Tag Archives: Andreas Opdahl

PhD thesis: “Deriving Security Requirements from Business Process Models”


Naved Ahmed PhD thesis: “Deriving Security Requirements from Business Process Models”
Defense date: 16.12.2014 – 16:15 to 17:45 (J. Liivi 2-404, Tartu, Estonia)

Thesis supervisors:
Assoc. Prof. PhD. Raimundas Matulevicius, University of Tartu
Prof. PhD. Marlon Dumas, University of Tartu

Prof. PhD. Andreas L. Opdahl, University of Bergen, Norway
Assoc. Prof. PhD. Rafael Accorsi, University of Freiburg, Germany

To consider this need, the approach taken in this thesis is to analyse the business process models from a security perspective to derive security objectives and requirements. The thesis has proposed three complementary contributions: Firstly, security risk-oriented patterns that integrate the security risk analysis into business process models. These patterns supports security risk concepts in business process models that business analyst can understand easily. Secondly, the taxonomy for assessing security in business processes. This taxonomy is used to classify the security risk-oriented patterns and helps analysts to apply these patterns in business process models. Finally, these contributions form a foundation for a method, security requirements elicitation from business processes (SREBP) that performs a systematic elicitation of security requirements for their business processes.