Towards a UML 2.0 extension for the modeling of security requirements in business processes

Authors:
Alfonso Rodríguez;Eduardo Fernández-Medina;Mario Piattini
Affiliations:
Departamento de Auditoría e Informática, Universidad del Bio Bio, Chillán, Chile;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain
Venue:
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Year:
2006

Citing 10
Cited 8

Towards Development of Secure Systems Using UMLsec

FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
A Language for Modeling Secure Business Transactions

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A business process-driven approach to security engineering

DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Survivability and business continuity management

ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
A Categorization of Collaborative Business Process Modeling Techniques

CECW '05 Proceedings of the Seventh IEEE International Conference on E-Commerce Technology Workshops
Specification and design of advanced authentication and authorization services

Computer Standards & Interfaces
When security meets software engineering: a case of modelling secure information systems

Information Systems
Security in business process engineering

BPM'03 Proceedings of the 2003 international conference on Business process management
Extending UML 2 activity diagrams with business intelligence objects

DaWaK'05 Proceedings of the 7th international conference on Data Warehousing and Knowledge Discovery

Model-driven business process security requirement specification

Journal of Systems Architecture: the EUROMICRO Journal
Modeling e-government business processes: New approaches to transparent and efficient performance

Information Polity - Government Information Sharing and Integration: Combining the Social and the Technical. Papers from the 9th International Conference on Digital Government Research (d.g.o.2008)
Towards framework definition to obtain secure business process from legacy information systems

Proceedings of the first international workshop on Model driven service engineering and data quality and security
M-BPSec: a method for security requirement elicitation from a UML 2.0 business process specification

ER'07 Proceedings of the 2007 conference on Advances in conceptual modeling: foundations and applications
Semi-formal transformation of secure business processes into analysis class and use case models: An MDA approach

Information and Software Technology
Analysis-level classes from secure business processes through model transformations

TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Not Ready for Prime Time: A Survey on Security in Model Driven Development

International Journal of Secure Software Engineering
Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

Information and Software Technology

Quantified Score

Hi-index	0.01

Visualization

Abstract

Security is a crucial issue for business performance, but usually, it is considered after the business processes definition. Many security requirements can be expressed at the business process level. A business process model is important for software developers, since they can capture from it the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. This paper contains a description of our UML 2.0 extension for modeling secure business process through activity diagrams. We will apply this approach to a typical health-care business process.