Secure business process model specification through a UML 2.0 activity diagram profile

Authors:
Alfonso Rodríguez;Eduardo Fernández-Medina;Juan Trujillo;Mario Piattini
Affiliations:
Computer Science and Information Technology Department, University of Bio-Bio. Casilla 447, Chillán, Chile;GSyA Research Group, Information Systems and Technologies Department, University of Castilla-La Mancha. Paseo de la Universidad 4, 13071, Ciudad Real, Spain;LUCENTIA Research Group, Department of Software and Computing Systems, University of Alicante, C/San Vicente S/N, 03690, Alicante, Spain;GSyA Research Group, Information Systems and Technologies Department, University of Castilla-La Mancha. Paseo de la Universidad 4, 13071, Ciudad Real, Spain
Venue:
Decision Support Systems
Year:
2011

Citing 24
Cited 3

An integrated approach for the specification of processes and related complex structured objects in business applications

Decision Support Systems - Special issue: workshop on information technology and systems (WITS '93)
The unified software development process

The unified software development process
Information systems architecture to support managed care business processes

Decision Support Systems
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Modeling Secure and Fair Electronic Commerce

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Towards Security Semantics in Workflow Management

HICSS '98 Proceedings of the Thirty-First Annual Hawaii International Conference on System Sciences-Volume 7 - Volume 7
A business process-driven approach to security engineering

DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Deriving security requirements from crosscutting threat descriptions

Proceedings of the 3rd international conference on Aspect-oriented software development
Computer Security in the Real World

Computer
Unifying business objects and system dynamics as a paradigm for developing decision support systems

Decision Support Systems
Semantics of UML 2.0 Activity Diagram for Business Modeling by Means of Virtual Machine

EDOC '05 Proceedings of the Ninth IEEE International EDOC Enterprise Computing Conference
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
An evaluation of conceptual business process modelling languages

Proceedings of the 2006 ACM symposium on Applied computing
Security requirement analysis of business processes

Electronic Commerce Research
Progress in Web-based decision support technologies

Decision Support Systems
A business process gap detecting mechanism between information system process flow and internal control flow

Decision Support Systems
A Taxonomy of Model Transformation

Electronic Notes in Theoretical Computer Science (ENTCS)
Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec

Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Security in business process engineering

BPM'03 Proceedings of the 2003 international conference on Business process management
A systematic review of security requirements engineering

Computer Standards & Interfaces
Mal-activity diagrams for capturing attacks on business processes

REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Towards CIM to PIM transformation: from secure business processes defined in BPMN to use-cases

BPM'07 Proceedings of the 5th international conference on Business process management
Semi-formal transformation of secure business processes into analysis class and use case models: An MDA approach

Information and Software Technology
Extending UML 2 activity diagrams with business intelligence objects

DaWaK'05 Proceedings of the 7th international conference on Data Warehousing and Knowledge Discovery

WorMS- a framework to support workflows in M&S

Proceedings of the Winter Simulation Conference
Editor's comments: riding the wave: past trends and future directions for health IT research

MIS Quarterly
Securing business processes using security risk-oriented patterns

Computer Standards & Interfaces

Quantified Score

Hi-index	0.01

Visualization

Abstract

Business processes have become important resources, both for an enterprise's performance and to enable it to maintain its competitiveness. The languages used for business process representation have, in recent years, been improved and new notations have appeared. However, despite the wide acceptance of the importance of business process security, to date the business analyst perspective in relation to security has hardly been dealt with. Moreover, security requirements cannot be represented in modern business process modeling notations. In this paper, we present an extension of UML 2.0 activity diagrams which will allow security requirements to be specified in business processes. Our proposal, denominated as BPSec (Business Process Security), is Model Driven Architecture compliant since it is possible to obtain a set of UML artifacts (Platform Independent Model-PIM) used in software development from a Secure Business Process model specification (Computation Independent Model-CIM). We also present the application of our approach to an example based on a typical health care institution, in which our M-BPSec method is employed as a framework for the use of our UML extension.