Abstract
The early attainment of requirements in a software development process allows us to improve the quality of the product. Although many methods through which to elicit requirements exist, few of them are specifically designed for security requirements. This paper describes a method - M-BPSec - which permits the elicitation of security requirements which form part of a business process description carried out with a UML 2.0 Activity Diagram. M-BPSec is made up of stages, actors, tools and artifacts which, when applied in a coordinated manner, allow us to specify security requirements in business processes and to obtain class and use cases from this specification.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Arlow, J., Neustadt, I.: UML 2 and the Unified Process: Practical Object-Oriented Analysis and Design, 2nd edn., p. 592. Addison-Wesley, Reading (2005)
Diallo, M.H., Romero-Mariona, J., Sim, S.E., Alspaugh, T.A., Richardson, D.J.: A Comparative Evaluation of Three Approaches to Specifying Security Requirements. In: REFSQ. 12th International Working Conference on Requirements Engineering: Foundation for Software Quality, Luxembourg (2006)
Firesmith, D.: Specifying Reusable Security Requirements. Journal of Object Technology 3(1), 61–75 (2004)
Jacobson, I., Booch, G., Rumbaugh, J.: The Unified Software Development Process, p. 463 (1999)
Lopez, J., Montenegro, J.A., Vivas, J.L., Okamoto, E., Dawson, E.: Specification and design of advanced authentication and authorization services. Computer Standards & Interfaces 27(5), 467–478 (2005)
Mead, N.R.: Experiences in Eliciting Security Requirements, CrossTalk. The Journal of Defense Software Engineering 19(12) (2006)
Mellado, D., Fernández-Medina, E., Piattini, M.: A Comparative Study of Proposals for Establishing Security Requirements for the Development of Secure Information Systems. In: Computational Science and Its Applications (ICCSA), Glasgow, UK, pp. 1044–1053 (2006)
Nuseibeh, B., Easterbrook, S.M.: Requirements Engineering: A Roadmap. In: ICSE 2000. 22nd International Conference on on Software Engineering, Future of Software Engineering Track, Limerick Ireland, pp. 35–46. ACM Press, New York (2000)
Object Management Group; MDA Guide Version 1.0.1(2003), http://www.omg.org/docs/omg/03-06-01.pdf
Object Management Group; Unified Modeling Language: Superstructure Version 2.1.1 (formal/2007-02-05) (2007), http://www.omg.org/docs/formal/07-02-05.pdf
Rational Software, Rational Unified Process, Best Practices for Software Development Teams, p.21 (2001)
Rodríguez, A., Fernández-Medina, E., Piattini, M.: Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 51–61. Springer, Heidelberg (2006)
Rodríguez, A., Fernández-Medina, E., Piattini, M.: Analysis-Level Classes from Secure Business Processes through Models Transformations. In: TrustBus. 4th International Conference on Trust, Privacy and Security in Digital Business, Regensburg, Germany (2007)
Rodríguez, A., de Guzmán, I.G.-R.: Obtaining Use Cases and Security Use Cases from Secure Business Process through the MDA Approach. In: Workshop on Security in Information Systems (WOSIS), Funchal, Madeira - Portugal (2007)
WfMC, Workflow Management Coalition: Terminology & Glossary, p.65 (1999)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rodríguez, A., Fernández-Medina, E., Piattini, M. (2007). M-BPSec: A Method for Security Requirement Elicitation from a UML 2.0 Business Process Specification. In: Hainaut, JL., et al. Advances in Conceptual Modeling – Foundations and Applications. ER 2007. Lecture Notes in Computer Science, vol 4802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76292-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-76292-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76291-1
Online ISBN: 978-3-540-76292-8
eBook Packages: Computer ScienceComputer Science (R0)