CIM to PIM Transformation: A Reality

  • Alfonso Rodríguez
  • Eduardo Fernández-Medina
  • Mario Piattini
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 255)


Within the scope of MDA, the model transformation is orientated towards solving the problems of time, cost and quality associated with software creation. Moreover, business process modeling, through the use of industrial standards such as UML or BPMN, offers us a good opportunity to incorporate requirements at high levels of abstraction. We consider Secure Business Process models such as the Computation Independent Model (CIM). In this paper we show that it is possible to define CIM to PIM (Platform Independent Model) transformations, using QVT rules. Through our rules, we obtain certain UML analysis-level classes and use cases which will be part of the PIM of an information system. We illustrate our approach with a case study concerned with payment for the consumption of electrical energy.


Business process MDA Requirement specifications Security 


  1. 1.
    J. Bézivin, In Search of a Basic Principle for Model Driven Engineering, UPGRADE, European Journal for the Informatics Professional. Volume 5, Number 2, pp.21–24, (2004).Google Scholar
  2. 2.
    Object Management Group, MDA Guide Version 1.0.1. (Accessed 2003).
  3. 3.
    QVT, Meta Object Facility (MOF) 2.0 Query/View/Transformation Specification, OMG Adopted Specification ptc/05-11-01 (2005), p.204.Google Scholar
  4. 4.
    WfMC, Workflow Management Coalition: Terminology & Glossary (1999), p.65.Google Scholar
  5. 5.
    A. Rodríguez, E. Fernández-Medina, and M. Piattini, Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes, in Proc. of 3rd International Conference on Trust, Privacy and Security in Digital Business (TrustBus). Volume 4083 (Krakow, Poland, 2006), pp.51–61.Google Scholar
  6. 6.
    A. Rodríguez, E. Fernández-Medina, and M. Piattini, A BPMN Extension for the Modeling of Security Requirements in Business Processes, IEICE Transactions on Information and Systems. Volume E90-D, Number 4, pp.745–752, (2007).CrossRefGoogle Scholar
  7. 7.
    Object Management Group, Unified Modeling Language: Superstructure Version 2.1.1 (formal/2007-02-05). (Accessed 2007).
  8. 8.
    BPMN, Business Process Modeling Notation Specification, OMG Final Adopted Specification, dtc/06-02-01. (Accessed 2006).
  9. 9.
    M. Backes, B. Pfitzmann, and M. Waider, Security in Business Process Engineering, in International Conference on Business Process Management (BPM). Volume. 2678, LNCS (Eindhoven, Netherlands, 2003), pp.168–183.CrossRefGoogle Scholar
  10. 10.
    G. Herrmann and G. Pernul, Viewing Business Process Security from Different Perspectives, in Proc. of 11th International Bled Electronic Commerce Conference (Slovenia, 1998), pp.89–103.Google Scholar
  11. 11.
    P. Herrmann and G. Herrmann, Security requirement analysis of business processes, Electronic Commerce Research. Volume 6, Number 3–4, pp.305–335, (2006).CrossRefGoogle Scholar
  12. 12.
    A. Maña, J. A. Montenegro, C. Rudolph and J. L. Vivas, A business process-driven approach to security engineering, in 14th. International Workshop on Database and Expert Systems Applications (DEXA) (Prague, Czech Republic, 2003), pp.477–481.Google Scholar
  13. 13.
    A. W. Röhm, G. Pernul and G. Herrmann, Modelling Secure and Fair Electronic Commerce, in Proc. of 14th. Annual Computer Security Applications Conference (Scottsdale, Arizona, 1998), pp.155–164.Google Scholar
  14. 14.
    D. Firesmith, Specifying Reusable Security Requirements, Journal of Object Technology. Volume 3, Number 1, pp.61–75, (2004).Google Scholar
  15. 15.
    J. Lopez, J.A. Montenegro, J.L. Vivas, E. Okamoto and E. Dawson, Specification and design of advanced authentication and authorization services, Computer Standards & Interfaces. Volume 27, Number 5, pp.467–478, (2005).CrossRefGoogle Scholar
  16. 16.
    I. Jacobson, G. Booch and J. Rumbaugh, The Unified Software Development Process (1999), pp.463-.Google Scholar
  17. 17.
    A. Rodríguez, E. Fernández-Medina and M. Piattini, M-BPSec: A Method for Security Requirement Elicitation from a UML 2.0 Business Process Specification, in 3rd International Workshop on Foundations and Practices of UML (Auckland, New Zealand, 2007).Google Scholar
  18. 18.
    A. Rodríguez, E. Fernández-Medina and M. Piattini, Analysis-Level Classes from Secure Business Processes through Models Transformations, in Proc. of 4th International Conference on Trust, Privacy and Security in Digital Business (TrustBus) (Regensburg, Germany, 2007).Google Scholar
  19. 19.
    A. Rodríguez and I. García-Rodríguez de Guzmán, Obtaining Use Cases and Security Use Cases from Secure Business Process through the MDA Approach, in Workshop on Security in Information Systems (WOSIS) (Funchal, Madeira-Portugal, 2007).Google Scholar

Copyright information

© International Federation for Information Processing 2008

Authors and Affiliations

  • Alfonso Rodríguez
    • 1
  • Eduardo Fernández-Medina
    • 2
  • Mario Piattini
    • 2
  1. 1.Departamento de Auditoría e InformáticaUniversidad del Bio BioChillánChile
  2. 2.ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Indra Research and Development InstituteUniversity of Castilla-La ManchaCiudad RealSpain

Personalised recommendations