Abstract
The participation of business experts in the elicitation and formulation of Information Assurance & Security (IAS) requirements is crucial. Although business experts have security-related knowledge, there is still no formalised business process modelling notation allowing them to express this knowledge in a clear, unambiguous manner. In this paper we outline the foundational basis for SecureBPMN - a graphical security modelling extension for the BPMN 2.0. We also align the BPMN with the IAS domain in order to identify points for the extension. SecureBPMN adopts a holistic approach to IAS and is designed to serve as a ”communication bridge” between business and security experts.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cherdantseva, Y., Hilton, J.: Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals (May 2012), http://users.cs.cf.ac.uk/Y.V.Cherdantseva/Cherdantseva_Hilton_2012.pdf (accessed on June 22, 2012)
Rodriguez, A., Fernandez-Medina, E., Piattini, M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Trans. Inf. Syst. E90-D, 745–752 (2007)
Lopez, J., Montenegro, J., Vivas, J., Okamoto, E., Dawson, E.: Specification and Design of Advanced Authentication and Authorization Services. Computer Standards and Interfaces 27(5), 467–478 (2005)
Leymann, F.: BPEL vs. BPMN 2.0: Should You Care? In: Mendling, J., Weidlich, M., Weske, M. (eds.) BPMN 2010. LNBIP, vol. 67, pp. 8–13. Springer, Heidelberg (2010)
Völzer, H.: An Overview of BPMN 2.0 and Its Potential Use. In: Mendling, J., Weidlich, M., Weske, M. (eds.) BPMN 2010. LNBIP, vol. 67, pp. 14–15. Springer, Heidelberg (2010)
Giaglis, G.: A taxonomy of business process modeling and information systems modeling techniques. International Journal of Flexible Manufacturing Systems 13(2), 209–228 (2001)
The OMG, Business Process Model and Notation (BPMN) Version 2.0 (January 03, 2011), http://www.omg.org/spec/BPMN/2.0 (accessed on June 22, 2012)
Wolter, C., Schaad, A.: Modeling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64–79. Springer, Heidelberg (2007)
Jakoubi, S., Tjoa, S., Goluch, G., Quirchmayr, G.: A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management. In: International Workshop on Database and Expert Systems Applications, pp. 127–132 (2009)
Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Proc. GI Modellierung, vol. 127, pp. 197–212 (2008)
Mulle, J., Stackelberg, S., Bohm, K.: A Security Language for BPMN Process Models. Karlsruhe Reports in Informatics (September 2011)
Saleem, M., Jaafar, J., Hassan, M.: A Domain-Specific Language for Modelling Security Objectives in a Business Process Models of SOA Applications. AISS 4(1), 353–362 (2012)
Altuhhova, O., Matulevicius, R., Ahmed, N.: Towards Definition of Secure Business Processes. In: WISSE 2012, Gdansk, Poland (June 2012), http://gsya.esi.uclm.es/WISSE2012/papers/paper5.pdf (accessed on June 27, 2012)
Mayer, N.: Model-based Management of Information System Security Risk. Doctoral Thesis, University of Namur (2009)
Cherdantseva, Y., Hilton, J., Rana, O.: SecureBPMN - a New Approach to Achieving Synergy between Information Security and Business Process Modelling (February 2012), http://users.cs.cf.ac.uk/Y.V.Cherdantseva/SecureBPMN.pdf (accessed on June 22, 2012)
BOC Group. Risk management and compliance with ADONIS: Community Edition, http://www.adonis-community.com/fileadmin/media/documents/RM_with_ADONISCE.pdf (accessed on May 21, 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cherdantseva, Y., Hilton, J., Rana, O. (2012). Towards SecureBPMN - Aligning BPMN with the Information Assurance and Security Domain. In: Mendling, J., Weidlich, M. (eds) Business Process Model and Notation. BPMN 2012. Lecture Notes in Business Information Processing, vol 125. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33155-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-33155-8_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33154-1
Online ISBN: 978-3-642-33155-8
eBook Packages: Computer ScienceComputer Science (R0)