{"id":"https://openalex.org/W2916733625","doi":"https://doi.org/10.1109/access.2019.2901408","title":"Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models","display_name":"Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models","publication_year":2019,"publication_date":"2019-01-01","ids":{"openalex":"https://openalex.org/W2916733625","doi":"https://doi.org/10.1109/access.2019.2901408","mag":"2916733625"},"language":"en","primary_location":{"id":"doi:10.1109/access.2019.2901408","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2901408","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08651587.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08651587.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5009713122","display_name":"\u00c1ngel Jes\u00fas Varela\u2010Vaca","orcid":"https://orcid.org/0000-0001-9953-6005"},"institutions":[{"id":"https://openalex.org/I79238269","display_name":"Universidad de Sevilla","ror":"https://ror.org/03yxnpp24","country_code":"ES","type":"education","lineage":["https://openalex.org/I79238269"]}],"countries":["ES"],"is_corresponding":true,"raw_author_name":"Angel J. Varela-Vaca","raw_affiliation_strings":["Department of Languages and Computer Systems, Universidad de Sevilla, Seville, Spain"],"affiliations":[{"raw_affiliation_string":"Department of Languages and Computer Systems, Universidad de Sevilla, Seville, Spain","institution_ids":["https://openalex.org/I79238269"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5105759489","display_name":"Luisa Parody","orcid":null},"institutions":[{"id":"https://openalex.org/I243381257","display_name":"Universidad Loyola Andaluc\u00eda","ror":"https://ror.org/0075gfd51","country_code":"ES","type":"education","lineage":["https://openalex.org/I243381257"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Luisa Parody","raw_affiliation_strings":["Department of Quantitative Methods, Universidad Loyola Andaluc\u00eda, Seville, Spain"],"affiliations":[{"raw_affiliation_string":"Department of Quantitative Methods, Universidad Loyola Andaluc\u00eda, Seville, Spain","institution_ids":["https://openalex.org/I243381257"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074878843","display_name":"Rafael M. Gasca","orcid":"https://orcid.org/0000-0003-2348-7424"},"institutions":[{"id":"https://openalex.org/I79238269","display_name":"Universidad de Sevilla","ror":"https://ror.org/03yxnpp24","country_code":"ES","type":"education","lineage":["https://openalex.org/I79238269"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Rafael M. Gasca","raw_affiliation_strings":["Department of Languages and Computer Systems, Universidad de Sevilla, Seville, Spain"],"affiliations":[{"raw_affiliation_string":"Department of Languages and Computer Systems, Universidad de Sevilla, Seville, Spain","institution_ids":["https://openalex.org/I79238269"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085482400","display_name":"Mar\u00eda Teresa G\u00f3mez-L\u00f3pez","orcid":"https://orcid.org/0000-0002-3562-875X"},"institutions":[{"id":"https://openalex.org/I79238269","display_name":"Universidad de Sevilla","ror":"https://ror.org/03yxnpp24","country_code":"ES","type":"education","lineage":["https://openalex.org/I79238269"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Maria T. Gomez-Lopez","raw_affiliation_strings":["Department of Languages and Computer Systems, Universidad de Sevilla, Seville, Spain"],"affiliations":[{"raw_affiliation_string":"Department of Languages and Computer Systems, Universidad de Sevilla, Seville, Spain","institution_ids":["https://openalex.org/I79238269"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5009713122"],"corresponding_institution_ids":["https://openalex.org/I79238269"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":4.2467,"has_fulltext":true,"cited_by_count":18,"citation_normalized_percentile":{"value":0.93948852,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"7","issue":null,"first_page":"26448","last_page":"26465"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10679","display_name":"Service-Oriented Architecture and Web Services","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7748626470565796},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5921692252159119},{"id":"https://openalex.org/keywords/business-process","display_name":"Business process","score":0.5562548041343689},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.5094950795173645},{"id":"https://openalex.org/keywords/it-risk-management","display_name":"IT risk management","score":0.48414358496665955},{"id":"https://openalex.org/keywords/business-process-modeling","display_name":"Business process modeling","score":0.46445131301879883},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.4598664939403534},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.45685723423957825},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.39996635913848877},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.356453001499176},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3527243733406067},{"id":"https://openalex.org/keywords/work-in-process","display_name":"Work in process","score":0.17071932554244995},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.13549378514289856},{"id":"https://openalex.org/keywords/operations-management","display_name":"Operations management","score":0.12665754556655884},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.10790383815765381},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.084358811378479},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.0807451605796814},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.0798182487487793}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7748626470565796},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5921692252159119},{"id":"https://openalex.org/C85345410","wikidata":"https://www.wikidata.org/wiki/Q851587","display_name":"Business process","level":3,"score":0.5562548041343689},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.5094950795173645},{"id":"https://openalex.org/C95609273","wikidata":"https://www.wikidata.org/wiki/Q5975208","display_name":"IT risk management","level":3,"score":0.48414358496665955},{"id":"https://openalex.org/C207505557","wikidata":"https://www.wikidata.org/wiki/Q4374012","display_name":"Business process modeling","level":4,"score":0.46445131301879883},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.4598664939403534},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.45685723423957825},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.39996635913848877},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.356453001499176},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3527243733406067},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.17071932554244995},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.13549378514289856},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.12665754556655884},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.10790383815765381},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.084358811378479},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0807451605796814},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.0798182487487793},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/access.2019.2901408","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2901408","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08651587.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:dnet:idus________::d39a9ce141c927d2cde13d4e4dc92c27","is_oa":true,"landing_page_url":"https://idus.us.es/handle//11441/97496","pdf_url":null,"source":{"id":"https://openalex.org/S4306402641","display_name":"LA Referencia (Red Federada de Repositorios Institucionales de Publicaciones Cient\u00edficas)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4383465926","host_organization_name":"LA Referencia","host_organization_lineage":["https://openalex.org/I4383465926"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:doaj.org/article:d7630e38ff31488da6de7649abde70fa","is_oa":true,"landing_page_url":"https://doaj.org/article/d7630e38ff31488da6de7649abde70fa","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 7, Pp 26448-26465 (2019)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2019.2901408","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2901408","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08651587.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.800000011920929,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G6043815090","display_name":null,"funder_award_id":"C3-2-R","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G6290219456","display_name":null,"funder_award_id":"ERDF/FEDER","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"}],"funders":[{"id":"https://openalex.org/F4320335322","display_name":"European Regional Development