A BPMN extension for the modeling of security requirements in business processes

IEICE Transactions on Information and Systems

Volumn E90-D, Issue 4, 2007, Pages 745-752

  Rodríguez, Alfonso ^a   Fernández Medina, Eduardo ^b   Piattini, Mario ^b  

^a UNIVERSIDAD DEL BÍO BÍO   (Chile)

^b UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

BPMN; Business process; Security requirement

Indexed keywords

COMMERCE; HEALTH CARE; SECURITY OF DATA;

BUSINESS PROCESS; SECURITY REQUIREMENT;

MATHEMATICAL MODELS;

EID: 34247151648     PISSN: 09168532     EISSN: 17451361     Source Type: Journal    
DOI: 10.1093/ietisy/e90-d.4.745     Document Type: Article

References (38)

1. WfMC, Workflow Management Coalition: Terminology & Glossary, 1999.
2. G. Quirchmayr, "Survivability and business continuity management," ACSW Frontiers 2004 Workshops, Dunedin, New Zealand, 2004.
3. A. Zuccato, "Holistic security requirement engineering for electronic commerce," Computers & Security, vol.23, no.1, pp.63-76, 2004.
4. M. Backes, B. Pfitzmann, and M. Waider, "Security in business process engineering," International Conference on Business Process Management (BPM), Eindhoven, The Netherlands, 2003.
5. G. Herrmann and G. Pernul, "Viewing business process security from different perspectives," 11th International Bled Electronic Commerce Conference, Slovenia, 1998.
6. H. Mouratidis, P. Giorgini, and G.A. Manson, "When security meets software engineering: A case of modelling secure information systems," Information Systems, vol.30, no.8, pp.609-629, 2005.
7. J. Lopez, J.A. Montenegro, J.L. Vivas, E. Okamoto, and E. Dawson, "Specification and design of advanced authentication and authorization services," Computer Standards & Interfaces, vol.27, no.5, pp.467-478, 2005.
8. D. Firesmith, "Engineering security requirements," J. Object Technology, vol.2, no.1, Jan.-Feb., pp.53-68, 2003.
9. C. Artelsmair and R. Wagner, "Towards a security engineering process," The 7th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, Florida, USA, 2003.
10. H.-E. Eriksson and M. Penker, Business Modeling with UML, OMG Press, 2001.
11. G.M. Giaglis, "A taxonomy of business process modelling and information systems modelling techniques," Int. J. Flexible Manufacturing Systems, vol.13, no.2, pp.209-228, 2001.
12. Mega, "Business process modeling and standardization," in http://www.bpmg.org/downloads/Articles/Article-MEGA- BusinessProcessModeling&StandardizationEN.pdf, 2004.
13. BPMN, "Business process modeling notation (BPMN)," in http://www.bpmn.org/Documents/BPMN%20V1-0%20May%203%202004.pdf, 2004.
14. BPMN, "Business process modeling notation specification," OMG Final Adopted Specification, dtc/06-02-01. In http://www.bpmn.org/Documents/ OMG%20Final%20Adopted%20BPMN%201-0%20Spec%2006-02-01.pdf, 2006.
15. D.S. Frankel, "BPMI and OMG: The BPM merger," MDA Journal. In http://www.bptrends.com/publicationfiles/02-06%20COL%20MDA%20BPMI-OMG%20- %20Frankell.pdf, 2006.
16. T. Lodderstedt, D. Basin, and J. Doser, "SecureUML: A UML-based modeling language for model-driven security," The Unified Modeling Language, 5th International Conference, Dresden, Germany, 2002.
17. A. Maña, D. Ray, F. Sánchez, and M.I. Yagüe, "Integrando la Ingeniería de Seguridad en un Proceso de Ingeniería Software," VIII Reunión Española de Criptología y Seguridad de la Información, RECSI, Leganés, Madrid, España, 2004.
18. A.W. Rohm, G. Pernul, and G. Herrmann, "Modelling secure and fair electronic commerce," 14th Annual Computer Security Applications Conference, Scottsdale, Arizona, 1998.
19. J.L. Vivas, J.A. Montenegro, and J. Lopez, "Towards a business process-driven framework for security engineering with the UML," Information Security: 6th International Conference, ISC, Bristol, U.K., 2003.
20. A. Maña, J.A. Montenegro, C. Rudolph, and J.L. Vivas, "A business process-driven approach to security engineering," 14th International Workshop on Database and Expert Systems Applications (DEXA), Prague, Czech Republic, 2003.
21. A.W. Rohm, G. Herrmann, and G. Pernul, "A language for modelling secure business transactions," 15th Annual Computer Security Applications Conference, Phoenix, Arizona, 1999.
22. H. Abie, D.B. Aredo, T. Kristoffersen, S. Mazaher, and T. Raguin, "Integrating a security requirement language with UML," 7th International Conference, The UML: Modelling Languages and Applications, Lisbon, Portugal, 2004.
23. J. Jürjens, "Towards development of secure systems using UMLsec," Fundamental Approaches to Software Engineering, 4th International Conference, FASE 2001 at ETAPS-2001, Genova, Italy, 2001.
24. J. Jürjens, "Using UMLsec and goal trees for secure systems development," Proc. 2002 ACM Symposium on Applied Computing (SAC), Madrid, Spain, 2002.
25. D. Basin, J. Doser, and T. Lodderstedt, "Model driven security for process-oriented systems," SACMAT 2003, 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy, 2003.
26. H. Mouratidis, P. Giorgini, and G.A. Manson, "Integrating security and systems engineering: Towards the modelling of secure information systems," Advanced Information Systems Engineering, 15th International Conference, CAiSE 2003, Proceedings, vol.2681, pp.63-78, Klagenfurt, Austria, June 2003.
27. M.T. Siponen, "Analysis of modern IS security development approaches: Towards the next generation of social and adaptable ISS methods," Information and Organization, vol.15, pp.339-375, 2005.
28. M. Zulkernine and S.I. Ahamed, "Software security engineering: Toward unifying software engineering and security engineering," in Enterprise Information Systems Assurance and Systems Security: Managerial and Technical Issues, Idea Group, ed. M. Warkentin and R. Vaughn, pp.215-232, 2006.
29. D. Firesmith, "Specifying reusable security requirements," Journal of Object Technology, vol.3, no.1, pp.61-75, Jan.-Feb. 2004.
30. N. Castela, J. Tribolet, A. Silva, and A. Guerra, "Business process modeling with UML," Proc. 3rd International Conference on Enterprise Information Systems, Setubal, Portugal, 2001.
31. I. Bider, "Choosing approach to business process modeling - Practical perspective," in http://www.ibissoft.se/english/howto.pdf, 2003.
32. T. Dufresne and J. Martin, Process Modeling for e-Business, George Mason University, 2003.
33. A. Lonjon, "Business process modeling and standardization," BP-Trends, in http://www.bptrends.com/, 2004.
34. OMG, "Object management group," in http://www.omg.org/, 2004.
35. M. Owen and J. Raj, "BPMN and business process management; Introduction to the new business process modeling standard," in http://www.bpmn.org/Documents/6AD5D16960.BPMN_and_BPM.pdf, 2003.
36. S.A. White, Introduction to BPMN, IBM Corporation, in http://www.ebpml.org/bpmn.htm, 2004.
37. Object Management Group, "OCL 2.0 specification, version 2.0," in http://www.omg.org/docs/ptc/05-06-06.pdf, 2005.
38. J. Warmer and A. Kleppe, The Object Constraint Language: Getting Your Models Ready for MDA, Pearson Education, 2003.