Skip to main content
SpringerLink
Log in

M-BPSec: A Method for Security Requirement Elicitation from a UML 2.0 Business Process Specification

  • Conference paper
Advances in Conceptual Modeling – Foundations and Applications (ER 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4802))

Included in the following conference series:

Abstract

The early attainment of requirements in a software development process allows us to improve the quality of the product. Although many methods through which to elicit requirements exist, few of them are specifically designed for security requirements. This paper describes a method - M-BPSec - which permits the elicitation of security requirements which form part of a business process description carried out with a UML 2.0 Activity Diagram. M-BPSec is made up of stages, actors, tools and artifacts which, when applied in a coordinated manner, allow us to specify security requirements in business processes and to obtain class and use cases from this specification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Arlow, J., Neustadt, I.: UML 2 and the Unified Process: Practical Object-Oriented Analysis and Design, 2nd edn., p. 592. Addison-Wesley, Reading (2005)

    Google Scholar 

  2. Diallo, M.H., Romero-Mariona, J., Sim, S.E., Alspaugh, T.A., Richardson, D.J.: A Comparative Evaluation of Three Approaches to Specifying Security Requirements. In: REFSQ. 12th International Working Conference on Requirements Engineering: Foundation for Software Quality, Luxembourg (2006)

    Google Scholar 

  3. Firesmith, D.: Specifying Reusable Security Requirements. Journal of Object Technology 3(1), 61–75 (2004)

    Google Scholar 

  4. Jacobson, I., Booch, G., Rumbaugh, J.: The Unified Software Development Process, p. 463 (1999)

    Google Scholar 

  5. Lopez, J., Montenegro, J.A., Vivas, J.L., Okamoto, E., Dawson, E.: Specification and design of advanced authentication and authorization services. Computer Standards & Interfaces 27(5), 467–478 (2005)

    Article  Google Scholar 

  6. Mead, N.R.: Experiences in Eliciting Security Requirements, CrossTalk. The Journal of Defense Software Engineering 19(12) (2006)

    Google Scholar 

  7. Mellado, D., Fernández-Medina, E., Piattini, M.: A Comparative Study of Proposals for Establishing Security Requirements for the Development of Secure Information Systems. In: Computational Science and Its Applications (ICCSA), Glasgow, UK, pp. 1044–1053 (2006)

    Google Scholar 

  8. Nuseibeh, B., Easterbrook, S.M.: Requirements Engineering: A Roadmap. In: ICSE 2000. 22nd International Conference on on Software Engineering, Future of Software Engineering Track, Limerick Ireland, pp. 35–46. ACM Press, New York (2000)

    Chapter  Google Scholar 

  9. Object Management Group; MDA Guide Version 1.0.1(2003), http://www.omg.org/docs/omg/03-06-01.pdf

  10. Object Management Group; Unified Modeling Language: Superstructure Version 2.1.1 (formal/2007-02-05) (2007), http://www.omg.org/docs/formal/07-02-05.pdf

  11. Rational Software, Rational Unified Process, Best Practices for Software Development Teams, p.21 (2001)

    Google Scholar 

  12. Rodríguez, A., Fernández-Medina, E., Piattini, M.: Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 51–61. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Rodríguez, A., Fernández-Medina, E., Piattini, M.: Analysis-Level Classes from Secure Business Processes through Models Transformations. In: TrustBus. 4th International Conference on Trust, Privacy and Security in Digital Business, Regensburg, Germany (2007)

    Google Scholar 

  14. Rodríguez, A., de Guzmán, I.G.-R.: Obtaining Use Cases and Security Use Cases from Secure Business Process through the MDA Approach. In: Workshop on Security in Information Systems (WOSIS), Funchal, Madeira - Portugal (2007)

    Google Scholar 

  15. WfMC, Workflow Management Coalition: Terminology & Glossary, p.65 (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Departamento de Auditoría e Informática, Universidad del Bio Bio, Chillán, Chile

    Alfonso Rodríguez

  2. ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Indra Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain

    Eduardo Fernández-Medina & Mario Piattini

Authors
  1. Alfonso Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eduardo Fernández-Medina
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mario Piattini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Jean-Luc Hainaut Elke A. Rundensteiner Markus Kirchberg Michela Bertolotto Mathias Brochhausen Yi-Ping Phoebe Chen Samira Si-Saïd Cherfi Martin Doerr Hyoil Han Sven Hartmann Jeffrey Parsons Geert Poels Colette Rolland Juan Trujillo Eric Yu Esteban Zimányie

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rodríguez, A., Fernández-Medina, E., Piattini, M. (2007). M-BPSec: A Method for Security Requirement Elicitation from a UML 2.0 Business Process Specification. In: Hainaut, JL., et al. Advances in Conceptual Modeling – Foundations and Applications. ER 2007. Lecture Notes in Computer Science, vol 4802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76292-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76292-8_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76291-1

  • Online ISBN: 978-3-540-76292-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation