M-BPSec: a method for security requirement elicitation from a UML 2.0 business process specification

Authors:
Alfonso Rodríguez;Eduardo Fernández-Medina;Mario Piattini
Affiliations:
Departamento de Auditoría e Informática, Universidad del Bio Bio, Chillán, Chile;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Indra Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Indra Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain
Venue:
ER'07 Proceedings of the 2007 conference on Advances in conceptual modeling: foundations and applications
Year:
2007

Citing 7
Cited 3

The unified software development process

The unified software development process
Requirements engineering: a roadmap

Proceedings of the Conference on The Future of Software Engineering
UML 2.0 and the Unified Process: Practical Object-Oriented Analysis and Design (2nd Edition)

UML 2.0 and the Unified Process: Practical Object-Oriented Analysis and Design (2nd Edition)
Specification and design of advanced authentication and authorization services

Computer Standards & Interfaces
Towards a UML 2.0 extension for the modeling of security requirements in business processes

TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
A comparative study of proposals for establishing security requirements for the development of secure information systems

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Analysis-level classes from secure business processes through model transformations

TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business

An MDA-Based Environment for Generating Access Control Policies

TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Monitoring and Diagnosing Malicious Attacks with Autonomic Software

ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
A comparison of software design security metrics

Proceedings of the Fourth European Conference on Software Architecture: Companion Volume

Quantified Score

Hi-index	0.00

Visualization

Abstract

The early attainment of requirements in a software development process allows us to improve the quality of the product. Although many methods through which to elicit requirements exist, few of them are specifically designed for security requirements. This paper describes a method - M-BPSec - which permits the elicitation of security requirements which form part of a business process description carried out with a UML 2.0 Activity Diagram. MBPSec is made up of stages, actors, tools and artifacts which, when applied in a coordinated manner, allow us to specify security requirements in business processes and to obtain class and use cases from this specification.