SecBPMN Security Annotations

Security annotations represent security aspects of a business process. They can be included in a diagram by dragging and dropping them from the palette to the diagram, as all other SecBPMN2 elements. Is possible to specify a set of security properties for each security annotation in a SecBPMN2 diagram. The type of security property that can be specified depends on which SecBPMN2 element the security annotation is linked.
Specurity Aspects
Name
Description
We defined the security aspect represented by this security annotation as the ability of a system to hold users responsible for their actions (e.g. misuse of information).
We defined the security aspect represented by this security annotation as the ability of a system to conduct persistent, non-by passable monitoring of all actions performed by humans or machines within the system.
We defined the security aspect represented by this security annotation as the ability of a system to verify identity and establish trust in a third party and in information it provides.
We defined the security aspect represented by this security annotation as the ability of a system to ensure that all system's components are available and operational when they are required by authorized users.
We defined the security aspect represented by this security annotation as the ability of a system to ensure that only authorized users access information.
We defined the security aspect represented by this security annotation as the ability of a system to ensure completeness, accuracy and absence of unauthorized modifications in all its components.
We defined the security aspect represented by this security annotation as the ability of a system to prove (with legal validity) occurrence/non-occurrence of an event or participation/non-participation of a party in an event.
We defined the security aspect represented by this security annotation as the ability of a system to obey privacy legislation and to enable individuals to control, where feasible, their personal information (user-involvement).
We defined the security aspect represented by this security annotation as the ability of the system to force two or more different people to be responsible for the completion of a task or set of related tasks.
We defined the security aspect represented by this security annotation as the ability of the system to require the same person to be responsible for the completion of a set of related tasks.
We defined the security aspect represented by this security annotation as the ability of the system to require that a set of actions is executed only by the users assigned.
Specification Elements
Name
Description
We defined the security aspect represented by this security annotation as the ability of a system to hold users responsible for their actions (e.g. misuse of information).
We defined the security aspect represented by this security annotation as the ability of a system to conduct persistent, non-by passable monitoring of all actions performed by humans or machines within the system.
We defined the security aspect represented by this security annotation as the ability of a system to verify identity and establish trust in a third party and in information it provides.
We defined the security aspect represented by this security annotation as the ability of a system to ensure that all system's components are available and operational when they are required by authorized users.
We defined the security aspect represented by this security annotation as the ability of a system to ensure that only authorized users access information.
We defined the security aspect represented by this security annotation as the ability of a system to ensure completeness, accuracy and absence of unauthorized modifications in all its components.
We defined the security aspect represented by this security annotation as the ability of a system to prove (with legal validity) occurrence/non-occurrence of an event or participation/non-participation of a party in an event.
We defined the security aspect represented by this security annotation as the ability of a system to obey privacy legislation and to enable individuals to control, where feasible, their personal information (user-involvement).
We defined the security aspect represented by this security annotation as the ability of the system to force two or more different people to be responsible for the completion of a task or set of related tasks.
We defined the security aspect represented by this security annotation as the ability of the system to require the same person to be responsible for the completion of a set of related tasks.
We defined the security aspect represented by this security annotation as the ability of the system to require that a set of actions is executed only by the users assigned.

  • Security Aspects

    • Accountability

      We defined the security aspect represented by this security annotation as the ability of a system to hold users responsible for their actions (e.g. misuse of information).
      Specification Elements:
      Accountability
      Threats:
      Repudiation

    • Auditability

      We defined the security aspect represented by this security annotation as the ability of a system to conduct persistent, non-by passable monitoring of all actions performed by humans or machines within the system.
      Specification Elements:
      Auditability
      Threats:
      Repudiation

    • Authenticity

      We defined the security aspect represented by this security annotation as the ability of a system to verify identity and establish trust in a third party and in information it provides.
      Specification Elements:
      Authenticity
      Threats:
      Spoofing

