Skip to main content
SpringerLink
Log in

Modeling Security Requirements in Service Based Business Processes

  • Conference paper
Book cover Enterprise, Business-Process and Information Systems Modeling (BPMDS 2012, EMMSAD 2012)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 113))

Abstract

Non-functional concerns such as security are essential in business process management and in service based realizations of business processes. Many works and efforts addressed these concerns on the service layer by developing a number of XML-based standards such as WS-Security and other WS-* standards. However, there are non-functional properties that are on the business process layer and need therefore to be specified in business process models. We notice nevertheless that current business process modeling languages lack appropriate means for specifying non-functional properties such as security for example. In this paper, we present a model driven approach for the development of service based business processes which supports both functional and non functional concerns. We also introduce the concept of profiles to BPMN in analogy to UML Profiles. Based on that, we present a BPMN profile to specify security properties in business process models and illustrate its usage through an example.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Object Management Group.: Business Process Modeling Notation (BPMN) 2.0, http://www.omg.org/spec/BPMN/2.0

  2. Charfi, A., Schmeling, B., Heizenreder, A., Mezini, M.: Reliable, Secure and Transacted Web Service Composition with AO4BPEL. In: 4th IEEE European Conference on Web Services (ECOWS), pp. 23–34. IEEE Computer Society (2006)

    Google Scholar 

  3. Chris, K., Anthony, N.: Web Services Security Policy Language (WS-SecurityPolicy) Version 1.1 (July 2005), http://www-128.ibm.com/developerworks/library/ws-secpol/

  4. OASIS. Web Services Security: SOAP Message Security 1.0 (2004), http://docs.oasis-open.org/wss/2004/01/

  5. Wolter, C., Schaad, A.: Modeling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64–79. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  6. Mulle, J., Von Stackelberg, S., Bohm, K.: A Security Language for BPMN Process Models. Karlsruhe Reports in Informatics, KIT, pp. 2190 – 4782 (2011)

    Google Scholar 

  7. Rodriguez, A., Piattini, E.F.-M.M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. J. IEICE - Transactions on Information and Systems E90-D(4), 745–752 (2007)

    Article  Google Scholar 

  8. Rodríguez, A., Fernández-Medina, E., Piattini, M.: Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 51–61. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Proc. GI Modellierung. LNI, vol. 127, pp. 197–212. GI (2008)

    Google Scholar 

  10. Hafner, M., Berthold Agreiter, R.B.: SECTET: an extensible framework for the realization of secure inter-organizational workflows. Internet Research 16(5), 491–506 (2006)

    Article  Google Scholar 

  11. OMG: MDA Guide Version 1.0.1 (2003), http://www.omg.org/mda/

  12. OMG: Unified Modeling Language: Superstructure version 2.0 UML/2.0/ (2005), http://www.omg.org/spec/

  13. Charfi, A., Turki, S.H., Chaâbane, A., Bouaziz, R.: A model-driven approach to developing web service compositions based on BPMN4SOA. J. Reasoning-based Intelligent Systems 3(3/4) (2011)

    Google Scholar 

  14. SOA Tools Plattform Project, http://www.eclipse.org/stp/

  15. Kallel, S., Charfi, A., Mezini, M., Jmaiel, M., Klose, K.: From Formal Access Control Policies to Runtime Enforcement Aspects. In: Massacci, F., Redwine Jr., S.T., Zannone, N. (eds.) ESSoS 2009. LNCS, vol. 5429, pp. 16–31. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Saleem, M.Q., Jaafar, J., Hassan, M.F.: Model-based Security Engineering of SOA System Using Security Intent DSL. J. New Computer Architectures and Their Applications (IJNCAA), The Society of Digital Information and Wireless Communications 1(3), 565–580 (2011) ISSN: 2220-9085

    Google Scholar 

  17. Rodríguez, A., Fernández-Medina, E., Piattini, M.: Security Requirement with a UML 2.0 Profile. In: First International Conference on Availability, Reliability and Security, p. 8. IEEE Computer Society (2006)

    Google Scholar 

  18. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  19. Menzel, M., Thomas, I., Meinel, C.: Security Requirements Specification in Service-Oriented Business Process Management. In: 7th IEEE International Conference on Availability, Reliability and Security, pp. 41–48. IEEE Xplore, Prague (2009)

    Chapter  Google Scholar 

  20. Souza, A.R.R., Silva, B.L.B., Lins, F.A.A., Damasceno, J.C., Rosa, N.S., Maciel, P.R.M., Medeiros, R.W.A., Stephenson, B., Motahari-Nezhad, H.R., Li, J., Northfleet, C.: Incorporating Security Requirements into Service Composition: From Modelling to Execution. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 373–388. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Chaâbane, A., Turki, S.H., Charfi, A., Bouaziz, R.: From Platform Independent Service Composition Models in BPMN4SOA to Executable Service Compositions. In: 12th International Conference on Information Integration and Web-based Applications & Services (iiWAS 2010), pp. 653–656 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. MIRACL Laboratory, University of Sfax, Tunisia

    Sameh Hbaieb Turki, Farah Bellaaj & Rafik Bouaziz

  2. SAP Research CEC, Darmstadt, Germany

    Anis Charfi

Authors
  1. Sameh Hbaieb Turki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Farah Bellaaj
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anis Charfi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rafik Bouaziz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IbisSoft AB, Stockholm, Box 19567, SE-10432, Stockholm, Sweden

    Ilia Bider

  2. LogicBlox, Australia, and INTI International University, Malaysia

    Terry Halpin

  3. Department of Computer and Information Science, Norwegian University of Science and Technology (NTNU), Sem Sælands Vei 7-9, 7491, Trondheim, Norway

    John Krogstie

  4. University Paris 1 Pantheon-Sorbonne, Paris, France

    Selmin Nurcan

  5. Erik Proper, PRC Henri Tudor, Luxembourg-Kirchberg, Luxembourg

    Erik Proper

  6. Aalen University, Aalen, Germany

    Rainer Schmidt

  7. University of Haifa, Carmel Mountain, 31905, Haifa, Israel

    Pnina Soffer

  8. Department of Business Informatics, University of Gdansk, ul. Piaskowa 9, 81-864, Sopot, Poland

    Stanisław Wrycza

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Turki, S.H., Bellaaj, F., Charfi, A., Bouaziz, R. (2012). Modeling Security Requirements in Service Based Business Processes. In: Bider, I., et al. Enterprise, Business-Process and Information Systems Modeling. BPMDS EMMSAD 2012 2012. Lecture Notes in Business Information Processing, vol 113. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31072-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31072-0_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31071-3

  • Online ISBN: 978-3-642-31072-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation