A Model Driven Security Engineering Approach to Support Collaborative Tools Deployment Over Clouds

  • W. F. Ouedraogo
  • F. Biennier
  • P. Ghodous
Conference paper


The development of web 2.0 increases the call for agile and simple business process support. SOA (Service oriented Architecture) provides companies a new model to build their IT applications around their business processes and to combine them dynamically with the services of partner companies. Moreover cloud computing offers new business models and deployment opportunities to support adaptive and scalable execution environment. However, to provide services collaboration from several companies, the security policy associate to each company must be respected. So, the Business Process (BP) provides by these companies services inter-connections should be adapted to the security policy of each company and to the platform where it will be deployed. This leads to propose a new platform based on MDE (Model-Driven Engineering) approach to allow companies to build and deploy safely their BP in the Cloud environments.


Business process Cloud computing Security model MDE 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. OMG (Object Management Group), (2011). Business Process Model and Notation (BPMN) Version 2.0,
  2. Backes M, Pfitzmann B, Waider M (2003) Security in Business Process Engineering. In: vander Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678,pp. 168–183. Springer, HeidelbergGoogle Scholar
  3. Herrmann P, Herrmann G (2006) Security requirement analysis of business processes. Electronic Commerce Research 6(3-4), 305–335Google Scholar
  4. Rodriguez A., Fernandez-Medina E., Piattini M., (2007) A BPMN extension for the modelling of security requirements in business processes, the institute of electronics, Information and Communication Engineers (IEICE), Vol.E90-D, NO.4.Google Scholar
  5. Mülle J, von Stackelberg S, Klemen A (2011) Security Language for BPMN Process Models, Karlsruhe institute of technology, Germany.Google Scholar
  6. ANSI (Agence National de la sécurité des SI), (2004). Expression des besoins et identification des objectifs de sécurité. La démarche”, Version 2.Google Scholar
  7. Club de la sécurité de l’Information Français (CLUSIF), (2010). MEHARI 2010. Guide de la démarche d’analyse et de traitement des risques.Google Scholar
  8. Dorofee A (2002) Managing information security risks across the enterprise, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA 15213.Google Scholar
  9. Alberts, C., Dorofee, A., Stevens J., Woody C., (2003). Introduction to the OCTAVE Approach, Carnegie Mellon University, Pittsburgh.Google Scholar
  10. Moore AP, Ellison R J, (2001) Architectural Refinement for the Design of Survivable Systems, Technical Note (CMU/SEI-2001-TN-008). Software Engineering Institute, Carnegie Mellon University.Google Scholar
  11. Mell P, Grance T, J (2011) The NIST Definition of Cloud Computing, Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-145Google Scholar
  12. Sinclair J, Hudzia B, Lindner M (2011) The first International Conference on Cloud Computing and Services Science, CLOSER 2011 “Architecture for compliance analysis of distributed service based systems”. Belfast, Northern Ireland, U.K.Google Scholar
  13. US Government, (2001).Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act, Title V, s 505.Google Scholar
  14. Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration, Jericho Forum, Version 1.0, (April 2009),
  15. Organization for the Advancement of Structured Information Standards (OASIS), (2009). OASIS: Reference Architecture Foundation for Service Oriented Architecture, Version 1.0.Google Scholar
  16. Lima Dutra M, Ghodous P, Kuhn O, Minh T (2010) A Generic and Synchronous Ontology-based Architecture for Collaborative Design. Concurrent Engineering, Research and Applications 18(1):65-74, Sage, ISSN 1063 293X.2010.Google Scholar

Copyright information

© Springer-Verlag London 2013

Authors and Affiliations

  1. 1.Université de LyonLyonFrance
  2. 2.Université de LyonLyonFrance
  3. 3.Université de LyonLyonFrance
  4. 4.Université de LyonLyonFrance

Personalised recommendations