Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes

Rodríguez, Alfonso Sánchez; Fernández‐Medina, Eduardo; Piattini, Mario

doi:10.1007/11824633_6

Cited by 44 publications

(33 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach will lead to security vulnerabilities. It justifies spending more effort in defining security objectives in pre-development phases, where finding and removing an error/bug is easy and cheaper [29]. Furthermore, mastering these security access control models, protocols, and security implementations is also a daunting task [12,28].…”

Section: Problems In Current Security Standards For Web Services Basementioning

confidence: 99%

Security Problems of SOA Applications

Saleem¹

2017

IJSIA

View full text Add to dashboard Cite

show abstract

Section: Problems In Current Security Standards For Web Services Basementioning

confidence: 99%

Security Problems of SOA Applications

Saleem¹

2017

IJSIA

View full text Add to dashboard Cite

show abstract

“…Fig. 2 The AURUM process Modeling security requirements in business processes is also the goal of an extension of UML 2.0 by Rodríguez et al [27]. According to the authors, this is essential since software developers derive necessary requirements for software design and implementation from business processes [27].…”

Section: Related Workmentioning

confidence: 99%

“…2 The AURUM process Modeling security requirements in business processes is also the goal of an extension of UML 2.0 by Rodríguez et al [27]. According to the authors, this is essential since software developers derive necessary requirements for software design and implementation from business processes [27]. This early design of security requirements shall (1) use the (at least high-level) security knowledge of business analysts concerning business process security while initially modeling the processes and (2) reduce potential costs avoiding the additional implementation of business processes' security after the business processes have been implemented.…”

Section: Related Workmentioning

confidence: 99%

“…Fig. 3 Extending the UML 2.0 meta-model with security stereotypes [27] Zur Muehlen and Rosemann identify risk as an inherent property of every business process [35]. Therefore they propose to counteract the trend of considering risk only from a project management viewpoint and to tackle the topic of risk management in the context of business process management.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Risk-Aware Business Process Management—Establishing the Link Between Business and Security

Jakoubi

Tjoa

Goluch

et al. 2010

Complex Intelligent Systems and Their Applications

View full text Add to dashboard Cite

Companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements, companies predominantly apply business process management concepts. The substantial consideration of robustness and continuity of operations is performed in other domains such as risk or business continuity management. Applying these domains separately, analysis results may significantly differ as valuations from an economic and risk point of view may lead to deviating improvement recommendations. Observing developments in the past years one can see that regulative bodies, the industry as well as the research community laid a special focus on the tighter integration of business process and risk management. Consequently, the integrated consideration of economic, risk and security aspects when analyzing and designing business processes delivers enormous value to achieve these requirements. In this chapter, we present an survey about selected scientific approaches tackling the challenge of integrating economic and risk aspects. Furthermore, we present a methodology enabling the risk-aware modeling and simulation of business processes.

show abstract

“…The POSeM approach [2] has the objective to facilitate the selection process of security measures by providing recommendations derived from process descriptions. The two main concepts to meet this objective are (1) its Security Enhanced Process Language (SEPL) which enables the representation of security requirements within business processes and (2) two rule bases in order to check the process security definitions for consistency and afterwards identify required safeguards.…”

Section: Process Oriented Security Model (Posem)mentioning

confidence: 99%