{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T21:54:37Z","timestamp":1766181277861},"reference-count":45,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2019,7,13]],"date-time":"2019-07-13T00:00:00Z","timestamp":1562976000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,7,13]],"date-time":"2019-07-13T00:00:00Z","timestamp":1562976000000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Softw Syst Model"],"published-print":{"date-parts":[[2020,5]]},"DOI":"10.1007\/s10270-019-00743-y","type":"journal-article","created":{"date-parts":[[2019,7,13]],"date-time":"2019-07-13T05:21:56Z","timestamp":1562995316000},"page":"555-577","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Enhancing secure business process design with security process patterns"],"prefix":"10.1007","volume":"19","author":[{"given":"Nikolaos","family":"Argyropoulos","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew","family":"Fish","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,7,13]]},"reference":[{"issue":"4","key":"743_CR1","doi-asserted-by":"publisher","first-page":"723","DOI":"10.1016\/j.csi.2013.12.007","volume":"36","author":"N Ahmed","year":"2014","unstructured":"Ahmed, N., Matulevi\u010dius, R.: Securing business processes using security risk-oriented patterns. Comput. Stand. Interfaces 36(4), 723\u2013733 (2014)","journal-title":"Comput. Stand. Interfaces"},{"key":"743_CR2","doi-asserted-by":"crossref","unstructured":"Alam, M.: Model driven security engineering for the realization of dynamic security requirements in collaborative systems. In: International Conference on Model Driven Engineering Languages and Systems, pp. 278\u2013287. Springer, Berlin (2006)","DOI":"10.1007\/978-3-540-69489-2_34"},{"key":"743_CR3","unstructured":"Argyropoulos, N.: Designing secure business processes from organisational goal models. Ph.D. thesis, University of Brighton (2018)"},{"key":"743_CR4","doi-asserted-by":"crossref","unstructured":"Argyropoulos, N., Alca\u00f1iz, L.M., Mouratidis, H., Fish, A., Rosado, D.G., de\u00a0Guzm\u00e1n, I.G.R., Fern\u00e1ndez-Medina, E.: Eliciting security requirements for business processes of legacy systems. In: IFIP Working Conference on The Practice of Enterprise Modeling, pp. 91\u2013107. Springer, Berlin (2015)","DOI":"10.1007\/978-3-319-25897-3_7"},{"key":"743_CR5","doi-asserted-by":"crossref","unstructured":"Argyropoulos, N., Angelopoulos, K., Mouratidis, H., Fish, A.: Decision-making in security requirements engineering with constrained goal models. In: 2017 1st International Workshop on SECurity and Privacy Requirements Engineering (SECPRE 2017). IEEE, Washington (2017)","DOI":"10.1007\/978-3-319-72817-9_17"},{"key":"743_CR6","doi-asserted-by":"crossref","unstructured":"Argyropoulos, N., Kalloniatis, C., Mouratidis, H., Fish, A.: Incorporating privacy patterns into semi-automatic business process derivation. In: 2016 IEEE 10th International Conference on Research Challenges in Information Science (RCIS), pp. 1\u201312. IEEE, Washington (2016)","DOI":"10.1109\/RCIS.2016.7549305"},{"key":"743_CR7","doi-asserted-by":"crossref","unstructured":"Argyropoulos, N., Mouratidis, H., Fish, A.: Towards the derivation of secure business process designs. In: International Conference on Conceptual Modeling, pp. 248\u2013258. Springer, Berlin (2015)","DOI":"10.1007\/978-3-319-25747-1_25"},{"key":"743_CR8","doi-asserted-by":"crossref","unstructured":"Argyropoulos, N., Mouratidis, H., Fish, A.: Attribute-based security verification of business process models. In: 2017 IEEE 19th Conference on Business Informatics (CBI), vol.\u00a01, pp. 43\u201352. IEEE, Washington (2017)","DOI":"10.1109\/CBI.2017.37"},{"key":"743_CR9","unstructured":"Argyropoulos, N., Mouratidis, H., Fish, A.: Supporting secure business process design via security process patterns. In: Enterprise, Business-Process and Information Systems Modeling\u201418th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017, Held at CAiSE 2017, Essen, Germany, June 12\u201313, 2017, Proceedings, pp. 19\u201333 (2017)"},{"issue":"4","key":"743_CR10","doi-asserted-by":"publisher","first-page":"1421","DOI":"10.1007\/s10270-013-0381-1","volume":"14","author":"P Bottoni","year":"2015","unstructured":"Bottoni, P., Fish, A., Parisi-Presicce, F.: Spider graphs: a graph transformation system for spider diagrams. Softw. Syst. Modell. 