–56. https://doi.org/10.1016/j.giq.2009.07.004

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.