    • Availability

      We defined the security aspect represented by this security annotation as the ability of a system to ensure that all system's components are available and operational when they are required by authorized users.
      Specification Elements:
      Availability
      Threats:
      Denial of Service

    • Confidentiality

      We defined the security aspect represented by this security annotation as the ability of a system to ensure that only authorized users access information.
      Specification Elements:
      Confidentiality
      Threats:
      Information Disclosure

    • Integrity

      We defined the security aspect represented by this security annotation as the ability of a system to ensure completeness, accuracy and absence of unauthorized modifications in all its components.
      Specification Elements:
      Integrity
      Threats:
      Tampering with Data

    • Non-Repudiation

      We defined the security aspect represented by this security annotation as the ability of a system to prove (with legal validity) occurrence/non-occurrence of an event or participation/non-participation of a party in an event.
      Specification Elements:
      Non-Repudiation
      Threats:
      Repudiation

    • Privacy

      We defined the security aspect represented by this security annotation as the ability of a system to obey privacy legislation and to enable individuals to control, where feasible, their personal information (user-involvement).
      Specification Elements:
      Privacy
      Confidentiality
      Threats:

    • Separation of duty

      We defined the security aspect represented by this security annotation as the ability of the system to force two or more different people to be responsible for the completion of a task or set of related tasks.
      Specification Elements:
      Separation of duty
      Threats:
      Denial of Service
      Tampering with Data

    • Bind of duty

      We defined the security aspect represented by this security annotation as the ability of the system to require the same person to be responsible for the completion of a set of related tasks.
      Specification Elements:
      Bind of duty
      Threats:
      Tampering with Data

    • Non delegation

      We defined the security aspect represented by this security annotation as the ability of the system to require that a set of actions is executed only by the users assigned.
      Specification Elements:
      Non delegation
      Threats:
      Elevation of Privileges
      Tampering with Data
      Information Disclosure

    Specification Elements

    • Accountability

      We defined the security aspect represented by this security annotation as the ability of a system to hold users responsible for their actions (e.g. misuse of information).
      Applies to:
      Activity

    • Auditability

      We defined the security aspect represented by this security annotation as the ability of a system to conduct persistent, non-by passable monitoring of all actions performed by humans or machines within the system.
      Applies to:
      Activity
      Data
      InformationFlow

    • Authenticity

      We defined the security aspect represented by this security annotation as the ability of a system to verify identity and establish trust in a third party and in information it provides.
      Applies to:
      Activity
      Data

    • Availability

      We defined the security aspect represented by this security annotation as the ability of a system to ensure that all system's components are available and operational when they are required by authorized users.
      Applies to:
      Activity
      Data
      InformationFlow

    • Confidentiality

      We defined the security aspect represented by this security annotation as the ability of a system to ensure that only authorized users access information.
      Applies to:
      Data
      InformationFlow

    • Integrity

      We defined the security aspect represented by this security annotation as the ability of a system to ensure completeness, accuracy and absence of unauthorized modifications in all its components.
      Applies to:
      Activity
      Data
      InformationFlow

    • Non-Repudiation

      We defined the security aspect represented by this security annotation as the ability of a system to prove (with legal validity) occurrence/non-occurrence of an event or participation/non-participation of a party in an event.
      Applies to:
      Activity
      InformationFlow

    • Privacy

      We defined the security aspect represented by this security annotation as the ability of a system to obey privacy legislation and to enable individuals to control, where feasible, their personal information (user-involvement).
      Applies to:
      Activity
      Data

    • Separation of duty

      We defined the security aspect represented by this security annotation as the ability of the system to force two or more different people to be responsible for the completion of a task or set of related tasks.
      Applies to:
      Entity

    • Bind of duty

      We defined the security aspect represented by this security annotation as the ability of the system to require the same person to be responsible for the completion of a set of related tasks.
      Applies to:
      Entity

    • Non delegation

      We defined the security aspect represented by this security annotation as the ability of the system to require that a set of actions is executed only by the users assigned.
      Applies to:
      Activity