Modelling Security Goals in Business Processes
نویسندگان
چکیده
Abstract: Various types of security goals, such as authentication or confidentiality, can be defined as policies for process-aware information systems, typically in a manual fashion. Therefore, we foster a model-driven transformation approach from modelled security goals in the context of process models to concrete security implementations. We argue that specific types of security goals may be expressed in a graphical fashion at the business process modelling level which in turn can be transformed into corresponding access control and security policies for process-aware information systems, for instance based on service-oriented architectures. In this paper we present security policy and policy constraint models. These models are projected onto general enterprise models and enterprise business processes in particular. We further discuss the suitability of this approach based on an example process and outline future work in order to derive security policy implementations out of the process models applicable for service-oriented architectures.
منابع مشابه
Extending the UML 2 Activity Diagram with Business Process Goals and Performance Measures
The UML 2 Activity Diagram is designed for modelling business processes, but does not yet include any concepts for modelling process goals and their measures. We extend the UML 2 Activity Diagram with process goals and performance measures to make them conceptually visible. Additionally, we provide a mapping to BPEL to make the measures available for execution and monitoring. This profile and i...
متن کاملA Method for Eliciting Security Requirements from the Business Process Models
In recent years, the business process modelling is matured towards expressing enterprise’s organisational behaviour (i.e., business values and stakeholder interests). This shows potential to perform early security analysis to capture enterprise security needs. Traditionally, security in business processes is addressed either by representing security concepts graphically or by enforcing these se...
متن کاملExtending the EPC and the BPMN with Business Process Goals and Performance Measures
The Event-Driven Process Chain (EPC) and the Business Process Modeling Notation (BPMN) are designed for modelling business processes, but do not yet include any means for modelling process goals and their measures, and they do not have a published metamodel. We derive a metamodel for both languages, and extend the EPC and the BPMN with process goals and performance measures to make them concept...
متن کاملA New Framework to Model a Secure E-Commerce System
The existing information system (IS) developments methods are not met the requirements to resolve the security related IS problems and they fail to provide a successful integration of security and systems engineering during all development process stages. Hence, the security should be considered during the whole software development process and identified with the requirements specification. Th...
متن کاملSecond Workshop on Security in Business Processes
The second workshop on Security in Business Processes (SBP’13) was organised in conjunction with the 11th international conference on Business Process Management (BPM 2013). Over 20 participants attended the workshop to present and discuss 6 papers, the insights they offered and the issues they raised. During the half-day workshop, a number of important and emerging issues in this area were dis...
متن کامل