Goal-equivalent secure business process re-engineering

H.A. López, F. Massacci, N. Zannone

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    7 Citations (Scopus)


    The introduction of information technologies in health care systems often requires to re-engineer the business processes used to deliver care. Obviously, the new and re-engineered processes are observationally different and thus we cannot use existing model-based techniques to argue that they are somehow “equivalent”. In this paper we propose a method for passing from SI*, a modeling language for capturing and modeling functional, security, and trust organizational and system requirements, to business process specifications and vice versa. In particular, starting from an old secure business process, we reconstruct the functional and security requirements at organizational level that such a business process was supposed to meet (including the trust relations that existed among the members of the organization). To ensure that the re-engineered business process meets the elicited requirements, we employ a notion of equivalence based on goal-equivalence. Basically, we verify if the execution of the business process, described in terms of the trace it generates, satisfies the organizational model. We motivate and illustrate the method with an e-health case study.
    Original languageEnglish
    Title of host publicationService-Oriented Computing
    Subtitle of host publicationICSOC 2007 Workshops, International Workshops, Vienna, Austria, September 17, 2007, Revised Selected Papers
    EditorsE. Di Nitto, M. Ripeanu
    Place of PublicationBerlin
    Number of pages12
    ISBN (Electronic)978-3-540-93851-4
    ISBN (Print)978-3-540-93850-7
    Publication statusPublished - 2009

    Publication series

    NameLecture Notes in Computer Science (LNCS)
    ISSN (Print)0302-9743


    Dive into the research topics of 'Goal-equivalent secure business process re-engineering'. Together they form a unique fingerprint.

    Cite this