Abstract
In recent years, business process models are used to define security properties for the corresponding business information systems. In this context, a number of approaches emerged that integrate security properties into standard process modeling languages. Often, these security properties are depicted as text annotations or graphical extensions. However, because the symbols of process-related security properties are not standardized, different issues concerning the comprehensibility and maintenance of the respective models arise. In this paper, we present the initial results of an experimental study on the design and modeling of 11 security concepts in a business process context. In particular, we center on the semantic transparency of the visual symbols that are intended to represent the different concepts (i.e. the one-to-one correspondence between the symbol and its meaning). Our evaluation showed that various symbols exist which are well-perceived. However, further studies are necessary to dissolve a number of remaining issues.
Chapter PDF
References
Zairi, M.: Business Process Management: A Boundaryless Approach to Modern Competitiveness. Business Process Management Journal 3(1), 64–80 (1997)
zur Muehlen, M., Indulska, M.: Modeling Languages for Business Processes and Business Rules: A Representational Analysis. Information Systems 35(4) (2010)
Weske, M.: Business Process Management: Concepts, Languages, Architectures. Springer (2007)
OMG: Business process model and notation (BPMN) version 2.0. OMG Document formal/2011-01-03, Object Management Group (January 2011)
OMG: Unified Modeling Language (OMG UML): Superstructure version 2.4.1. OMG Document formal/2011-08-06, Object Management Group (August 2011)
Mendling, J.: Metrics for Process Models: Empirical Foundations of Verification, Error Prediction and Guidelines for Correctness. LNBIP, vol. 6. Springer, Heidelberg (2008)
Scheer, A.W.: ARIS - Business Process Modeling, 3rd edn. Springer (2000)
Johnson, M.E., Goetz, E.: Embedding Information Security into the Organization. IEEE Security & Privacy 5(3) (2007)
Strembeck, M.: Scenario-Driven Role Engineering. IEEE Security & Privacy 8(1) (2010)
Leitner, M.: Security policies in adaptive process-aware information systems: Existing approaches and challenges. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 686–691. IEEE (August 2011)
Leitner, M., Mangler, J., Rinderle-Ma, S.: SPRINT-Responsibilities: design and development of security policies in process-aware information systems. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) 2(4), 4–26 (2011)
Wolter, C., Menzel, M., Meinel, C.: Modelling security goals in business processes. In: Modellierung, Berlin, Germany. LNI, vol. 127, pp. 197–212. GI (2008)
Leitner, M., Miller, M., Rinderle-Ma, S.: An analysis and evaluation of security aspects in the business process model and notation (2013) (in press)
Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow Resource Patterns: Identification, Representation and Tool Support. In: Pastor, Ó., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 216–232. Springer, Heidelberg (2005)
Mendling, J., Recker, J., Reijers, H.A.: On the usage of labels and icons in business process modeling. International Journal of Information System Modeling and Design 1(2), 40–58 (2010)
Genon, N., Caire, P., Toussaint, H., Heymans, P., Moody, D.: Towards a more semantically transparent i* visual syntax. In: Regnell, B., Damian, D. (eds.) REFSQ 2011. LNCS, vol. 7195, pp. 140–146. Springer, Heidelberg (2012)
Moody, D.: The physics of notations: Toward a scientific basis for constructing visual notations in software engineering. IEEE Transactions on Software Engineering 35(6), 756–779 (2009)
Moody, D.L.: Theoretical and practical issues in evaluating the quality of conceptual models: current state and future directions. Data & Knowledge Engineering 55(3), 243–276 (2005)
Blackwell, A.F., et al.: Cognitive dimensions of notations: Design tools for cognitive technology. In: Beynon, M., Nehaniv, C.L., Dautenhahn, K. (eds.) CT 2001. LNCS (LNAI), vol. 2117, pp. 325–341. Springer, Heidelberg (2001)
Green, T., Blandford, A., Church, L., Roast, C., Clarke, S.: Cognitive dimensions: Achievements, new directions, and open questions. Journal of Visual Languages & Computing 17(4), 328–365 (2006)
Krogstie, J., Sindre, G., Jørgensen, H.: Process models representing knowledge for action: a revised quality framework. European Journal of Information Systems 15(1), 91–102 (2006)
Genon, N., Heymans, P., Amyot, D.: Analysing the cognitive effectiveness of the BPMN 2.0 visual notation. In: Malloy, B., Staab, S., van den Brand, M. (eds.) SLE 2010. LNCS, vol. 6563, pp. 377–396. Springer, Heidelberg (2011)
Figl, K., Mendling, J., Strembeck, M., Recker, J.: On the cognitive effectiveness of routing symbols in process modeling languages. In: Abramowicz, W., Tolksdorf, R. (eds.) BIS 2010. LNBIP, vol. 47, pp. 230–241. Springer, Heidelberg (2010)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Hoisl, B., Strembeck, M.: Modeling support for confidentiality and integrity of object flows in activity models. In: Abramowicz, W. (ed.) BIS 2011. LNBIP, vol. 87, pp. 278–289. Springer, Heidelberg (2011)
Sindre, G.: Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)
Shirey, R.: Internet Security Glossary. Request for Comments, vol. 2828. IETF (May 2000)
Information technology Industry Council: Information technology - role based access control. Technical Report ANSI INCITS 359-2004, American National Standards Institute, Inc (2004)
Petre, M.: Why looking isn’t always seeing: Readership skills and graphical programming. Communications of the ACM 38(6) (1995)
Boren, T., Ramey, J.: Thinking aloud: reconciling theory and practice. IEEE Transactions on Professional Communication 43(3), 261–278 (2000)
Strembeck, M., Mendling, J.: Modeling Process-related RBAC Models with Extended UML Activity Models. Information and Software Technology 53(5) (2011)
Schefer-Wenzl, S., Strembeck, M.: A UML Extension for Modeling Break-Glass Policies. In: Rinderle-Ma, S., Weske, M. (eds.) EMISA 2012. LNI, vol. 206, pp. 25–38. GI (2012)
Schefer, S., Strembeck, M.: Modeling Support for Delegating Roles, Tasks, and Duties in a Process-Related RBAC Context. In: Salinesi, C., Pastor, O. (eds.) CAiSE Workshops 2011. LNBIP, vol. 83, pp. 660–667. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Leitner, M., Schefer-Wenzl, S., Rinderle-Ma, S., Strembeck, M. (2013). An Experimental Study on the Design and Modeling of Security Concepts in Business Processes. In: Grabis, J., Kirikova, M., Zdravkovic, J., Stirna, J. (eds) The Practice of Enterprise Modeling. PoEM 2013. Lecture Notes in Business Information Processing, vol 165. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41641-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-41641-5_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41640-8
Online ISBN: 978-3-642-41641-5
eBook Packages: Computer ScienceComputer Science (R0)