Capturing security requirements in business processes through a UML 2.0 activity diagrams profile

Authors:
Alfonso Rodríguez;Eduardo Fernández-Medina;Mario Piattini
Affiliations:
Departamento de Auditoría e Informática, Universidad del Bio Bio, Chillán, Chile;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain
Venue:
CoMoGIS'06 Proceedings of the 2006 international conference on Advances in Conceptual Modeling: theory and practice
Year:
2006

Citing 14
Cited 5

Software process: a roadmap

Proceedings of the Conference on The Future of Software Engineering
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems

Proceedings of the eighth ACM symposium on Access control models and technologies
Modeling Secure and Fair Electronic Commerce

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Language for Modeling Secure Business Transactions

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A business process-driven approach to security engineering

DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Survivability and business continuity management

ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
Software Engineering: A Practitioner's Approach

Software Engineering: A Practitioner's Approach
Specification and design of advanced authentication and authorization services

Computer Standards & Interfaces
Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods

Information and Organization
When security meets software engineering: a case of modelling secure information systems

Information Systems
Security in business process engineering

BPM'03 Proceedings of the 2003 international conference on Business process management
Secure Systems Development with UML

Secure Systems Development with UML
Extending UML 2 activity diagrams with business intelligence objects

DaWaK'05 Proceedings of the 7th international conference on Data Warehousing and Knowledge Discovery

Experimental comparison of attack trees and misuse cases for security threat identification

Information and Software Technology
Mal-activity diagrams for capturing attacks on business processes

REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Modeling process-related RBAC models with extended UML activity models

Information and Software Technology
On the evolution of quality conceptualization techniques

The evolution of conceptual modeling
Comparing attack trees and misuse cases in an industrial setting

Information and Software Technology

Quantified Score

Hi-index	0.01

Visualization

Abstract

Security has become a crucial aspect for the performance of present organizations since the protected object is the mission of them. Therefore, the management approach oriented to business processes has been a good answer for the current scenarios, changing and complex, where organizations develop their task. Both subjects form a basic requirement to reach not only the mission but also the organizational objectives in a strongly connected global economy. In this work, we will show a microprocess through which it is possible to specify and refine security requirements at a high level of abstraction, in a way that they can be incorporated into the development of a software system. In addition, an extension of UML 2.0 activity diagrams will be presented through which it is possible to identify such requirements.