A survey on automation of security requirements in service-based business processes

Abstract

Service-oriented computing (SOC) and business process management (BPM) are essential topics in computer science. Companies are widely adopting business process standards, such as BPMN, to model their business processes, while automatise them by using services from the SOC world. The automation leads to a gain of efficiency in executing business processes and facilitates the execution of tests. However, the automation also raises fundamental security concerns, especially considering that it can use external services available on the internet, e.g., web services. For example, companies are not comfortable to use systems that communicate over the internet without guarantees that secure actions have been adequately used. The main objective of this work is to provide a holistic view of current initiatives and tools to model and enforce security requirements in service-based business processes along with open research and practical challenges on this subject. The intention is that this work can serve as a source of theoretical and pragmatic ideas for those who want to execute their business processes having in mind security concerns.