An Aspect-Oriented Approach to Enforce Security Properties in Business Processes

The use of business process standards to model and execute business needs is growing rapidly. In addition, Service-oriented Computing has been adopted to realize business processes, which basically consists of executing the process activities using services available in the Internet. In this context, the importance of security is apparent, because sensitive data sent over the Internet may be accessed by unauthorized thirdparties. To prevent security problems, users may associate security requirements that must be enforced in essential tasks of the business process. This fact leads to the need of automation, because both functional and security requirements should be modeled, at high-level, and enforced, at execution level. This work proposes a cloud-based solution named BPA-Sec4Cloud that supports all phases of the security-aware business process automation, from its modeling to its deployment. The use of a cloud-based solution facilitates the deployment process because all needed resources are available in the cloud and ready to be used. In addition, the cloud is also used as a platform in order to provide specific services, such as translators, to support the automation process. In order to evaluate the BPA-Sec4Cloud, the solution was compared against existing solutions through the use of metrics related to the quality of generated artifacts. B Fernando Lins

show abstract