An analysis and evaluation of security aspects in the business process model and notation

Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Volumn , Issue , 2013, Pages 262-267

  Leitner, Maria ^a   Miller, Michelle ^a   Rinderle Ma, Stefanie ^a  

^a UNIVERSITY OF VIENNA   (Austria)

Author keywords

BPMN; Business Processes; Modeling; Security

Indexed keywords

ANALYSIS AND EVALUATION; BPMN; BUSINESS PROCESS; BUSINESS PROCESS MODEL; BUSINESS PROCESS MODEL AND NOTATION (BPMN); BUSINESS PROCESS MODELING LANGUAGES; PROCESS-AWARE INFORMATION SYSTEMS; SECURITY;

MODELS; SYSTEMS ENGINEERING;

MATHEMATICAL MODELS;

EID: 84892405502     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2013.34     Document Type: Conference Paper

References (23)

1. M. Weske, Business Process Management: Concepts, Languages, Architectures. Springer, 2007.
2. V. Atluri and J. Warner, "Security for workflow systems," Handbook of Database Security: Applications and Trends, p. 213, 2007.
3. A. Rodriguez, E. Fernandez-Medina, and M. Piattini, "A BPMN extension for the modeling of security requirements in business processes," IEICE TRANSACTIONS on Information and Systems, vol. E90-D, no. 4, pp. 745-752, Apr. 2007.
4. C. Wolter, M. Menzel, and C. Meinel, "Modelling security goals in business processes," in Modellierung, ser. volume 127 of LNI. Berlin, Germany, 2008. GI, 2008, p. 197-212.
5. J. Mendling, H. A. Reijers, and J. Cardoso, "What makes process models understandable?" in Business Process Management, ser. LNCS. Springer, 2007, no. 4714, pp. 48-63.
6. C. Wolter and A. Schaad, "Modeling of task-based authorization constraints in BPMN," in Business Process Management, ser. LNCS. Springer, 2007, vol. 4714, p. 64-79.
7. OMG, "Business process model and notation (BPMN) version 2.0," OMG, OMG Document formal/2011-01-03, Jan. 2011. [Online]. Available: http://www.omg.org/spec/ BPMN/2.0
8. D. Moody, "The physics of notations: Toward a scientific basis for constructing visual notations in software engineering," IEEE Transactions on Software Engineering, vol. 35, no. 6, pp. 756-779, Dec. 2009.
9. D. L. Moody, "Theoretical and practical issues in evaluating the quality of conceptual models: current state and future directions," Data &Knowledge Engineering, vol. 55, no. 3, pp. 243-276, Dec. 2005.
10. A. F. Blackwell et al., "Cognitive dimensions of notations: Design tools for cognitive technology," in Cognitive Technology: Instruments of Mind, ser. LNCS. Springer, Jan. 2001, no. 2117, pp. 325-341.
11. N. Genon, P. Heymans, and D. Amyot, "Analysing the cognitive effectiveness of the BPMN 2.0 visual notation," in Software Language Engineering, ser. LNCS. Springer, Jan. 2011, no. 6563, pp. 377-396.
12. J. Mendling, J. Recker, and H. A. Reijers, "On the usage of labels and icons in business process modeling," International Journal of Information System Modeling and Design, vol. 1, no. 2, pp. 40-58, 2010.
13. M. Riesner and G. Pernul, "Supporting compliance through enhancing internal control systems by conceptual business process security modeling," in ACIS 2010 Proceedings, Jan. 2010.
14. M. Leitner, "Security policies in adaptive process-aware information systems: Existing approaches and challenges," in 2011 Sixth Int. Conference on Availability, Reliability and Security (ARES). IEEE, 2011, pp. 686-691.
15. H. M. Cooper, "Organizing knowledge syntheses: A taxonomy of literature reviews," Knowledge in Society, vol. 1, no. 1, pp. 104-126, Mar. 1988.
16. C. Wolter, A. Schaad, and C. Meinel, "Task-based entailment constraints for basic workflow patterns," in Proc. of the 13th ACM symposium on Access control models and technologies, ser. SACMAT '08. ACM, 2008, p. 51-60.
17. M. Menzel, I. Thomas, and C. Meinel, "Security requirements specifcation in service-oriented business process management," in Availability, Reliability and Security, 2009. ARES '09. Int. Conference on. IEEE, 2009, p. 41-48.
18. A. D. Brucker, I. Hang, G. Luckemeyer, and R. Ruparrel, "SecureBPMN: modeling and enforcing access control requirements in business processes," in SACMAT'12, ser. Proc. of the 17th ACM symposium on Access Control Models and Technologies. ACM, 2012, p. 123-125.
19. O. Altuhhova, R. Matulevicius, and N. Ahmed, "Towards definition of secure business processes," in Advanced Information Systems Engineering Workshops, ser. LNBIP, vol. 112. Springer, 2012, p. 1-15.
20. J. Lumsden and W. Morgan, "Online-questionnaire design: establishing guidelines and evaluating existing support," in 16th Annual Int. Conference of the Information Resources Management Association (IRMA'2005), vol. 47436. National Research Council of Canada, 2005.
21. R. A. Botha and J. H. P. Eloff, "Separation of duties for access control enforcement in workflow environments," IBM Systems Journal, vol. 40, no. 3, pp. 666-682, 2001.
22. M. Leitner, J. Mangler, and S. Rinderle-Ma, "SPRINT- responsibilities: Design and development of security policies in process-aware information systems," Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), vol. 2, no. 4, pp. 4-26, 2011.
23. N. Genon, P. Caire, H. Toussaint, P. Heymans, and D. Moody, "Towards a more semantically transparent i*visual syntax," in Requirements Engineering: Foundation for Software Quality, ser. LNCS. Springer, 2012, no. 7195, pp. 140-146.