{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T15:06:21Z","timestamp":1772809581376,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662437445","type":"print"},{"value":"9783662437452","type":"electronic"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-662-43745-2_14","type":"book-chapter","created":{"date-parts":[[2014,6,4]],"date-time":"2014-06-04T19:15:56Z","timestamp":1401909356000},"page":"200-214","source":"Crossref","is-referenced-by-count":36,"title":["Modeling and Verifying Security Policies in Business Processes"],"prefix":"10.1007","author":[{"given":"Mattia","family":"Salnitri","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fabiano","family":"Dalpiaz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paolo","family":"Giorgini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"14_CR1","unstructured":"An introduction to the business model for information security. Technical report, ISACA (2009), \n                    \n                      http:\/\/www.isaca.org\/Knowledge-Center\/Research\/ResearchDeliverables\/Pages\/An-Introduction-to-the-Business-Model-for-Information-Security.aspx"},{"key":"14_CR2","unstructured":"Federal\u00a0Aviation Administration. SWIM ATM case study, \n                    \n                      http:\/\/www.faa.gov\/about\/office_org\/headquarters_offices\/ato\/service_units\/techops\/atc_comms_services\/swim\/\n                    \n                    \n                   (last visited March 2014)"},{"key":"14_CR3","unstructured":"Awad, A.: BPMN-Q: A language to query business processes. In: EMISA, St. Goar, Germany. LNI, vol.\u00a0P-119, pp. 115\u2013128. GI (2007)"},{"key":"14_CR4","unstructured":"Awad, A.: A compliance management framework for business process models. PhD thesis (2010)"},{"issue":"6","key":"14_CR5","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1016\/j.is.2008.02.005","volume":"33","author":"C. Beeri","year":"2008","unstructured":"Beeri, C., Eyal, A., Kamenkovich, S., Milo, T.: Querying business processes with BP-QL. Information Systems\u00a033(6), 477\u2013507 (2008)","journal-title":"Information Systems"},{"key":"14_CR6","doi-asserted-by":"crossref","unstructured":"Brucker, A.D., Hang, I., L\u00fcckemeyer, G., Ruparel, R.: SecureBPMN: Modeling and Enforcing Access Control Requirements in Business Processes. In: Proc. of SACMAT 2012, pp. 123\u2013126 (2012)","DOI":"10.1145\/2295136.2295160"},{"key":"14_CR7","doi-asserted-by":"crossref","unstructured":"Cherdantseva, Y., Hilton, J.: A reference model of information assurance and security. In: Eighth International Conference on ARES, pp. 546\u2013555 (September 2013)","DOI":"10.1109\/ARES.2013.72"},{"key":"14_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-540-75987-4_12","volume-title":"Database Programming Languages","author":"D. Deutch","year":"2007","unstructured":"Deutch, D., Milo, T.: Querying structural and behavioral properties of business processes. In: Arenas, M., Schwartzbach, M.I. (eds.) DBPL 2007. LNCS, vol.\u00a04797, pp. 169\u2013185. Springer, Heidelberg (2007)"},{"key":"14_CR9","unstructured":"Ferraiolo, D.F., Cugini, J.A., Richard Kuhn, D.R.: Role-based access control (rbac): Features and motivations (1995)"},{"issue":"1","key":"14_CR10","doi-asserted-by":"publisher","first-page":"61","DOI":"10.5381\/jot.2004.3.1.c6","volume":"3","author":"D. Firesmith","year":"2004","unstructured":"Firesmith, D.: Specifying reusable security requirements. JOT\u00a03(1), 61\u201375 (2004)","journal-title":"JOT"},{"key":"14_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-540-74974-5_14","volume-title":"Service-Oriented Computing \u2013 ICSOC 2007","author":"A. Ghose","year":"2007","unstructured":"Ghose, A., Koliadis, G.: Auditing business process compliance. In: Kr\u00e4mer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol.