Skip to main content

Towards SecureBPMN - Aligning BPMN with the Information Assurance and Security Domain

  • Conference paper

Part of the Lecture Notes in Business Information Processing book series (LNBIP,volume 125)

Abstract

The participation of business experts in the elicitation and formulation of Information Assurance & Security (IAS) requirements is crucial. Although business experts have security-related knowledge, there is still no formalised business process modelling notation allowing them to express this knowledge in a clear, unambiguous manner. In this paper we outline the foundational basis for SecureBPMN - a graphical security modelling extension for the BPMN 2.0. We also align the BPMN with the IAS domain in order to identify points for the extension. SecureBPMN adopts a holistic approach to IAS and is designed to serve as a ”communication bridge” between business and security experts.

Keywords

  • information security & assurance
  • BPMN
  • extension

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-33155-8_9
  • Chapter length: 9 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-33155-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   72.00
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cherdantseva, Y., Hilton, J.: Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals (May 2012), http://users.cs.cf.ac.uk/Y.V.Cherdantseva/Cherdantseva_Hilton_2012.pdf (accessed on June 22, 2012)

  2. Rodriguez, A., Fernandez-Medina, E., Piattini, M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Trans. Inf. Syst. E90-D, 745–752 (2007)

    CrossRef  Google Scholar 

  3. Lopez, J., Montenegro, J., Vivas, J., Okamoto, E., Dawson, E.: Specification and Design of Advanced Authentication and Authorization Services. Computer Standards and Interfaces 27(5), 467–478 (2005)

    CrossRef  Google Scholar 

  4. Leymann, F.: BPEL vs. BPMN 2.0: Should You Care? In: Mendling, J., Weidlich, M., Weske, M. (eds.) BPMN 2010. LNBIP, vol. 67, pp. 8–13. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  5. Völzer, H.: An Overview of BPMN 2.0 and Its Potential Use. In: Mendling, J., Weidlich, M., Weske, M. (eds.) BPMN 2010. LNBIP, vol. 67, pp. 14–15. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  6. Giaglis, G.: A taxonomy of business process modeling and information systems modeling techniques. International Journal of Flexible Manufacturing Systems 13(2), 209–228 (2001)

    CrossRef  Google Scholar 

  7. The OMG, Business Process Model and Notation (BPMN) Version 2.0 (January 03, 2011), http://www.omg.org/spec/BPMN/2.0 (accessed on June 22, 2012)

  8. Wolter, C., Schaad, A.: Modeling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64–79. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  9. Jakoubi, S., Tjoa, S., Goluch, G., Quirchmayr, G.: A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management. In: International Workshop on Database and Expert Systems Applications, pp. 127–132 (2009)

    Google Scholar 

  10. Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Proc. GI Modellierung, vol. 127, pp. 197–212 (2008)

    Google Scholar 

  11. Mulle, J., Stackelberg, S., Bohm, K.: A Security Language for BPMN Process Models. Karlsruhe Reports in Informatics (September 2011)

    Google Scholar 

  12. Saleem, M., Jaafar, J., Hassan, M.: A Domain-Specific Language for Modelling Security Objectives in a Business Process Models of SOA Applications. AISS 4(1), 353–362 (2012)

    CrossRef  Google Scholar 

  13. Altuhhova, O., Matulevicius, R., Ahmed, N.: Towards Definition of Secure Business Processes. In: WISSE 2012, Gdansk, Poland (June 2012), http://gsya.esi.uclm.es/WISSE2012/papers/paper5.pdf (accessed on June 27, 2012)

  14. Mayer, N.: Model-based Management of Information System Security Risk. Doctoral Thesis, University of Namur (2009)

    Google Scholar 

  15. Cherdantseva, Y., Hilton, J., Rana, O.: SecureBPMN - a New Approach to Achieving Synergy between Information Security and Business Process Modelling (February 2012), http://users.cs.cf.ac.uk/Y.V.Cherdantseva/SecureBPMN.pdf (accessed on June 22, 2012)

  16. BOC Group. Risk management and compliance with ADONIS: Community Edition, http://www.adonis-community.com/fileadmin/media/documents/RM_with_ADONISCE.pdf (accessed on May 21, 2012)

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cherdantseva, Y., Hilton, J., Rana, O. (2012). Towards SecureBPMN - Aligning BPMN with the Information Assurance and Security Domain. In: Mendling, J., Weidlich, M. (eds) Business Process Model and Notation. BPMN 2012. Lecture Notes in Business Information Processing, vol 125. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33155-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33155-8_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33154-1

  • Online ISBN: 978-3-642-33155-8

  • eBook Packages: Computer ScienceComputer Science (R0)