14(4), 1421\u20131453 (2015)","journal-title":"Softw. Syst. Modell."},{"issue":"3","key":"743_CR11","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1023\/B:AGNT.0000018806.20944.ef","volume":"8","author":"P Bresciani","year":"2004","unstructured":"Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agents Multi-Agent Syst. 8(3), 203\u2013236 (2004)","journal-title":"Auton. Agents Multi-Agent Syst."},{"key":"743_CR12","doi-asserted-by":"crossref","unstructured":"Cherdantseva, Y., Hilton, J.: A reference model of information assurance and security. In: The 8th International Conference on Availability, Reliability and Security (ARES), pp. 546\u2013555. IEEE, Washington (2013)","DOI":"10.1109\/ARES.2013.72"},{"key":"743_CR13","unstructured":"Decreus, K., Poels, G.: A goal-oriented requirements engineering method for business processes. In: Forum at the Conference on Advanced Information Systems Engineering (CAiSE), pp. 29\u201343. Springer, Berlin (2010)"},{"issue":"8","key":"743_CR14","doi-asserted-by":"publisher","first-page":"784","DOI":"10.1002\/int.20431","volume":"25","author":"K Decreus","year":"2010","unstructured":"Decreus, K., Poels, G., Kharbili, M.E., Pulvermueller, E.: Policy-enabled goal-oriented requirements engineering for semantic business process management. Int. J. Intell. Syst. 25(8), 784\u2013812 (2010)","journal-title":"Int. J. Intell. Syst."},{"issue":"1","key":"743_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00766-009-0094-8","volume":"15","author":"E Dubois","year":"2010","unstructured":"Dubois, E., Mouratidis, H.: Guest editorial: security requirements engineering: past, present and future. Requir Eng 15(1), 1\u20135 (2010)","journal-title":"Requir Eng"},{"key":"743_CR16","unstructured":"Fernandez, E.B., Pan, R.: A pattern language for security models. In: In Proceedings of PLoP, vol.\u00a01 (2001)"},{"key":"743_CR17","unstructured":"Greek-Parliament Act 3892: Electronic registration and fulfilment of medical prescriptions and clinical test referrals (2010). [In Greek]"},{"key":"743_CR18","doi-asserted-by":"crossref","unstructured":"Guerra, E., de\u00a0Lara, J., Kolovos, D., Paige, R.: A visual specification language for model-to-model transformations. In: IEEE Symposium on Visual Languages and Human-Centric Computing (2010)","DOI":"10.1109\/VLHCC.2010.25"},{"key":"743_CR19","unstructured":"ISO: ISO\/IEC 27000 Information technology\u2014Security techniques\u2014Information security management systems\u2014Overview and vocabulary. Technical report (2014)"},{"key":"743_CR20","doi-asserted-by":"crossref","unstructured":"Kalloniatis, C., Kavakli, E., Gritzalis, S.: Using privacy process patterns for incorporating privacy requirements into the system design process. In: 2nd International Conference on Availability, Reliability and Security (ARES\u201907), pp. 1009\u20131017. IEEE, Washington (2007)","DOI":"10.1109\/ARES.2007.156"},{"issue":"3","key":"743_CR21","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/s00766-008-0067-3","volume":"13","author":"C Kalloniatis","year":"2008","unstructured":"Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the pris method. Requir. Eng. 13(3), 241\u2013255 (2008)","journal-title":"Requir. Eng."},{"key":"743_CR22","unstructured":"Kienzle, D.M., Elder, M.C.: Security patterns for web application development. University of Virginia technical report (2002)"},{"key":"743_CR23","doi-asserted-by":"crossref","unstructured":"Lav\u00e9rdiere, M., Mourad, A., Hanna, A., Debbabi, M.: Security design patterns: survey and evaluation. In: 2006 Canadian Conference on Electrical and Computer Engineering, pp. 1605\u20131608. IEEE, Washington (2006)","DOI":"10.1109\/CCECE.2006.277727"},{"key":"743_CR24","doi-asserted-by":"crossref","unstructured":"Leitner, M., Miller, M., Rinderle-Ma, S.: An analysis and evaluation of security aspects in the business process model and notation. In: 