Skip to main content
SpringerLink
Log in
Book cover

International Conference on Business Process Management

BPM 2012: Business Process Management Workshops pp 636–648Cite as

A Language for Multi-Perspective Modelling of IT Security: Objectives and Analysis of Requirements

  • Conference paper

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 132))

Abstract

Effectively protecting information systems is a pivotal responsibility of (IT) management, which faces many challenges: technological complexities, business complexities, various stakeholders and conflicting requirements. Yet, there is no holistic modelling approach that comprehensively addresses all these challenges, while accounting for technical, organizational and business aspects. This paper analyzes the requirements of such a comprehensive modelling method for IT security design and management. We argue that enterprise modelling is most suitable to serve as a foundation for such an approach. We apply a method for developing domain specific modelling languages (DSML) that is chiefly based on a structured analysis of use scenarios including prototypical diagrams. It is supplemented by requirements found in literature. Our analysis results in 23 requirements that should be satisfied by the targeted modelling method. These results are intended to serve as a foundation for discussion and discursive evaluation by peers and domain experts.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Rodriguez, A., Fernandez-Medina, E., Piattini, M.: Security Requirements with a UML 2.0 Profile. In: The First International Conference on Availability, Reliability and Security (ARES 2006) (2006)

    Google Scholar 

  2. Nakamura, Y., Tatsubori, M., Imamura, T., Ono, K.: Model-driven security based on web services security architecture. In: 2005 IEEE International Conference on Services Computing (SCC 2005), vol. 1, pp. 7–15 (2005)

    Google Scholar 

  3. Von Solms, B.: Information Security – A multi-dimensional Discipline. Computers and Security 20, 504–508 (2001)

    Article  Google Scholar 

  4. Premkumar, T., Stubblebine, S.: Software engineering for security: a roadmap. In: ICSE 2000, The Future of Software Engineering. ACM, New York (2000)

    Google Scholar 

  5. Zuccato, A.: Holistic security management framework applied in electronic commerce. Computer and Security 26, 256–265 (2007)

    Article  Google Scholar 

  6. Kokolakis, S.A., Demopoulos, A.J., Kiountouzis, E.A.: The use of business process modelling in information systems security analysis and design. Information Management & Computer Security 8(3), 107–116 (2000)

    Article  Google Scholar 

  7. Birch, D.G.W., McEvoy, N.A.: Risk Analysis for Information Systems. Journal of Information Technology 7, 44–53 (1992)

    Article  Google Scholar 

  8. Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: 5th International Conference on the Unified Modeling Language, pp. 426–441 (2002)

    Google Scholar 

  9. Jung, J.: Supply Chains in the Context of Resource Modelling. ICB Research Report, Universität Duisburg-Essen, No. 5 (2006)

    Google Scholar 

  10. Kirchner, L.: Cost Oriented Modelling of IT-Landscapes: Generic Language Concepts of a Domain Specific Language. In: Desel, J., Frank, U. (eds.) The Workshop on Enterprise Modelling and Information Systems Architectures, pp. 166–179 (2005)

    Google Scholar 

  11. Frank, U.: The MEMO Meta Modelling Language (MML) and Language architecture. ICB Research Report No. 43, Universität Duisburg-Essen, Essen (2011)

    Google Scholar 

  12. Frank, U.: MEMO Organisation Modelling Language (OrgML): Requirements and Core Diagram Types. ICB Research Report No. 46, Universität Duisburg-Essen, Essen (2011)

    Google Scholar 

  13. Frank, U., Lange, C.: A Framework to Support the Analysis of Strategic Options for Electronic Commerce. Arbeitsberichte des Instituts für Wirtschafts- und Verwaltungsinformatik, Universität Koblenz-Landau, No. 41 (2004)

    Google Scholar 

  14. Scheer, A.-W.: ARIS—Business Process Modeling, 3rd edn. Springer, Berlin (2000)

    Google Scholar 

  15. Lankhorst, M.: Enterprise Architecture at Work: Modelling, Communication and Analysis. Springer, Berlin (2005)

    Google Scholar 

  16. Frank, U.: Multi-Perspective Enterprise Modeling: Foundational Concepts, Prospects and Future Research Challenges. Accepted for publication in Software and Systems Modeling

    Google Scholar 

  17. Gulden, J., Frank, U.: MEMOCenterNG. A full-featured modeling environment for organisation modeling and model-driven software development. In: 22nd International Conference on Advanced Information Systems Engineering, Hammamet (2010)

    Google Scholar 

  18. Alam, M., Hafner, M., Breu, R.: A Constraint based Role Based Access Control in the SECTET A Model-Driven Approach. In: 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, article 13. ACM, New York (2006)

    Google Scholar 

  19. Shin, M.E., Ahn, G.-J.: UML-Based Representation of Role-Based Access Control. In: 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 195–200 (2000)

    Google Scholar 

  20. Wolter, C., Schaad, A.: Modeling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64–79. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  21. Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  22. Braber, F., Hogganvik, I., Lund, M.S., Stolen, K., Vraalsen, F.: Model-based security analysis in seven steps—a guided tour to the CORAS method. BT Technol. J. 25(1), 101–117 (2007)

    Article  Google Scholar 

  23. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proceedings of the 13th ICRE 2005 (2005)

    Google Scholar 

  24. Frank, U.: Outline of a Method for Designing Domain-Specific Modelling Languages. ICB Research Report No. 42, Universität Duisburg-Essen, Essen (2010)

    Google Scholar 

  25. Frank, U.: Multi-perspective enterprise modeling (MEMO): Conceptual framework and modeling languages. In: 35th Annual Hawaii International Conference on System Sciences (HICSS), Honululu, HI, pp. 72–82 (2002)

    Google Scholar 

  26. Open Models - IT Security Scenarios, http://openmodels.wiwinf.uni-due.de/node/204/

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science and Business Information Systems, University of Duisburg -Essen, Universitaetsstr. 9, 45141, Essen, Germany

    Anat Goldstein & Ulrich Frank

Authors
  1. Anat Goldstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ulrich Frank
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, QLD, Australia

    Marcello La Rosa

  2. University of Haifa, Haifa, Israel

    Pnina Soffer

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Goldstein, A., Frank, U. (2013). A Language for Multi-Perspective Modelling of IT Security: Objectives and Analysis of Requirements. In: La Rosa, M., Soffer, P. (eds) Business Process Management Workshops. BPM 2012. Lecture Notes in Business Information Processing, vol 132. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36285-9_64

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36285-9_64

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36284-2

  • Online ISBN: 978-3-642-36285-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation