Eliciting Security Requirements for Business Processes of Legacy Systems [chapter]

Nikolaos Argyropoulos, Luis Márquez Alcañiz, Haralambos Mouratidis, Andrew Fish, David G. Rosado, Ignacio García-Rodriguez de Guzmán, Eduardo Fernández-Medina
2015 Lecture Notes in Business Information Processing  
The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLE TM framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models
more » ... ilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by nontechnical stakeholders in alignment with organisational objectives.
doi:10.1007/978-3-319-25897-3_7 fatcat:uupjn5flbnhhre5v762xxs7npu