8th International Conference on Availability, Reliability and Security (ARES\u201913), pp. 262\u2013267. IEEE, Washington (2013)","DOI":"10.1109\/ARES.2013.34"},{"key":"743_CR25","doi-asserted-by":"crossref","unstructured":"Li, T., Paja, E., Mylopoulos, J., Horkoff, J., Beckers, K.: Security attack analysis using attack patterns. In: 2016 IEEE 10th International Conference on Research Challenges in Information Science (RCIS), pp. 1\u201313. IEEE, Washington (2016)","DOI":"10.1109\/RCIS.2016.7549303"},{"key":"743_CR26","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1007\/978-3-319-39417-6_16","volume-title":"Domain-Specific Conceptual Modeling, Concepts, Methods and Tools","author":"H Mouratidis","year":"2016","unstructured":"Mouratidis, H., Argyropoulos, N., Shei, S.: Security requirements engineering for cloud computing: the Secure Tropos approach. In: Karagiannis, D., Mayr, H.C., Mylopoulos, J. (eds.) Domain-Specific Conceptual Modeling, Concepts, Methods and Tools, pp. 357\u2013380. Springer, Berlin (2016)"},{"issue":"2","key":"743_CR27","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285\u2013309 (2007)","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"issue":"03","key":"743_CR28","doi-asserted-by":"publisher","first-page":"471","DOI":"10.1142\/S0218194006002823","volume":"16","author":"H Mouratidis","year":"2006","unstructured":"Mouratidis, H., Weiss, M., Giorgini, P.: Modeling secure systems using an agent-oriented approach and security patterns. Int. J. Softw. Eng. Knowl. Eng. 16(03), 471\u2013498 (2006)","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"key":"743_CR29","doi-asserted-by":"crossref","unstructured":"Neubauer, T., Klemen, M., Biffl, S.: Secure business process management: a roadmap. In: 1st International Conference on Availability, Reliability and Security (ARES\u201906), pp. 457\u2013464. IEEE, Washington (2006)","DOI":"10.1109\/ARES.2006.121"},{"key":"743_CR30","doi-asserted-by":"publisher","unstructured":"Nhlabatsi, A., Bandara, A., Hayashi, S., Haley, C., Jurjens, J., Kaiya, H., Kubo, A., Laney, R., Mouratidis, H., Nuseibeh, B., Tun, T., Washizaki, H., Yoshioka, N., Yu, Y.: Security patterns: Comparing modeling approaches. In: Software Engineering for Secure Systems: Industrial and Research Perspectives, pp. 75\u201311. IGI Global (2011). \nhttps:\/\/doi.org\/10.4018\/978-1-61520-837-1","DOI":"10.4018\/978-1-61520-837-1"},{"key":"743_CR31","unstructured":"Object Management Group: Business Process Model Notation (BPMN) Version 2.0. Technical report (2011)"},{"key":"743_CR32","unstructured":"Rekik, M., Boukadi, K., Ben-Abdallah, H.: BPMN meta-model extension with deployment and security information. In: 13th International Arab Conference on Information Technology ACIT (2012)"},{"key":"743_CR33","doi-asserted-by":"crossref","unstructured":"Rodriguez, A., Fern\u00e1ndez-Medina, E., Piattini, M.: M-bpsec: a method for security requirement elicitation from a UML 2.0 business process specification. In: Advances in Conceptual Modeling\u2014Foundations and Applications, ER 2007 Workshops CMLSA, FP-UML, ONISW, QoIS, RIGiM, SeCoGIS, pp. 106\u2013115. Springer, Auckland, New Zealand (2007)","DOI":"10.1007\/978-3-540-76292-8_13"},{"issue":"5","key":"743_CR34","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1108\/10662240610710996","volume":"16","author":"DG Rosado","year":"2006","unstructured":"Rosado, D.G., Guti\u00e9rrez, C., Fern\u00e1ndez-Medina, E., Piattini, M.: Security patterns and requirements for internet-based applications. Internet Res. 16(5), 519\u2013536 (2006)","journal-title":"Internet Res."},{"issue":"3","key":"743_CR35","doi-asserted-by":"publisher","first-page":"737","DOI":"10.1007\/s10270-015-0499-4","volume":"16","author":"M Salnitri","year":"2016","unstructured":"Salnitri, M., Dalpiaz, F., Giorgini, P.: Designing secure business processes with SecBPMN. Softw. Syst. Model. 16(3), 737\u2013757 (2016)","journal-title":"Softw. Syst. Model."},{"key":"743_CR36","doi-asserted-by":"crossref","unstructured":"S\u00e9guran, M., H\u00e9bert, C., Frankova, G.: Secure workflow development from early requirements analysis. In: IEEE Sixth European Conference on Web Services ECOWS\u201908, pp. 125\u2013134. IEEE, Washington (2008)","DOI":"10.1109\/ECOWS.2008.13"},{"key":"743_CR37","doi-asserted-by":"crossref","unstructured":"Sindre, G.: Mal-activity diagrams for capturing attacks on business processes. In: International Working Conference on Requirements Engineering: Foundation for Software Quality, pp. 355\u2013366. Springer, Berlin (2007)","DOI":"10.1007\/978-3-540-73031-6_27"},{"key":"743_CR38","doi-asserted-by":"crossref","unstructured":"van Solingen\u00a0(Revision), R., Basili (Original\u00a0article 1994\u00a0ed.), V., Caldiera (Original\u00a0article 1994\u00a0ed.), G., Rombach (Original\u00a0article 1994\u00a0ed.), H.D.: Goal Question Metric (GQM) Approach. American Cancer Society (2002)","DOI":"10.1002\/0471028959.sof142"},{"key":"743_CR39","doi-asserted-by":"crossref","unstructured":"Souza, A.R., Silva, B.L., Lins, F.A., Damasceno, J.C., Rosa, N.S., Maciel, P.R., Medeiros, R.W., Stephenson, B., Motahari-Nezhad, H.R., Li, J., et\u00a0al.: Incorporating security requirements into service composition: from modelling to execution. In: Service-Oriented Computing, pp. 373\u2013388. Springer, Berlin (2009)","DOI":"10.1007\/978-3-642-10383-4_27"},{"key":"743_CR40","doi-asserted-by":"crossref","unstructured":"Stonebumer, G., Goguen, A., Fringa, A.: Risk management guide for information technology systems. Recommendations of the National Institute of Standards and Technology (2002)","DOI":"10.6028\/NIST.SP.800-30"},{"key":"743_CR41","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1007\/PL00010360","volume":"6","author":"A Toval","year":"2001","unstructured":"Toval, A., Nicol\u00e1s, J., Moros, B., Garcia, F.: Requirements reuse for improving information systems security: a practitioner\u2019s approach. Requir. Eng. 6, 205\u2013219 (2001)","journal-title":"Requir. Eng."},{"key":"743_CR42","volume-title":"Business Process Management: Concepts, Languages, Architectures","author":"M Weske","year":"2010","unstructured":"Weske, M.: Business Process Management: Concepts, Languages, Architectures. Springer, Berlin (2010)"},{"issue":"4","key":"743_CR43","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1016\/j.sysarc.2008.10.002","volume":"55","author":"C Wolter","year":"2009","unstructured":"Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. J. Syst. Archit. 55(4), 211\u2013223 (2009)","journal-title":"J. Syst. Archit."},{"issue":"5","key":"743_CR44","doi-asserted-by":"publisher","first-page":"35","DOI":"10.2201\/NiiPi.2008.5.5","volume":"5","author":"N Yoshioka","year":"2008","unstructured":"Yoshioka, N., Washizaki, H., Maruyama, K.: A survey on security patterns. Progr. Inform. 5(5), 35\u201347 (2008)","journal-title":"Progr. Inform."},{"key":"743_CR45","unstructured":"Zivkovic, S., K\u00fchn, H., Karagiannis, D.: Facilitate modelling using method integration: an approach using mappings and integration rules. In: European Conference on Information Systems (ECIS) (2007)"}],"container-title":["Software and Systems Modeling"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-019-00743-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10270-019-00743-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-019-00743-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,7,11]],"date-time":"2020-07-11T23:09:05Z","timestamp":1594508945000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10270-019-00743-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,7,13]]},"references-count":45,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2020,5]]}},"alternative-id":["743"],"URL":"https:\/\/doi.org\/10.1007\/s10270-019-00743-y","relation":{},"ISSN":["1619-1366","1619-1374"],"issn-type":[{"value":"1619-1366","type":"print"},{"value":"1619-1374","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,7,13]]},"assertion":[{"value":"11 November 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 June 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 July 2019","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 July 2019","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}