An MDA approach to develop secure business processes through a UML 2.0 extension

Computer Systems Science and Engineering

Volumn 22, Issue 5, 2007, Pages 307-319

  Rodríguez, Alfonso ^a   Fernández Medina, Eduardo ^b   Piattini, Mario ^b  

^a UNIVERSIDAD DEL BÍO BÍO   (Chile)

^b UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

Activity diagrams; Business process; Security requirement; UML

Indexed keywords

COMPUTER SOFTWARE; FINANCE; PHASE DIAGRAMS; PROBLEM SOLVING; PROCESS CONTROL; SECURITY OF DATA;

ACTIVITY DIAGRAMS; BUSINESS PROCESS; SECURITY REQUIREMENTS;

ELECTRONIC COMMERCE;

EID: 38949100023     PISSN: 02676192     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (44)

1. Aguilar-Savén, R. S.; Business process modelling: Review and framework, International Journal of Production Economics. Vol. 90(2). (2004). pp.129-149.
2. Arlow, J. and Neustadt, I., UML 2, Ediciones Anaya Multimedia, (2006). 608 p.
3. Artelsmair, C. and Wagner, R.; Towards a Security Engineering Process, The 7th World Multiconference on Systemics, Cybernetics and Informatics. Vol. VI. Orlando, Florida, USA. (2003). pp.22-27.
4. Backes, M., Pfitzmann, B. and Waider, M.; Security in Business Process Engineering, International Conference on Business Process Management (BPM). Vol. 2678, LNCS. Eindhoven, The Netherlands. (2003). pp. 168-183.
5. Basin, D., Doser, J. and Lodderstedt, T.; Model driven security for process-oriented systems, SACMAT 2003, 8th ACM Symposium on Access Control Models and Technologies. Villa Gallia, Como, Italy. (2003).
6. Bider, I.; Choosing Approach to Business Process Modeling - Practical Perspective. In http://www.ibissoft.se/english/howto.pdf. (2003).
7. Bock, C.; UML 2 Activity and Action Models, Journal of Object Technology. Vol. 2 (4), July-August. (2003). pp.43-53.
8. Bock, C.; UML 2 Activity and Action Models, Part2: Actions, Journal of Object Technology. Vol. 2 (5), September-October. (2003). pp.41-56.
9. BPMN; Business Process Modeling Notation Specification, OMG Final Adopted Specification, dtc/06-02-01. In http://www.bpmn.org/Documents/ OMG%20Final%20Adopted%20BPMN%201-0%20Spec%2006-02-01.pdf. (2006).
10. Castela, N., Tribolet, J., Silva, A. and Guerra, A.; Business Process Modeling with UML, Proceedings of the 3st. International Conference on Enterprise Information Systems. Vol. 2. Set-bal, Portugal. (2001). pp.679-685.
11. Eriksson, H.-E. and Penker, M., Business Modeling with UML, OMG Press. (2001).
12. Firesmith, D.; Engineering Security Requirements, Journal of Object Technology. Vol. 2 (1), January-February. (2003). pp.53-68.
13. Firesmith, D.; Specifying Reusable Security Requirements, Journal of Object Technology. Vol. 3 (1), January-February. (2004). pp.61-75.
14. Fuggetta, A.; Software process: a roadmap, ICSE 2000, 22nd International Conference on Software Engineering, Future of Software Engineering. Limerick Ireland. (2000). pp.25-34.
15. Giaglis, G. M.; A Taxonomy of Business Process Modelling and Information Systems Modelling Techniques, International Journal of Flexible Manufacturing Systems. Vol. 13 (2). (2001). pp.209-228.
16. Herrmann, G. and Pernul, G.; Viewing Business Process Security from Different Perspectives, 11th International Bled Electronic Commerce Conference. Slovenia. (1998). pp.89-103.
17. Hunt, S., A General Theory of Competition: Resources, Competences, Productivity, Economic Growth, Sage Publication Inc., First Edition, (2000). 320 p.
18. Jacobson, I., Booch, G. and Rumbaugh, J., El proceso unificado de desarrollo de software,. (2000). 464 p.
19. Jürjens, J.; Towards Development of Secure Systems Using UMLsec, Fundamental Approaches to Software Engineering, 4th International Conference, FASE 2001 at ETAPS-2001. Vol. 2029. Genova, Italy. (2001). pp. 187-200.
20. Jürjens, J.; Using UMLsec and goal trees for secure systems development. Proceedings of the 2002 ACM Symposium on Applied Computing (SAC). Madrid, Spain. (2002). pp. 1026-1030.
21. Jürjens, J., Secure Systems Development with UML, Springer Verlag, (2004). 309 p.
22. Kalnins, A., Barzdins, J. and Celms, E.; UML Business Modeling Profile, Thirteenth International Conference on Information Systems Development, Advances in Theory, Practice and Education. Vilnius, Lithuania. (2004). pp.182-194.
23. List, B. and Korherr, B.; A UML 2 Profile for Business Process Modelling, 1st International Workshop on Best Practices of UML (BP-UML 2005) at ER-2005. Klagenfurt, Austria. (2005).
24. Lodderstedt, T., Basin, D. and Doser, J.; SecureUML: A UML-Based Modeling Language for Model-Driven Security, The Unified Modeling Language, 5th International Conference. Vol. 2460. Dresden, Germany. (2002). pp.426-441.
25. Lonjon, A.; Business Process Modeling and Standardization, BPTrends. In http://www.bptrends.com/. (2004).
26. Lopez, J., Montenegro, J. A., Vivas, J. L., Okamoto, E. and Dawson, E.; Specification and design of advanced authentication and authorization services, Computer Standards & Interfaces. Vol. 27 (5). (2005). pp.467-478.
27. Maña, A., Montenegro, J. A., Rudolph, C. and Vivas, J. L.; A business process-driven approach to security engineering, 14th. International Workshop on Database and Expert Systems Applications (DEXA). Prague, Czech Republic. (2003). pp.477-481.
28. Maña, A., Ray, D., Sánchez, F. and Yagüe, M. I.; Integrando la Ingeniería de Seguridad en un Proceso de Ingeniería Software, VIII Reunión Española de Criptología y Seguridad de la Información, RECSI. Leganés, Madrid. España. (2004). pp.383-392.
29. Mega; Business Process Modeling and Standardization. In http://www.bpmg.org/downloads/Articles/Article-MEGA- BusinessProcessModeling&StandardizationEN.pdf. (2004).
30. Mouratidis, H., Giorgini, P. and Manson, G. A.; Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems, Advanced Information Systems Engineering, 15th International Conference, CAiSE 2003, Klagenfurt, Austria, June 16-18, 2003, Proceedings. Vol. 2681. (2003). pp.63-78.
31. Mouratidis, H., Giorgini, P. and Manson, G. A.; When security meets software engineering: a case of modelling secure information systems. Information Systems. Vol. 30 (8). (2005). pp.609-629.
32. Object Management Group; MDA Guide Version 1.0.1. In http://www.omg.org/docs/omg/03-06-01.pdf. (2003).
33. Object Management Group; Unified Modeling Language: Super-structure, version 2.0, formal/05-07-04. In http://www.omg.org/-docs/ formal/05-07-04.pdf. (2005).
34. OMG; Object Management Group. In http://www.omg.org/. (2004).
35. Pressman, R. S., Software Engineering: A Practitioner's Approach, 6th Edition, (2006). 880 p.
36. Quirchmayr, G.; Survivability and Business Continuity Management, ACSW Frontiers 2004 Workshops. Dunedin, New Zealand. (2004). pp.3-6.
37. Röhm, A. W., Pernul, G. and Herrmann, G.; Modelling Secure and Fair Electronic Commerce, 14th. Annual Computer Security Applications Conference. Scottsdale, Arizona. (1998). pp. 155-164.
38. Roser, S. and Bauer, B.; A Categorization of Collaborative Business Process Modeling Techniques, 7th IEEE International Conference on E-Commerce Technology Workshops (CEC 2005). Munchen, Germany. (2005). pp.43-54.
39. Siponen, M. T.; Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods. Information and Organization. Vol. 15. (2005). pp.339-375.
40. Sparks, G.; An Introduction to UML, The Business Process Model. In http://www.sparxsystems.com.au/WhitePapers/The_Business_Process_Model.pdf. (2000).
41. Stefanov, V., List, B. and Korherr, B.; Extending UML 2 Activity Diagrams with Business Intelligence Objects, 7th International Conference on Data Warehousing and Knowledge Discovery (DaWaK2005). Copenhagen, Denmark. (2005).
42. Vivas, J. L., Montenegro, J. A. and Lopez, J.; Towards a Business Process-Driven Framework for security Engineering with the UML, Information Security: 6th International Conference, ISC. Bristol, U.K. (2003). pp.381-395.
43. Zuccato, A.; Holistic security requirement engineering for electronic commerce, Computers & Security. Vol. 23 (1). (2004). pp.63-76.
44. Zulkernine, M. and Ahamed, S. I., Software Security Engineering: Toward Unifying Software Engineering and Security Engineering, in: Idea Group (Ed.), Enterprise Information Systems Assurance and Systems Security: Managerial and Technical Issues, M. Warkentin & R. Vaughn, 2006, p.215-232.