Towards SecureBPMN - Aligning BPMN with the Information Assurance and Security Domain

  • Yulia Cherdantseva
  • Jeremy Hilton
  • Omer Rana
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 125)


The participation of business experts in the elicitation and formulation of Information Assurance & Security (IAS) requirements is crucial. Although business experts have security-related knowledge, there is still no formalised business process modelling notation allowing them to express this knowledge in a clear, unambiguous manner. In this paper we outline the foundational basis for SecureBPMN - a graphical security modelling extension for the BPMN 2.0. We also align the BPMN with the IAS domain in order to identify points for the extension. SecureBPMN adopts a holistic approach to IAS and is designed to serve as a ”communication bridge” between business and security experts.


information security & assurance BPMN extension 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cherdantseva, Y., Hilton, J.: Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals (May 2012), (accessed on June 22, 2012)
  2. 2.
    Rodriguez, A., Fernandez-Medina, E., Piattini, M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Trans. Inf. Syst. E90-D, 745–752 (2007)CrossRefGoogle Scholar
  3. 3.
    Lopez, J., Montenegro, J., Vivas, J., Okamoto, E., Dawson, E.: Specification and Design of Advanced Authentication and Authorization Services. Computer Standards and Interfaces 27(5), 467–478 (2005)CrossRefGoogle Scholar
  4. 4.
    Leymann, F.: BPEL vs. BPMN 2.0: Should You Care? In: Mendling, J., Weidlich, M., Weske, M. (eds.) BPMN 2010. LNBIP, vol. 67, pp. 8–13. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Völzer, H.: An Overview of BPMN 2.0 and Its Potential Use. In: Mendling, J., Weidlich, M., Weske, M. (eds.) BPMN 2010. LNBIP, vol. 67, pp. 14–15. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Giaglis, G.: A taxonomy of business process modeling and information systems modeling techniques. International Journal of Flexible Manufacturing Systems 13(2), 209–228 (2001)CrossRefGoogle Scholar
  7. 7.
    The OMG, Business Process Model and Notation (BPMN) Version 2.0 (January 03, 2011), (accessed on June 22, 2012)
  8. 8.
    Wolter, C., Schaad, A.: Modeling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64–79. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Jakoubi, S., Tjoa, S., Goluch, G., Quirchmayr, G.: A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management. In: International Workshop on Database and Expert Systems Applications, pp. 127–132 (2009)Google Scholar
  10. 10.
    Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Proc. GI Modellierung, vol. 127, pp. 197–212 (2008)Google Scholar
  11. 11.
    Mulle, J., Stackelberg, S., Bohm, K.: A Security Language for BPMN Process Models. Karlsruhe Reports in Informatics (September 2011)Google Scholar
  12. 12.
    Saleem, M., Jaafar, J., Hassan, M.: A Domain-Specific Language for Modelling Security Objectives in a Business Process Models of SOA Applications. AISS 4(1), 353–362 (2012)CrossRefGoogle Scholar
  13. 13.
    Altuhhova, O., Matulevicius, R., Ahmed, N.: Towards Definition of Secure Business Processes. In: WISSE 2012, Gdansk, Poland (June 2012), (accessed on June 27, 2012)
  14. 14.
    Mayer, N.: Model-based Management of Information System Security Risk. Doctoral Thesis, University of Namur (2009)Google Scholar
  15. 15.
    Cherdantseva, Y., Hilton, J., Rana, O.: SecureBPMN - a New Approach to Achieving Synergy between Information Security and Business Process Modelling (February 2012), (accessed on June 22, 2012)
  16. 16.
    BOC Group. Risk management and compliance with ADONIS: Community Edition, (accessed on May 21, 2012)

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Yulia Cherdantseva
    • 1
  • Jeremy Hilton
    • 2
  • Omer Rana
    • 1
  1. 1.School of Computer Science and InformaticsCardiff UniversityUK
  2. 2.Department of Informatics and Systems EngineeringCranfield UniversityUK

Personalised recommendations