\u00a04749, pp. 169\u2013180. Springer, Heidelberg (2007)"},{"issue":"2","key":"14_CR12","doi-asserted-by":"publisher","first-page":"618","DOI":"10.1016\/j.dss.2005.05.019","volume":"43","author":"A. Josang","year":"2007","unstructured":"Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems\u00a043(2), 618\u2013644 (2007)","journal-title":"Decision Support Systems"},{"key":"14_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/3-540-45800-X_32","volume-title":"\u00abUML\u00bb 2002 - The Unified Modeling Language. Model Engineering, Concepts, and Tools","author":"J. J\u00fcrjens","year":"2002","unstructured":"J\u00fcrjens, J.: Umlsec: Extending uml for secure systems development. In: J\u00e9z\u00e9quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol.\u00a02460, pp. 412\u2013425. Springer, Heidelberg (2002)"},{"key":"14_CR14","doi-asserted-by":"crossref","unstructured":"Leitner, M., Miller, M., Rinderle-Ma, S.: An analysis and evaluation of security aspects in the business process model and notation. In: Proc. of ARES, pp. 262\u2013267 (2013)","DOI":"10.1109\/ARES.2013.34"},{"issue":"3","key":"14_CR15","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1016\/j.infsof.2013.12.004","volume":"56","author":"M. Leitner","year":"2014","unstructured":"Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems - constitution, challenges, and future directions. Inf. Softw. Technol.\u00a056(3), 273\u2013293 (2014)","journal-title":"Inf. Softw. Technol."},{"key":"14_CR16","doi-asserted-by":"crossref","unstructured":"Leitner, M., Schefer-Wenzl, S., Rinderle-Ma, S., Strembeck, M.: An experimental study on the design and modeling of security concepts in business processes. In: Proc. of PoEM, pp. 236\u2013250 (2013)","DOI":"10.1007\/978-3-642-41641-5_17"},{"issue":"2","key":"14_CR17","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1147\/sj.462.0335","volume":"46","author":"Y. Liu","year":"2007","unstructured":"Liu, Y., M\u00fcller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Syst. J.\u00a046(2), 335\u2013361 (2007)","journal-title":"IBM Syst. J."},{"key":"14_CR18","unstructured":"McCumber, J.: Information systems security: A comprehensive model. In: Proceeding of the 14th National Computer Security Conference, NIST Baltimore, MD (1991)"},{"key":"14_CR19","doi-asserted-by":"crossref","unstructured":"Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in serviceoriented business process management. In: Proc of ARES 2009, pp. 41\u201348 (2009)","DOI":"10.1109\/ARES.2009.90"},{"key":"14_CR20","first-page":"1667","volume-title":"Applied Computing","author":"G. Monakova","year":"2012","unstructured":"Monakova, G., Brucker, A.D., Schaad, A.: Security and safety of assets in business processes. In: Applied Computing, vol.\u00a027, pp. 1667\u20131673. ACM, USA (2012)"},{"key":"14_CR21","doi-asserted-by":"publisher","first-page":"756","DOI":"10.1109\/TSE.2009.67","volume":"35","author":"D. Moody","year":"2009","unstructured":"Moody, D.: The physics of notations: Toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng.\u00a035, 756\u2013779 (2009)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"14_CR22","unstructured":"OASIS. Web Services Business Process Execution Language, \n                    \n                      http:\/\/docs.oasis-open.org\/wsbpel\/2.0\/wsbpel-v2.0.html\n                    \n                    \n                   (April 2007)"},{"key":"14_CR23","unstructured":"O.: BPMN 2.0, \n                    \n                      http:\/\/www.omg.org\/spec\/BPMN\/2.0\n                    \n                    \n                   (January 2011)"},{"key":"14_CR24","unstructured":"Parker, D.: Our excessively simplistic information security model and how to fix it. ISSA Journal, 12\u201321 (2010)"},{"key":"14_CR25","unstructured":"Parker, D.B.: Fighting computer crime - a new framework for protecting information. Wiley (1998)"},{"issue":"4","key":"14_CR26","doi-asserted-by":"publisher","first-page":"745","DOI":"10.1093\/ietisy\/e90-d.4.745","volume":"90","author":"A. Rodr\u00edguez","year":"2007","unstructured":"Rodr\u00edguez, A., Fern\u00e1ndez-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. on Information and Systems\u00a090(4), 745\u2013752 (2007)","journal-title":"IEICE Trans. on Information and Systems"},{"key":"14_CR27","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1016\/S0951-8320(01)00092-8","volume":"75","author":"J. Rushby","year":"2002","unstructured":"Rushby, J.: Using model checking to help discover mode confusions and other automation surprises. Reliability Engineering and System Safety\u00a075, 167\u2013177 (2002)","journal-title":"Reliability Engineering and System Safety"},{"key":"14_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/978-3-540-75183-0_12","volume-title":"Business Process Management","author":"W. Sadiq","year":"2007","unstructured":"Sadiq, W., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol.\u00a04714, pp. 149\u2013164. Springer, Heidelberg (2007)"},{"issue":"1","key":"14_CR29","doi-asserted-by":"publisher","first-page":"353","DOI":"10.4156\/aiss.vol4.issue1.45","volume":"4","author":"M. Saleem","year":"2012","unstructured":"Saleem, M., Jaafar, J., Hassan, M.: A domain- specific language for modelling security objectives in a business process models of soa applications. AISS\u00a04(1), 353\u2013362 (2012)","journal-title":"AISS"},{"key":"14_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-642-33606-5_15","volume-title":"On the Move to Meaningful Internet Systems: OTM 2012","author":"M. Salnitri","year":"2012","unstructured":"Salnitri, M., Dalpiaz, F., Giorgini, P.: Aligning service-oriented architectures with security requirements. In: Meersman, R., et al. (eds.) OTM 2012, Part I. LNCS, vol.\u00a07565, pp. 232\u2013249. Springer, Heidelberg (2012)"},{"key":"14_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/3-540-45608-2_3","volume-title":"Foundations of Security Analysis and Design","author":"P. Samarati","year":"2001","unstructured":"Samarati, P., di Vimercati, S.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol.\u00a02171, pp. 137\u2013196. Springer, Heidelberg (2001)"},{"key":"14_CR32","unstructured":"Schmidt, R., Bartsch, C., Oberhauser, R.: Ontology-based representation of compliance requirements for service processes. In: Proc. of CEUR 2007 (2007)"},{"issue":"7","key":"14_CR33","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1145\/2209249.2209268","volume":"55","author":"I. Sommerville","year":"2012","unstructured":"Sommerville, I., Cliff, D., Calinescu, R., Keen, J., Kelly, T., Kwiatkowska, M., Mcdermid, J., Paige, R.: Large-scale complex it systems. Commun. ACM\u00a055(7), 71\u201377 (2012)","journal-title":"Commun. ACM"},{"issue":"4","key":"14_CR34","first-page":"211","volume":"55","author":"C. Wolter","year":"2009","unstructured":"Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. JSA\u00a055(4), 211\u2013223 (2009)","journal-title":"JSA"},{"key":"14_CR35","doi-asserted-by":"crossref","unstructured":"Yip, F., Wong, A.K.Y., Parameswaran, N., Ray, P.: Rules and ontology in compliance management. In: In Proc. of EDOC, pp. 435\u2013435 (2007)","DOI":"10.1109\/EDOC.2007.50"}],"container-title":["Lecture Notes in Business Information Processing","Enterprise, Business-Process and Information Systems Modeling"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-43745-2_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,26]],"date-time":"2019-05-26T20:35:48Z","timestamp":1558902948000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-43745-2_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783662437445","9783662437452"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-43745-2_14","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"value":"1865-1348","type":"print"},{"value":"1865-1356","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}