Abstract
Security is a crucial issue for business performance, but usually, it is considered after the business processes definition. Many security requirements can be expressed at the business process level. A business process model is important for software developers, since they can capture from it the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. This paper contains a description of our UML 2.0 extension for modeling secure business process through activity diagrams. We will apply this approach to a typical health-care business process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Artelsmair, C., Wagner, R.: Towards a Security Engineering Process. In: The 7th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, Florida, USA, vol. VI, pp. 22–27 (2003)
Backes, M., Pfitzmann, B., Waidner, M.: Security in Business Process Engineering. In: van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 168–183. Springer, Heidelberg (2003)
Bock, C.: UML 2 Activity and Action Models. Journal of Object Technology 2(4), 43–53 (2003)
Bock, C.: UML 2 Activity and Action Models, Part 2: Actions. Journal of Object Technology 2(5), 41–56 (2003)
Eriksson, H.-E., Penker, M.: Business Modeling with UML. OMG Press (2001)
Firesmith, D.: Engineering Security Requirements. Journal of Object Technology 2(1), 53–68 (2003)
Firesmith, D.: Specifying Reusable Security Requirements. Journal of Object Technology 3(1), 61–75 (2004)
Giaglis, G.M.: A Taxonomy of Business Process Modelling and Information Systems Modelling Techniques. International Journal of Flexible Manufacturing Systems 13(2), 209–228 (2001)
Herrmann, G., Pernul, G.: Viewing Business Process Security from Different Perspectives. In: 11th International Bled Electronic Commerce Conference, Slovenia, pp. 89–103 (1998)
Jürjens, J.: Towards Development of Secure Systems Using UMLsec. In: Hussmann, H. (ed.) ETAPS 2001 and FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)
Kalnins, A., Barzdins, J., Celms, E.: Business Modeling Profile. In: Thirteenth International Conference on Information Systems Development, Advances in Theory, Practice and Education, Vilnius, Lithuania, pp. 182–194 (2004)
List, B., Korherr, B.: A UML 2 Profile for Business Process Modelling. In: 1st International Workshop on Best Practices of UML (BP-UML 2005) at ER-2005, Klagenfurt, Austria (2005)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Lopez, J., Montenegro, J.A., Vivas, J.L., Okamoto, E., Dawson, E.: Specification and design of advanced authentication and authorization services. Computer Standards & Interfaces 27(5), 467–478 (2005)
Maña, A., Montenegro, J.A., Rudolph, C., Vivas, J.L.: A business process-driven approach to security engineering. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 477–481. Springer, Heidelberg (2003)
Maña, A., Ray, D., Sánchez, F. and Yagüe, M. I.; Integrando la Ingeniería de Seguridad en un Proceso de Ingeniería Software. In: VIII Reunión Española de Criptología y Seguridad de la Información, RECSI 2004. Leganés, Madrid, España, pp. 383–392 (2004)
Mouratidis, H., Giorgini, P., Manson, G.A.: When security meets software engineering: a case of modelling secure information systems, Information Systems. Information Systems 30(8), 609–629 (2005)
Object Management Group; Unified Modeling Language: Superstructure, version 2.0, formal/05-07-04 (2005), http://www.omg.org/docs/formal/05-07-04.pdf
Quirchmayr, G.: Survivability and Business Continuity Management. In: ACSW Frontiers 2004 Workshops, Dunedin, New Zealand, pp. 3–6 (2004)
Röhm, A.W., Herrmann, G., Pernul, G.: A Language for Modelling Secure Business Transactions. In: 15th Annual Computer Security Applications Conference, Phoenix, Arizona, pp. 22–31 (1999)
Roser, S., Bauer, B.: A Categorization of Collaborative Business Process Modeling Techniques. In: 7th IEEE International Conference on E-Commerce Technology Workshops (CEC 2005), Munchen, Germany, pp. 43–54 (2005)
Stefanov, V., List, B., Korherr, B.: Extending UML 2 activity diagrams with business intelligence objects. In: Tjoa, A.M., Trujillo, J. (eds.) DaWaK 2005. LNCS, vol. 3589, pp. 53–63. Springer, Heidelberg (2005)
Tryfonas, T., Kiountouzis, E.A.: Perceptions of Security Contributing to the Implementation of Secure IS, Security and Privacy in the Age of Uncertainty. In: IFIP TC11 18th International Conference on Information Security (SEC 2003), Athens, Greece, vol. 250, pp. 313–324 (2003)
Vivas, J.L., Montenegro, J.A., López, J.: Towards a Business Process-Driven Framework for Security Engineering with the UML. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 381–395. Springer, Heidelberg (2003)
Zuccato, A.: Holistic security requirement engineering for electronic commerce. Computers & Security 23(1), 63–76 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rodríguez, A., Fernández-Medina, E., Piattini, M. (2006). Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_6
Download citation
DOI: https://doi.org/10.1007/11824633_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37750-4
Online ISBN: 978-3-540-37752-8
eBook Packages: Computer ScienceComputer Science (R0)