Abstract
Model-based software engineering has made great strides in developing new software that would outshine traditional methodology. Due to this, well-defined support has been provided for process modeling by the introduction of varieties of notations to develop the UML models. In addition to this, Business Process Modeling (BPM) is a pioneer in introducing process models with domain knowledge representation. Most of the software has similarities based on their operations, structures, validation, and so on. So, an automatic process involvement supports them in terms of cost and duration. This proposed secure Business Process Model will support the development phase and help incorporate the security code along with customer requirements. The proposed Secured Business Process (SecBP) system is an automation process to fine-tune the software engineering design process automatically. Security requirement incorporation requires an image to text and vice versa conversion at the early stages of the software design process. The security integration process is optimized by a decision learning algorithm. Hence the proposed system brings an output model as a domain-specific model with security mapping.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aburub, F., Odeh, M., Beeson, I.: Modelling non-functional requirements of business processes. Inf. Softw. Technol. 49(11–12), 1162–1171 (2007). https://doi.org/10.1016/j.infsof.2006.12.002
Aguilar-Savén, R.S.: Business process modelling: review and framework. Int. J. Prod. Econ. 90(2), 129–149 (2004). https://doi.org/10.1016/S0925-5273(03)00102-6
Bang, S.Y., & Ju, G.S.: UML and XML schema. In: A.G.N Routledge, L. Bird (Ed.), UML and XML schema (pp. 157–166). In: ICPS Proceedings. (2002). https://doi.org/10.1145/563932.563924
Basciani, F., Demidio, M., di Ruscio, D., Frigioni, D., Iovino, L., Pierantonio, A.: Automated selection of optimal model transformation chains via shortest-path algorithms. IEEE Trans. Softw. Eng. 46(3), 251–279 (2020). https://doi.org/10.1109/TSE.2018.2846223
Bendraou, R., Jézéquel, J.M., Gervais, M.P., Blanc, X.: A comparison of six UML-based languages for software process modeling. IEEE Trans. Softw. Eng. 36(5), 662–675 (2010). https://doi.org/10.1109/TSE.2009.85
Bernauer, M., Kappel, G., Kramler, G.: Representing XML Schema in UML: A Comparison of Approaches. Springer, Berlin (2004)
Bhardwaj, R., Vatta, S.: Implementation of ID3 Algorithm. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(6), 2277–3128 (2013)
Broad, J.: System Development Life Cycle (SDLC). In Risk Management Frammework. Orielly. (2013) https://www.oreilly.com/library/view/risk-management-framework/9781597499958/B9781597499958000053.xhtml
Chen, J.I., Smys, S.: Social multimedia security and suspicious activity detection in SDN using hybrid deep learning technique. J. Inform. Technol. Digital World 2(2), 108–115 (2020). https://doi.org/10.36548/jitdw.2020.2.004
Cimatti, A., Roveri, M., Susi, A., Tonetta, S.: Formalizing requirements with object models and temporal constraints. Softw. Syst. Model. 10(2), 147–160 (2011). https://doi.org/10.1007/s10270-009-0130-7
D’Aubeterre, F., Singh, R., Iyer, L.: Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes. Eur. J. Inf. Syst. 17(5), 528–542 (2008). https://doi.org/10.1057/ejis.2008.42
de Castro, V., Marcos, E., Vara, J.M.: Applying CIM-to-PIM model transformations for the service-oriented development of information systems. Inf. Softw. Technol. 53(1), 87–105 (2011). https://doi.org/10.1016/j.infsof.2010.09.002
de Sousa, T.C., Snook, C.F., Silva, P.S.M.: A proposal for extending UML-B to support a conceptual model. Innovat. Syst. Softw. Eng. 7(4), 293–301 (2011). https://doi.org/10.1007/s11334-011-0169-9
Dömges, R., Jacobs, S., Jarke, M., Nissen, H. W., Pohl, K., Maiden, N., Sutcliffe, A., Taylor, C., Till, D., Constantopoulos, P., Spanoudakis, G., Vassiliou, Y., Grosz, G., Plihon, V., Rolland, C., Schmitt, J. R., Schwer, S., Si-Said, S., Souveyet, C., … Wangler, B. (1996). Defining visions in context: models, processes and tools for requirements engineering. Inform. Syst. 21(6), 515–547. https://doi.org/10.1016/0306-4379(96)00026-9
Domínguez, E., Lloret, J., Pérez, B., Rodríguez, Á., Rubio, Á.L., Zapata, M.A.: Evolution of XML schemas and documents from stereotyped UML class models: a traceable approach. Inf. Softw. Technol. 53(1), 34–50 (2011). https://doi.org/10.1016/j.infsof.2010.08.001
Faridmoayer, S., Sharbaf, M., Kolahdouz-rahimi, S.: Optimization of model transformation ouput using genetic algorithm. Int. Conf. Knowl. Based Eng. Innovat. (2017). https://doi.org/10.1109/KBEI.2017.8324973
Fenza, G., Gallo, M., Loia, V., Nota, F. D., Orciuoli, F., & Herrera-Viedma, E.: Group decision making as consistency measure for learning to rank. CIVEMSA 2021—IEEE International Conference on Computational Intelligence and Virtual Environments for Measurement Systems and Applications, Proceedings. (2021). https://doi.org/10.1109/CIVEMSA52099.2021.9493582
Flater, D., Martin, P., & Crane, M.: Rendering UML Activity Diagrams as Human-Readable Text. In Ike (pp. 207–213) (2009). http://dblp.uni-trier.de/db/conf/ike/ike2009.html#FlaterMC09
Fleck, M., Troya, J., Kessentini, M., Wimmer, M., Alkhazi, B.: Model transformation modularization as a many-objective optimization problem. IEEE Trans. Softw. Eng. 43(11), 1009–1032 (2017). https://doi.org/10.1109/TSE.2017.2654255
Frankova, G., Séguran, M., Gilcher, F., Trabelsi, S., Dörflinger, J., Aiello, M.: Deriving business processes with service level agreements from early requirements. J. Syst. Softw. 84(8), 1351–1363 (2011). https://doi.org/10.1016/j.jss.2011.03.077
Genero, M., Piattini, M., Calero, C.: A survey of metrics for UML class diagrams. J. Object Technol. 4(9), 59–92 (2005). https://doi.org/10.5381/jot.2005.4.9.a1
Georg, G., Ray, I., Anastasakis, K., Bordbar, B., Toahchoodee, M., Houmb, S.H.: An aspect-oriented methodology for designing secure applications. Inf. Softw. Technol. 51(5), 846–864 (2009). https://doi.org/10.1016/j.infsof.2008.05.004
Gorschek, T., Davis, A.M.: Requirements engineering: In search of the dependent variables. Inf. Softw. Technol. 50(1–2), 67–75 (2008). https://doi.org/10.1016/j.infsof.2007.10.003
Hadavi, M.A., Hamishagi, V.S., Sangchi, H.M.: Security requirements engineering; state of the art and research challenges. Int Multiconf Eng Comp Sci IMECS 1, 19–21 (2008)
Haley, C.B., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008). https://doi.org/10.1109/tse.2007.70754
Hamid, B., Weber, D.: Engineering secure systems: models, patterns and empirical validation. Comput. Secur. 77, 315–348 (2018). https://doi.org/10.1016/j.cose.2018.03.016
Haoxiang, W., S, Smys.: Big data analysis and perturbation using data mining algorithm. J. Soft Computi. Paradigm 3(1), 19–28 (2021). https://doi.org/10.36548/jscp.2021.1.003
Heidari, F., Loucopoulos, P., Kedad, Z.: A quality-oriented business process meta-model. Workshop Enterpr. Organ. Model. Simul. 4, 85–99 (2011). https://doi.org/10.1007/978-3-642-24175-8_7
Jürjens, J., Shabalin, P.: Tools for secure systems development with UML. Int. J. Softw. Tools Technol. Transf. 9(5–6), 527–544 (2007). https://doi.org/10.1007/s10009-007-0048-8
Kempf, D., Heß, R., Müthing, S., Bastian, P.: Automatic code generation for high-performance discontinuous galerkin methods on modern architectures. ACM Trans. Math. Softw. (2021). https://doi.org/10.1145/3424144
Kim, D.K., Lu, L., Lee, B.: Design pattern-based model transformation supported by QVT. J. Syst. Softw. 125, 289–308 (2017). https://doi.org/10.1016/j.jss.2016.12.019
Klos, C., Spieth, P., Clauss, T., Klusmann, C.: Digital transformation of incumbent firms: a business model innovation perspective. IEEE Trans. Eng. Manage. (2021). https://doi.org/10.1109/TEM.2021.3075502
Kuhrmann, M., Kalus, G., Then, M.: The process enactment tool framework-transformation of software process models to prepare enactment. Sci. Comput. Program. 79, 172–188 (2014). https://doi.org/10.1016/j.scico.2012.03.007
Lano, K., Kolahdouz-Rahimi, S., Yassipour-Tehrani, S., Sharbaf, M.: A survey of model transformation design patterns in practice. J. Syst. Softw. 140, 48–73 (2018). https://doi.org/10.1016/j.jss.2018.03.001
List, B., Korherr, B.: A UML 2 profile for business process modelling. Int. Conf. Concept. Model. (2005). https://doi.org/10.1007/11568346_1
Liu, H., Cocea, M., Ding, W.: Decision tree learning based feature evaluation. Int. Conf. Mach. Learn. Cybernet. (2017). https://doi.org/10.1109/ICMLC.2017.8108975
Liu, L., & Yu, E. S. K.: From requirements to architectural design—using goals and scenarios. 1st International Workshop From Software Requirements to Architectures, STRAW 2001, 1–9.
Lodderstedt, T., Basin, D., & Doser, J. (n.d.). SecureUML : A UML-Based Modeling Language for Model-Driven Security.
McCabe, T.J., Butler, C.W.: Design complexity measurement and testing. Commun. ACM 32(12), 1415–1425 (1989). https://doi.org/10.1145/76380.76382
Mellado, D., Fernández-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Standards Interfaces 29(2), 244–253 (2007). https://doi.org/10.1016/j.csi.2006.04.002
Mellado, D., Fernández-Medina, E., Piattini, M.: Security requirements engineering framework for software product lines. Inf. Softw. Technol. 52(10), 1094–1117 (2010). https://doi.org/10.1016/j.infsof.2010.05.007
Mellado, D., Mouratidis, H., Fernández-Medina, E.: Secure Tropos framework for software product lines requirements engineering. Comput. Stand. Interfaces 36(4), 711–722 (2014). https://doi.org/10.1016/j.csi.2013.12.006
Molina, F., Toval, A.: Integrating usability requirements that can be evaluated in design time into Model Driven Engineering of Web Information Systems. Adv. Eng. Softw. 40(12), 1306–1317 (2009). https://doi.org/10.1016/j.advengsoft.2009.01.018
Mouratidis, H., Giorgini, P., Manson, G.: When security meets software engineering: A case of modelling secure information systems. Inf. Syst. 30(8), 609–629 (2005). https://doi.org/10.1016/j.is.2004.06.002
Mythily, M., Valarmathi, M.L., Durai, C.A.D.: Model transformation using logical prediction from sequence diagram: an experimental approach. Clust. Comput. (2018). https://doi.org/10.1007/s10586-017-1618-5
Mythily, M., Valarmathi, M.L., Durai, A.D., Rexie, J.A.M.: An automation framework design for secure software development. J. Softw. (2019). https://doi.org/10.1002/smr.2213
Nadir, S., and Streitferdt, D.: Software code generator in automotive field. In: Proceedings—2015 International Conference on Computational Science and Computational Intelligence, CSCI 2015, pp 13–17, (2016). https://doi.org/10.1109/CSCI.2015.186
OMG|Object Management Group. (n.d.). Retrieved March 5, 2018, from https://www.omg.org/
PlantUML.: PlantUML : Open-source tool that uses simple textual descriptions to draw UML diagrams. (2015) http://plantuml.com/
Qomariyah, N.N., Heriyanni, E., Fajar, A.N., Kazakov, D.: Comparative analysis of decision tree algorithm for learning ordinal data expressed as pairwise comparisons. In: 2020 8th International Conference on Information and Communication Technology, ICoICT 2020, pp 1–4. (2020). https://doi.org/10.1109/ICoICT49345.2020.9166341
