Developing an enterprise information security policy
SIGUCCS '02 Proceedings of the 30th annual ACM SIGUCCS conference on User services
Modeling Secure and Fair Electronic Commerce
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Language for Modeling Secure Business Transactions
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
MDA Explained: The Model Driven Architecture: Practice and Promise
MDA Explained: The Model Driven Architecture: Practice and Promise
A business process-driven approach to security engineering
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
MDA Distilled
Understanding Web Applications through Dynamic Analysis
IWPC '04 Proceedings of the 12th IEEE International Workshop on Program Comprehension
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
A Framework for Business Model Driven Development
STEP '04 Proceedings of the 12 International Workshop on Software Technology and Engineering Practice
On the architectural alignment of ATL and QVT
Proceedings of the 2006 ACM symposium on Applied computing
Security requirement analysis of business processes
Electronic Commerce Research
UML model transformation and its application to MDA technology
Programming and Computing Software
A BPMN Extension for the Modeling of Security Requirements in Business Processes
IEICE - Transactions on Information and Systems
Security Engineering for Service-Oriented Architectures
Security Engineering for Service-Oriented Architectures
Guidelines for conducting and reporting case study research in software engineering
Empirical Software Engineering
A Taxonomy of Model Transformation
Electronic Notes in Theoretical Computer Science (ENTCS)
Security in business process engineering
BPM'03 Proceedings of the 2003 international conference on Business process management
Mal-activity diagrams for capturing attacks on business processes
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Deriving XACML policies from business process models
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Towards CIM to PIM transformation: from secure business processes defined in BPMN to use-cases
BPM'07 Proceedings of the 5th international conference on Business process management
Towards a MOF/QVT-Based domain architecture for model driven security
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
SiTra: simple transformations in Java
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
Towards a UML 2.0 extension for the modeling of security requirements in business processes
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
A UML 2 profile for business process modelling
ER'05 Proceedings of the 24th international conference on Perspectives in Conceptual Modeling
Analysis-level classes from secure business processes through model transformations
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Information and Software Technology
Secure business process model specification through a UML 2.0 activity diagram profile
Decision Support Systems
Applying MDE to the (semi-)automatic development of model transformations
Information and Software Technology
Hi-index | 0.00 |
Context: Model-Driven Development (MDD) is an alternative approach for information systems development. The basic underlying concept of this approach is the definition of abstract models that can be transformed to obtain models near implementation. One fairly widespread proposal in this sphere is that of Model Driven Architecture (MDA). Business process models are abstract models which additionally contain key information about the tasks that are being carried out to achieve the company's goals, and two notations currently exist for modelling business processes: the Unified Modelling Language (UML), through activity diagrams, and the Business Process Modelling Notation (BPMN). Objective: Our research is particularly focused on security requirements, in such a way that security is modelled along with the other aspects that are included in a business process. To this end, in earlier works we have defined a metamodel called secure business process (SBP), which may assist in the process of developing software as a source of highly valuable requirements (including very abstract security requirements), which are transformed into models with a lower abstraction level, such as analysis class diagrams and use case diagrams through the approach presented in this paper. Method: We have defined all the transformation rules necessary to obtain analysis class diagrams and use case diagrams from SBP, and refined them through the characteristic iterative process of the action-research method. Results: We have obtained a set of rules and a checklist that make it possible to automatically obtain a set of UML analysis classes and use cases, starting from SBP models. Our approach has additionally been applied in a real environment in the area of the payment of electrical energy consumption. Conclusions: The application of our proposal shows that our semi-automatic process can be used to obtain a set of useful artifacts for software development processes.