3rd International ICST Symposium on Information Assurance and Security

Research Article

Modelling Quality of Protection in Outsourced Business Processes

  • @INPROCEEDINGS{10.1109/IAS.2007.70,
        author={Fabio  Massacci and Artsiom  Yautsiukhin},
        title={Modelling Quality of Protection in Outsourced Business Processes},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        publisher={IEEE},
        proceedings_a={IAS},
        year={2007},
        month={9},
        keywords={Appraisal  Buildings  Companies  Concrete  Data security  Information security  Outsourcing  Protection  Service oriented architecture  Technology management},
        doi={10.1109/IAS.2007.70}
    }
    
  • Fabio Massacci
    Artsiom Yautsiukhin
    Year: 2007
    Modelling Quality of Protection in Outsourced Business Processes
    IAS
    IEEE
    DOI: 10.1109/IAS.2007.70
Fabio Massacci1,*, Artsiom Yautsiukhin1,*
  • 1: Dip. Informatica e TLC University of Trento
*Contact email: Fabio.Massacci@unitn.it, evtiukhi@dit.unitn.it

Abstract

There is a large number of research papers and standards dedicated to security for outsourced data. Yet, most papers propose new controls to access and protect the data rather than to assess the level of assurance of the whole process that is currently deployed. The main contributions of the paper is an approach for aggregating security properties of individual tasks of a complex business process in order to receive the level of assurance provided by the whole process. The approach takes into account the fact that some tasks of a business process may be outsourced and thus account for not very reliable partners. The approach chooses the concrete business process offering the highest assurance among several possible design alternatives by building an optimal hyper-path traversing the business process.