Robbins, J.E., Redmiles, D.F.: Cognitive support, UML adherence, and XMI interchange in Argo/UML. Inf. Softw. Technol. 42(2), 79–89 (2000). https://doi.org/10.1016/S0950-5849(99)00083-X
Rodríguez, A., de Guzmán, I.G.R., Fernández-Medina, E., Piattini, M.: Semi-formal transformation of secure business processes into analysis class and use case models: An MDA approach. Inf. Softw. Technol. 52(9), 945–971 (2010). https://doi.org/10.1016/j.infsof.2010.03.015
Rodríguez, A., Fernandez, E.B., Piattini, M.: A BPMN extension for the modeling of security requirements in. IEICE Trans. Inf. Syst. 4, 745–752 (2007). https://doi.org/10.1093/ietisy/e90-d.4.745
Rodríguez, A., Fernández-Medina, E., Trujillo, J., Piattini, M.: Secure business process model specification through a UML 20 activity diagram profile. Dec. Support Syst. 51(3), 446–465 (2011). https://doi.org/10.1016/j.dss.2011.01.018
Sanchez Cuadrado, J., Burgueno, L., Wimmer, M., Vallecillo, A.: Efficient execution of ATL model transformations using static analysis and parallelism. IEEE Trans. Softw. Eng. 20(10), 1–1 (2020). https://doi.org/10.1109/tse.2020.3011388
Sánchez-González, L., García, F., Ruiz, F., Piattini, M.: A case study about the improvement of business process models driven by indicators. Softw. Syst. Model. 16(3), 759–788 (2017). https://doi.org/10.1007/s10270-015-0482-0
Sanjay, A., Suryawanshi, S., Arsude, V., Maid, N., & Kawarkhe, M. (2020). Factors involved in artificial intelligence based automate code generation tool. In: International Conference on Smart Innovations in Design, Environment, Management, Planning and Computing (ICSIDEMPC), pp 5–24. https://doi.org/10.1109/ICSIDEMPC49020.2020
SDMetrics—the design quality metrics tool for UML models. (n.d.). Retrieved June 4, 2021, from https://www.sdmetrics.com/
Sebastian, G., Tesoriero, R., Gallud, J.A.: Automatic code generation for language-learning applications. IEEE Lat. Am. Trans. 18(8), 1433–1440 (2020). https://doi.org/10.1109/TLA.2020.9111679
Shin, M.E., Gomaa, H.: Software requirements and architecture modeling for evolving non-secure applications into secure applications. Sci. Comput. Program. 66(1), 60–70 (2007). https://doi.org/10.1016/j.scico.2006.10.009
Shousha, M., Briand, L., Labiche, Y.: A UML/MARTE model analysis method for uncovering scenarios leading to starvation and deadlocks in concurrent systems. IEEE Trans. Softw. Eng. 38(2), 354–374 (2012). https://doi.org/10.1109/TSE.2010.107
Thilaka, B., Theetharappan, N.: Optimal time for withdrawal of voluntary retirement scheme with atime -varying threshold. In: 2nd International Conference on Innovative Mechanisms for Industry Applications, ICIMIA 2020—Conference Proceedings, 2(04), 598–602. (2020). https://doi.org/10.1109/ICIMIA48430.2020.9074885
Wang, H.H., Damljanovic, D., Sun, J.: An automated tool for semantic accessing to formal software models. Sci. Comput. Program. (2014). https://doi.org/10.1016/j.scico.2014.02.027
Wiegers, K., Beatty, J.: Software Requirements, Third Edition. (2014)
Wimmer, M., Strommer, M., Kargl, H., Kramler, G.: Towards model transformation generation by-example. Proc. Annual Hawaii Int. Conf. Syst. Sci. (2007). https://doi.org/10.1109/HICSS.2007.572
Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. J. Syst. Architect. 55(4), 211–223 (2009). https://doi.org/10.1016/j.sysarc.2008.10.002
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Mythily, M., Saha, S., Selvam, S. et al. BPM supported model generation by contemplating key elements of information security. Autom Softw Eng 29, 23 (2022). https://doi.org/10.1007/s10515-022-00321-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10515-022-00321-5