Fund","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2916733625.pdf","grobid_xml":"https://content.openalex.org/works/W2916733625.grobid-xml"},"referenced_works_count":54,"referenced_works":["https://openalex.org/W99212787","https://openalex.org/W292190198","https://openalex.org/W1484017021","https://openalex.org/W1484547669","https://openalex.org/W1485923049","https://openalex.org/W1524147119","https://openalex.org/W1564368922","https://openalex.org/W1574796686","https://openalex.org/W1584467173","https://openalex.org/W1587329505","https://openalex.org/W1598203759","https://openalex.org/W1767049285","https://openalex.org/W1897405301","https://openalex.org/W1968488071","https://openalex.org/W2003116861","https://openalex.org/W2011823066","https://openalex.org/W2027406005","https://openalex.org/W2041673544","https://openalex.org/W2051739511","https://openalex.org/W2069450150","https://openalex.org/W2093488546","https://openalex.org/W2097810426","https://openalex.org/W2109525584","https://openalex.org/W2113843354","https://openalex.org/W2116585427","https://openalex.org/W2120312005","https://openalex.org/W2123310844","https://openalex.org/W2125147053","https://openalex.org/W2130425133","https://openalex.org/W2137659272","https://openalex.org/W2144015498","https://openalex.org/W2146880511","https://openalex.org/W2147841110","https://openalex.org/W2148546044","https://openalex.org/W2149289754","https://openalex.org/W2166360477","https://openalex.org/W2169650076","https://openalex.org/W2178733959","https://openalex.org/W2492688925","https://openalex.org/W2727354310","https://openalex.org/W2802722292","https://openalex.org/W2887958162","https://openalex.org/W2889773352","https://openalex.org/W2901845095","https://openalex.org/W2911787024","https://openalex.org/W4226281451","https://openalex.org/W4252440432","https://openalex.org/W6604035468","https://openalex.org/W6610489107","https://openalex.org/W6628867059","https://openalex.org/W6639797517","https://openalex.org/W6681680402","https://openalex.org/W6682295044","https://openalex.org/W6684964486"],"related_works":["https://openalex.org/W3041075136","https://openalex.org/W2424740894","https://openalex.org/W2345053703","https://openalex.org/W2293459815","https://openalex.org/W4300427051","https://openalex.org/W2109588827","https://openalex.org/W2005124518","https://openalex.org/W2130425969","https://openalex.org/W2158627166","https://openalex.org/W237078725"],"abstract_inverted_index":{"Organizations":[0],"execute":[1],"daily":[2],"activities":[3,12,77,128,182],"to":[4,118,135,141,163,176,185,187,230],"meet":[5],"their":[6],"objectives.":[7,144],"The":[8,73],"performance":[9,223],"of":[10,27,47,52,55,59,75,89,99,124,127,167,169,180,190,200,219,222,236,238],"these":[11],"can":[13,61,78],"be":[14,42,62,79],"fundamental":[15],"for":[16],"achieving":[17],"a":[18,35,56,97,112,125,131,151,201,210,217],"business":[19,82,92,132,152],"objective,":[20,148],"but":[21],"they":[22],"also":[23],"imply":[24],"the":[25,45,50,53,76,87,90,100,120,138,142,165,178,181,188,198,205,232,239],"assumption":[26],"certain":[28],"security":[29,37,65],"risks":[30,103],"that":[31,183,203],"might":[32],"go":[33],"against":[34],"company's":[36],"policies.":[38],"A":[39],"risk":[40,88,113,168,179,191],"may":[41],"defined":[43],"as":[44],"effects":[46],"uncertainty":[48],"on":[49],"achievement":[51],"goals":[54],"company,":[57],"some":[58],"which":[60,86],"associated":[63],"with":[64,155],"aspects":[66],"(e.g.,":[67],"data":[68,71],"corruption":[69],"or":[70],"leakage).":[72],"execution":[74],"choreographed":[80],"using":[81],"processes":[83],"models,":[84],"in":[85,105,130,193,228],"entire":[91],"process":[93,133,153,170],"model":[94,134,139],"derives":[95],"from":[96],"combination":[98],"single":[101],"activity":[102],"(executed":[104],"an":[106,161,174],"isolated":[107],"manner).":[108],"In":[109,208],"this":[110,147],"paper,":[111],"assessment":[114],"method":[115],"is":[116,214,225],"proposed":[117],"enable":[119],"analysis":[121,224],"and":[122,196,216,234],"evaluation":[123],"set":[126,218],"combined":[129],"ascertain":[136],"whether":[137],"conforms":[140],"security-risk":[143,156,194],"To":[145],"achieve":[146],"we":[149],"use":[150],"extension":[154],"information":[157],"to:":[158],"1)":[159],"define":[160],"algorithm":[162,175],"verify":[164],"level":[166,189],"models;":[171],"2)":[172],"design":[173],"diagnose":[177],"fail":[184],"conform":[186],"established":[192],"objectives;":[195],"3)":[197],"implementation":[199],"tool":[202],"supports":[204],"described":[206],"proposal.":[207],"addition,":[209],"real":[211],"case":[212],"study":[213],"presented,":[215],"scalability":[220],"benchmarks":[221],"carried":[226],"out":[227],"order":[229],"check":[231],"usefulness":[233],"suitability":[235],"automation":[237],"algorithms.":[240]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}