Skip to main content

Capturing Security Requirements in Business Processes Through a UML 2.0 Activity Diagrams Profile

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNCS,volume 4231)

Abstract

Security has become a crucial aspect for the performance of present organizations since the protected object is the mission of them. Therefore, the management approach oriented to business processes has been a good answer for the current scenarios, changing and complex, where organizations develop their task. Both subjects form a basic requirement to reach not only the mission but also the organizational objectives in a strongly connected global economy. In this work, we will show a microprocess through which it is possible to specify and refine security requirements at a high level of abstraction, in a way that they can be incorporated into the development of a software system. In addition, an extension of UML 2.0 activity diagrams will be presented through which it is possible to identify such requirements.

Keywords

  • Business Process
  • Security Requirement
  • Base Class
  • Object Constraint Language
  • Activity Diagram

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/11908883_6
  • Chapter length: 11 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   99.00
Price excludes VAT (USA)
  • ISBN: 978-3-540-47704-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   129.00
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abie, H., Aredo, D.B., Kristoffersen, T., Mazaher, S., Raguin, T.: Integrating a Security Requirement Language with UML. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds.) UML 2004. LNCS, vol. 3273, pp. 350–364. Springer, Heidelberg (2004)

    Google Scholar 

  2. Artelsmair, C., Wagner, R.: Towards a Security Engineering Process. In: The 7th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, Florida, USA, vol. VI, pp. 22–27 (2003)

    Google Scholar 

  3. Backes, M., Pfitzmann, B., Waidner, M.: Security in Business Process Engineering. In: van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 168–183. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  4. Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: SACMAT 2003, 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy (2003)

    Google Scholar 

  5. Bock, C.: UML 2 Activity and Action Models. Journal of Object Technology 2(4), 43–53 (2003)

    CrossRef  Google Scholar 

  6. Eriksson, H.-E., Penker, M.: Business Modeling with UML. OMG Press (2001)

    Google Scholar 

  7. Firesmith, D.: Engineering Security Requirements. Journal of Object Technology 2(1), 53–68 (2003)

    CrossRef  Google Scholar 

  8. Firesmith, D.: Specifying Reusable Security. Journal of Object Technology 3(1), 61–75 (2004)

    CrossRef  Google Scholar 

  9. Fuggetta, A.: Software process: a roadmap. In: ICSE 2000, 22nd International Conference on Software Engineering, Future of Software Engineering, Limerick, Ireland, pp. 25–34 (2000)

    Google Scholar 

  10. Herrmann, G., Pernul, G.: Viewing Business Process Security from Different Perspectives. In: 11th International Bled Electronic Commerce Conference, Slovenia, pp. 89–103 (1998)

    Google Scholar 

  11. Jacobson, I., Booch, G., Rumbaugh, J.: El proceso unificado de desarrollo de software, 464 p. (2000)

    Google Scholar 

  12. Jürjens, J.: Secure Systems Development with UML, 309 p. Springer, Heidelberg (2004)

    Google Scholar 

  13. Kalnins, A., Barzdins, J., Celms, E.: UML Business Modeling Profile. In: Thirteenth International Conference on Information Systems Development, Advances in Theory, Practice and Education, Vilnius, Lithuania, pp. 182–194 (2004)

    Google Scholar 

  14. List, B., Korherr, B.: A UML 2 Profile for Business Process Modelling. In: 1st International Workshop on Best Practices of UML (BP-UML 2005) at ER 2005, Klagenfurt, Austria (2005)

    Google Scholar 

  15. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  16. Lopez, J., Montenegro, J.A., Vivas, J.L., Okamoto, E., Dawson, E.: Specification and design of advanced authentication and authorization services. Computer Standards & Interfaces 27(5), 467–478 (2005)

    CrossRef  Google Scholar 

  17. Maña, A., Montenegro, J.A., Rudolph, C., Vivas, J.L.: A business process-driven approach to security engineering. In: 14th International Workshop on Database and Expert Systems Applications (DEXA). Prague, Czech Republic, pp. 477–481 (2003)

    Google Scholar 

  18. Maña, A., Ray, D., Sánchez, F., Yagüe, M.I.: Integrando la Ingeniería de Seguridad en un Proceso de Ingeniería Software. In: VIII Reunión Española de Criptología y Seguridad de la Información, RECSI. Leganés, Madrid, España, pp. 383–392 (2004)

    Google Scholar 

  19. Mouratidis, H., Giorgini, P., Manson, G.A.: When security meets software engineering: a case of modelling secure information systems. Information Systems 30(8), 609–629 (2005)

    CrossRef  Google Scholar 

  20. Object Management Group, Unified Modeling Language: Superstructure, version 2.0, formal/05-07-04 (2005), http://www.omg.org/docs/formal/05-07-04.pdf

  21. Pressman, R.S.: Software Engineering: A Practitioner’s Approach, 6th edn., 880 p. (2006)

    Google Scholar 

  22. Quirchmayr, G.: Survivability and Business Continuity Management. In: ACSW Frontiers 2004 Workshops, Dunedin, New Zealand, pp. 3–6 (2004)

    Google Scholar 

  23. Röhm, A.W., Herrmann, G., Pernul, G.: A Language for Modelling Secure Business Transactions. In: 15th Annual Computer Security Applications Conference, Phoenix, Arizona, pp. 22–31 (1999)

    Google Scholar 

  24. Röhm, A.W., Pernul, G., Herrmann, G.: Modelling Secure and Fair Electronic Commerce. In: 14th Annual Computer Security Applications Conference, Scottsdale, Arizona, pp. 155–164 (1998)

    Google Scholar 

  25. Siponen, M.T.: Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods. Information and Organization 15, 339–375 (2005)

    CrossRef  Google Scholar 

  26. Stefanov, V., List, B., Korherr, B.: Extending UML 2 Activity Diagrams with Business Intelligence Objects. In: Tjoa, A.M., Trujillo, J. (eds.) DaWaK 2005. LNCS, vol. 3589, pp. 53–63. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  27. Vivas, J.L., Montenegro, J.A., Lopez, J.: Towards a Business Process-Driven Framework for security Engineering with the UML. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 381–395. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  28. Zulkernine, M., Ahamed, S.I.: Software Security Engineering: Toward Unifying Software Engineering and Security Engineering. In: Idea Group (eds.) Enterprise Information Systems Assurance and Systems Security: Managerial and Technical Issues, M. Warkentin & R. Vaughn, pp. 215–232 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rodríguez, A., Fernández-Medina, E., Piattini, M. (2006). Capturing Security Requirements in Business Processes Through a UML 2.0 Activity Diagrams Profile. In: , et al. Advances in Conceptual Modeling - Theory and Practice. ER 2006. Lecture Notes in Computer Science, vol 4231. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908883_6

Download citation

  • DOI: https://doi.org/10.1007/11908883_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-47703-7

  • Online ISBN: 978-3-540-47704-4

  • eBook Packages: Computer ScienceComputer Science (R0)