Skip to main content
SpringerLink
Log in

Towards SecureBPMN - Aligning BPMN with the Information Assurance and Security Domain

  • Conference paper
Book cover Business Process Model and Notation (BPMN 2012)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 125))

Included in the following conference series:

Abstract

The participation of business experts in the elicitation and formulation of Information Assurance & Security (IAS) requirements is crucial. Although business experts have security-related knowledge, there is still no formalised business process modelling notation allowing them to express this knowledge in a clear, unambiguous manner. In this paper we outline the foundational basis for SecureBPMN - a graphical security modelling extension for the BPMN 2.0. We also align the BPMN with the IAS domain in order to identify points for the extension. SecureBPMN adopts a holistic approach to IAS and is designed to serve as a ”communication bridge” between business and security experts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cherdantseva, Y., Hilton, J.: Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals (May 2012), http://users.cs.cf.ac.uk/Y.V.Cherdantseva/Cherdantseva_Hilton_2012.pdf (accessed on June 22, 2012)

  2. Rodriguez, A., Fernandez-Medina, E., Piattini, M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Trans. Inf. Syst. E90-D, 745–752 (2007)

    Article  Google Scholar 

  3. Lopez, J., Montenegro, J., Vivas, J., Okamoto, E., Dawson, E.: Specification and Design of Advanced Authentication and Authorization Services. Computer Standards and Interfaces 27(5), 467–478 (2005)

    Article  Google Scholar 

  4. Leymann, F.: BPEL vs. BPMN 2.0: Should You Care? In: Mendling, J., Weidlich, M., Weske, M. (eds.) BPMN 2010. LNBIP, vol. 67, pp. 8–13. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Völzer, H.: An Overview of BPMN 2.0 and Its Potential Use. In: Mendling, J., Weidlich, M., Weske, M. (eds.) BPMN 2010. LNBIP, vol. 67, pp. 14–15. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  6. Giaglis, G.: A taxonomy of business process modeling and information systems modeling techniques. International Journal of Flexible Manufacturing Systems 13(2), 209–228 (2001)

    Article  Google Scholar 

  7. The OMG, Business Process Model and Notation (BPMN) Version 2.0 (January 03, 2011), http://www.omg.org/spec/BPMN/2.0 (accessed on June 22, 2012)

  8. Wolter, C., Schaad, A.: Modeling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64–79. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Jakoubi, S., Tjoa, S., Goluch, G., Quirchmayr, G.: A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management. In: International Workshop on Database and Expert Systems Applications, pp. 127–132 (2009)

    Google Scholar 

  10. Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Proc. GI Modellierung, vol. 127, pp. 197–212 (2008)

    Google Scholar 

  11. Mulle, J., Stackelberg, S., Bohm, K.: A Security Language for BPMN Process Models. Karlsruhe Reports in Informatics (September 2011)

    Google Scholar 

  12. Saleem, M., Jaafar, J., Hassan, M.: A Domain-Specific Language for Modelling Security Objectives in a Business Process Models of SOA Applications. AISS 4(1), 353–362 (2012)

    Article  Google Scholar 

  13. Altuhhova, O., Matulevicius, R., Ahmed, N.: Towards Definition of Secure Business Processes. In: WISSE 2012, Gdansk, Poland (June 2012), http://gsya.esi.uclm.es/WISSE2012/papers/paper5.pdf (accessed on June 27, 2012)

  14. Mayer, N.: Model-based Management of Information System Security Risk. Doctoral Thesis, University of Namur (2009)

    Google Scholar 

  15. Cherdantseva, Y., Hilton, J., Rana, O.: SecureBPMN - a New Approach to Achieving Synergy between Information Security and Business Process Modelling (February 2012), http://users.cs.cf.ac.uk/Y.V.Cherdantseva/SecureBPMN.pdf (accessed on June 22, 2012)

  16. BOC Group. Risk management and compliance with ADONIS: Community Edition, http://www.adonis-community.com/fileadmin/media/documents/RM_with_ADONISCE.pdf (accessed on May 21, 2012)

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Informatics, Cardiff University, UK

    Yulia Cherdantseva & Omer Rana

  2. Department of Informatics and Systems Engineering, Cranfield University, UK

    Jeremy Hilton

Authors
  1. Yulia Cherdantseva
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeremy Hilton
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Omer Rana
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Systems and Operations, Vienna University of Economics and Business, Vienna, Austria

    Jan Mendling

  2. Faculty of Industrial Engineering and Management, Technion - Israel Institute of Technology, Haifa, Israel

    Matthias Weidlich

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cherdantseva, Y., Hilton, J., Rana, O. (2012). Towards SecureBPMN - Aligning BPMN with the Information Assurance and Security Domain. In: Mendling, J., Weidlich, M. (eds) Business Process Model and Notation. BPMN 2012. Lecture Notes in Business Information Processing, vol 125. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33155-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33155-8_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33154-1

  • Online ISBN: 978-3-642-33155-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation