Secure business process model specification through a UML 2.0 activity diagram profile

Rodríguez, Alfonso Sánchez; Fernández‐Medina, Eduardo; Trujillo, Juan; Piattini, Mario

doi:10.1016/j.dss.2011.01.018

Cited by 72 publications

(43 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In this work we focus on Mal-activity diagrams [15] (MAD) to define security risk management. MAD is proposed as an extension of UML activity diagrams [14]. It helps developers to elicit the security features, attack method and their countermeasures of an IS.…”

Section: Introductionmentioning

confidence: 99%

Towards Security Risk-oriented Mal Activity Diagram

JabedMorshedChowdhury¹

2012

IJCA

View full text Add to dashboard Cite

SRecently security has became one of the major concern in Information System (IS) development. Different security modeling language or security extension is used to model security features of IS. Mal Activity Diagram (MAD) is used at the design stage to represent security aspect. But it cannot model all the security risk management concepts. Without full coverage of concepts, it is not possible to model an IS efficiently and correctly. In this paper, first we propose a meta model for MAD which will help developers or other stakeholders to understand and use MAD correctly. Then we propose syntactic and semantic extensions of MAD to model all the risk management concepts. We have used this meta model and extension in a case study. This study shows that the meta model and extensions help us to correctly identify and model different security components of the system.

show abstract

Section: Introductionmentioning

confidence: 99%

Towards Security Risk-oriented Mal Activity Diagram

JabedMorshedChowdhury¹

2012

IJCA

View full text Add to dashboard Cite

show abstract

“…The majority of current proposals in the active research on security in the domain of BPM address either the analysis of security properties (e.g., [8,22]) or the augmentation of business process models with security requirement or control specifications (e.g., [6,7,23]). …”

Section: Related Workmentioning

confidence: 99%

“…Nevertheless, BPM methodologies, languages, and tooling provide only little support to express the security needs of an organization or the security controls applied within business processes [5]. Most approaches to meet this need address the analysis of business process models with regard to security properties or augment business process models with security requirement or control specifications, e.g., [6,7,8]. However, an approach to develop secure electronic business processes systematically is still missing [9].…”

Section: Introductionmentioning

confidence: 99%

SecEPM: A Security Engineering Process Model for Electronic Business Processes

Eichler

2012

2012 IEEE Ninth International Conference on E-Business Engineering

View full text Add to dashboard Cite

Abstract-Business process management (BPM) and accompanying systems allow organizations to react faster both to environmental and market changes. Therefore, BPM is widely applied in industry. Although organizations depend on the secure enactment of electronic business processes, existing BPM languages and techniques provide only little support for security. Several approaches have been proposed to close the gap for security in the domain of BPM. Nevertheless, an approach to develop secure electronic business processes systematically is still missing. In this paper, we provide the design as well as key entities of our Security Engineering Process Model (SecEPM) for electronic business processes. SecEPM guides security, business process, and domain experts through the development of secure business processes from the identification of security goals to the selection and configuration of security controls. It integrates security in the development life cycle of electronic business processes in a flexible way, thus allowing for a secure, adaptable organization.

show abstract

“…Rodríguez et al [35] present a UML profile extension for activity diagrams which aims to support the specification of certain security properties (e.g., access control, integrity, non-repudiation, and privacy). In [35], audits are specified as an additional characteristic for another security property.…”

Section: Related Workmentioning

confidence: 99%

“…In [35], audits are specified as an additional characteristic for another security property. The audit process is treated as a logging of data, and the logged data must be defined via attributes of the corresponding audited entity.…”

Section: Related Workmentioning

confidence: 99%

A UML Extension for the Model-Driven Specification of Audit Rules

Hoisl

Strembeck

2012

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Abstract. In recent years, a number of laws and regulations (such as the Basel II accord or SOX) demand that organizations record certain activities or decisions to fulfill legally enforced reporting duties. Most of these regulations have a direct impact on the information systems that support an organization's business processes. Therefore, the definition of audit requirements at the modeling-level is an important prerequisite for the thorough implementation and enforcement of corresponding policies in a software system. In this paper, we present a UML extension for the specification of audit properties. The extension is generic and can be applied to a wide variety of UML elements. In a model-driven development (MDD) approach, our extension can be used to generate corresponding audit rules via model transformations.

show abstract

Secure business process model specification through a UML 2.0 activity diagram profile

Cited by 72 publications

References 17 publications

Towards Security Risk-oriented Mal Activity Diagram

Towards Security Risk-oriented Mal Activity Diagram

SecEPM: A Security Engineering Process Model for Electronic Business Processes

A UML Extension for the Model-Driven Specification of Audit Rules

Contact Info

Product

Resources

About