Skip to main content
SpringerLink
Log in

Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes

  • Conference paper
Book cover Trust and Privacy in Digital Business (TrustBus 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4083))

Abstract

Security is a crucial issue for business performance, but usually, it is considered after the business processes definition. Many security requirements can be expressed at the business process level. A business process model is important for software developers, since they can capture from it the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. This paper contains a description of our UML 2.0 extension for modeling secure business process through activity diagrams. We will apply this approach to a typical health-care business process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Artelsmair, C., Wagner, R.: Towards a Security Engineering Process. In: The 7th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, Florida, USA, vol. VI, pp. 22–27 (2003)

    Google Scholar 

  2. Backes, M., Pfitzmann, B., Waidner, M.: Security in Business Process Engineering. In: van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 168–183. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Bock, C.: UML 2 Activity and Action Models. Journal of Object Technology 2(4), 43–53 (2003)

    Article  Google Scholar 

  4. Bock, C.: UML 2 Activity and Action Models, Part 2: Actions. Journal of Object Technology 2(5), 41–56 (2003)

    Article  Google Scholar 

  5. Eriksson, H.-E., Penker, M.: Business Modeling with UML. OMG Press (2001)

    Google Scholar 

  6. Firesmith, D.: Engineering Security Requirements. Journal of Object Technology 2(1), 53–68 (2003)

    Article  Google Scholar 

  7. Firesmith, D.: Specifying Reusable Security Requirements. Journal of Object Technology 3(1), 61–75 (2004)

    Article  Google Scholar 

  8. Giaglis, G.M.: A Taxonomy of Business Process Modelling and Information Systems Modelling Techniques. International Journal of Flexible Manufacturing Systems 13(2), 209–228 (2001)

    Article  Google Scholar 

  9. Herrmann, G., Pernul, G.: Viewing Business Process Security from Different Perspectives. In: 11th International Bled Electronic Commerce Conference, Slovenia, pp. 89–103 (1998)

    Google Scholar 

  10. Jürjens, J.: Towards Development of Secure Systems Using UMLsec. In: Hussmann, H. (ed.) ETAPS 2001 and FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Kalnins, A., Barzdins, J., Celms, E.: Business Modeling Profile. In: Thirteenth International Conference on Information Systems Development, Advances in Theory, Practice and Education, Vilnius, Lithuania, pp. 182–194 (2004)

    Google Scholar 

  12. List, B., Korherr, B.: A UML 2 Profile for Business Process Modelling. In: 1st International Workshop on Best Practices of UML (BP-UML 2005) at ER-2005, Klagenfurt, Austria (2005)

    Google Scholar 

  13. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  14. Lopez, J., Montenegro, J.A., Vivas, J.L., Okamoto, E., Dawson, E.: Specification and design of advanced authentication and authorization services. Computer Standards & Interfaces 27(5), 467–478 (2005)

    Article  Google Scholar 

  15. Maña, A., Montenegro, J.A., Rudolph, C., Vivas, J.L.: A business process-driven approach to security engineering. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 477–481. Springer, Heidelberg (2003)

    Google Scholar 

  16. Maña, A., Ray, D., Sánchez, F. and Yagüe, M. I.; Integrando la Ingeniería de Seguridad en un Proceso de Ingeniería Software. In: VIII Reunión Española de Criptología y Seguridad de la Información, RECSI 2004. Leganés, Madrid, España, pp. 383–392 (2004)

    Google Scholar 

  17. Mouratidis, H., Giorgini, P., Manson, G.A.: When security meets software engineering: a case of modelling secure information systems, Information Systems. Information Systems 30(8), 609–629 (2005)

    Article  Google Scholar 

  18. Object Management Group; Unified Modeling Language: Superstructure, version 2.0, formal/05-07-04 (2005), http://www.omg.org/docs/formal/05-07-04.pdf

  19. Quirchmayr, G.: Survivability and Business Continuity Management. In: ACSW Frontiers 2004 Workshops, Dunedin, New Zealand, pp. 3–6 (2004)

    Google Scholar 

  20. Röhm, A.W., Herrmann, G., Pernul, G.: A Language for Modelling Secure Business Transactions. In: 15th Annual Computer Security Applications Conference, Phoenix, Arizona, pp. 22–31 (1999)

    Google Scholar 

  21. Roser, S., Bauer, B.: A Categorization of Collaborative Business Process Modeling Techniques. In: 7th IEEE International Conference on E-Commerce Technology Workshops (CEC 2005), Munchen, Germany, pp. 43–54 (2005)

    Google Scholar 

  22. Stefanov, V., List, B., Korherr, B.: Extending UML 2 activity diagrams with business intelligence objects. In: Tjoa, A.M., Trujillo, J. (eds.) DaWaK 2005. LNCS, vol. 3589, pp. 53–63. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Tryfonas, T., Kiountouzis, E.A.: Perceptions of Security Contributing to the Implementation of Secure IS, Security and Privacy in the Age of Uncertainty. In: IFIP TC11 18th International Conference on Information Security (SEC 2003), Athens, Greece, vol. 250, pp. 313–324 (2003)

    Google Scholar 

  24. Vivas, J.L., Montenegro, J.A., López, J.: Towards a Business Process-Driven Framework for Security Engineering with the UML. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 381–395. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  25. Zuccato, A.: Holistic security requirement engineering for electronic commerce. Computers & Security 23(1), 63–76 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Departamento de Auditoría e Informática, Universidad del Bio Bio, La Castilla S/N, Chillán, Chile

    Alfonso Rodríguez

  2. ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain

    Eduardo Fernández-Medina & Mario Piattini

Authors
  1. Alfonso Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eduardo Fernández-Medina
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mario Piattini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Karlstad University, Universitetsgatan 2, 651 88, Karlstad, Sweden

    Simone Fischer-Hübner

  2. School of Computing, Communications and Electronics, Network Research Group, University of Plymouth, PL4 8AA, Plymouth, UK

    Stevel Furnell

  3. Laboratory of Information and Communication Systems Security Department of Information and Communication Systems Engineering, University of the Aegean, GR-83200, Samos, Karlovassi, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rodríguez, A., Fernández-Medina, E., Piattini, M. (2006). Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_6

Download citation

  • DOI: https://doi.org/10.1007/11824633_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37750-4

  • Online ISBN: 978-3-540-37752-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation