Skip to main content
SpringerLink
Log in

Automation of service-based security-aware business processes in the Cloud

  • Published:
Computing Aims and scope Submit manuscript

Abstract

The use of business process standards to model and execute business needs is growing rapidly. In addition, Service-oriented Computing has been adopted to realize business processes, which basically consists of executing the process activities using services available in the Internet. In this context, the importance of security is apparent, because sensitive data sent over the Internet may be accessed by unauthorized third-parties. To prevent security problems, users may associate security requirements that must be enforced in essential tasks of the business process. This fact leads to the need of automation, because both functional and security requirements should be modeled, at high-level, and enforced, at execution level. This work proposes a cloud-based solution named BPA-Sec4Cloud that supports all phases of the security-aware business process automation, from its modeling to its deployment. The use of a cloud-based solution facilitates the deployment process because all needed resources are available in the cloud and ready to be used. In addition, the cloud is also used as a platform in order to provide specific services, such as translators, to support the automation process. In order to evaluate the BPA-Sec4Cloud, the solution was compared against existing solutions through the use of metrics related to the quality of generated artifacts.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Activiti (2013) Activiti 5.15 User Guide. http://activiti.org/userguide/index.html. Last visit at 18 June 2014

  2. Altuhhova O, Matulevicius R, Ahmed N (2013) An extension of business process model and notation for security risk management. Technical report. http://www.techrepublic.com/resource-library/whitepapers. Last visit at 08 June 2014

  3. Apache Software Foundation (2009) Apache Rampart—Axis2 Security Model. http://ws.apache.org/rampart/. Last visit at 3 May 2012

  4. Apache Software Foundation (2008) Apache Orchestration Director Engine (ODE). http://ode.apache.org/. Last visit at 3 May 2013

  5. Appian (2014) Delivering value, security, and speed with BPM in the Cloud. http://www.appian.com/bpm-software/cloud-bpm.jsp. Last visit 14 July 2014

  6. Bertino E et al (2010) Security for Web services and service-oriented architectures. Springer, Berlin

    Book  Google Scholar 

  7. Bohli J et al (2013) Security and privacy-enhancing multicloud architectures. IEEE Trans Dependable Secur Comput 10(4):212–224

    Article  Google Scholar 

  8. Brucker AD (2013) Integrating security aspects into business process models. Inf Technol 55(6):239–246

    Google Scholar 

  9. Charfi A, Schmeling B, Mezini M (2012) An aspect-oriented framework for specification and enforcement of non-functional concerns in WS-BPEL. Int J Web Grid Serv 8(4):386–424

    Article  Google Scholar 

  10. Eclipse Foundation (2008) The BPMN Modeler. http://www.eclipse.org/bpmn. Last visit 5 Feb 2012

  11. Eucalyptus Systems (2009) Eucalyptus open-source Cloud computing infrastructure—an overview. http://www.eucalyptus.com/whitepapers

  12. Fan G et al (2010) Aspect oriented approach to building secure service composition. In: Proceedings of the 17th Asia Pacific software engineering conference (APSEC), pp 176–185

  13. Giner P, Torres V, Pelechano V (2007) Bridging the Gap between BPMN and WS-BPEL: M2M transformations in practice. Technical report. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.83.6295. Last visit 20 Oct 2013

  14. Huang J, Nicol DM (2013) Trust mechanisms for cloud computing. J Cloud Comput 2(9):1–14

    Google Scholar 

  15. IBM (2012) IBM Business Process Manager on Cloud. http://www-03.ibm.com/software/products/en/business-process-manager-cloud. Last visit 14 July 2014

  16. ITU-T (1991) Security architecture for open system interconnection for CCITT applications. Recommendation X.800. Geneva, Switzerland

  17. ITU-T (2008) Recommendation Z.150 (02/03): User Requirements Notation (URN)—Language definition. Geneva, Switzerland

  18. Jboss Community (2014) JBoss jBPM User Guide v. 6.1. http://docs.jboss.org/jbpm/v6.1.0.CR1/userguide/. Last visit at 10 July 2014

  19. Leitner M et al (2013) An experimental study on the design and modeling of security concepts in business processes. In: Proceedings of the 6th IFIP WG 8.1 working conference on the practice of enterprise modeling. LNBIP, vol. 165. Springer, Berlin, pp 236–250

  20. Menzel M et al (2010) The Service Security Lab: a model-driven platform to compose and explore service security in the Cloud. In: Proceedings of the IEEE international world congress of services, pp 115–122

  21. Menzel M, Warschofsky R, Meinel C (2010) A pattern-driven generation of security policies for service-oriented architectures. In: Proceddings of the IEEE international conference on Web services (ICWS 2010), pp 243–250

  22. Mell P, Grance T (2011) The NIST definition of Cloud computing. Recommendations of the National Institute of Standards and Technology, Special Publication 800-145

  23. OASIS (2007) Web Services Security: SOAP Message Security 1.1. http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf. Last visit 27 March 2015

  24. OMG (2011) Business process model and notation v 2.0. http://www.omg.org/spec/BPMN/2.0/PDF/. Last visit 24 Feb 2012

  25. Ouyang C et al (2009) From business process models to process-oriented software systems. ACM Trans Softw Eng Methodol 19(1):1–37

    Article  Google Scholar 

  26. Paja E et al (2012) Security requirements engineering for secure business processes. Lect Notes Bus Inf Process 106:77–89

    Article  Google Scholar 

  27. Papazoglou M, Heuvel W (2007) Service oriented architectures: approaches, technologies and research issues. VLDB J 16:389–415

    Article  Google Scholar 

  28. Rodriguez A, Fernndez-Medina E, Trujillo J, Piattini M (2011) Secure business process model specification through a UML 2.0 activity diagram profile. Decis Support Syst 51:446–465

    Article  Google Scholar 

  29. Rosa NS, Justo GRR, Cunha PRF (2004) An approach for reasoning and refining non-functional requirements. J Braz Comput Soc 10(1):59–77

    Article  Google Scholar 

  30. Rosa NS et al (2014) Enforcement of security requirements for a business model. US Patent 8,732,094, 2014

  31. Schmeling B et al (2011) Composing non-functional concerns in composite Web services. In: 2011 IEEE international conference on Web services, pp 331–338

  32. Stollberg M et al (2004) WSMO use case modeling and testing. http://www.wsmo.org/2004/d3/d3.2/20041004. Last visit 29 May 2013

  33. Stango A, Prasad NR, Kyriazanos DM (2009) A threat analysis methodology for security evaluation and enhancement planning. In: Third international conference on emerging security information, systems and technologies, pp 262–267

  34. Turki SH et al (2012) Modeling security requirements in service based business processes. Lect Notes Bus Inf Process 113:76–90

    Article  Google Scholar 

  35. Varela-Vaca AJ et al (2013) A security pattern-driven approach toward the automation of risk treatment in business processes. Adv Intell Syst Comput 189:13–23

    Article  Google Scholar 

  36. Wolter C et al (2009) Model-driven business process security requirement specification. J Syst Archit 55:211–223

    Article  Google Scholar 

  37. Yahia I, Turki SH, Charfi A, Kallel S, Bouaziz R (2013) International conference on service oriented computing workshops (ICSOC Workshops), pp 344–355

Download references

Author information

Authors and Affiliations

  1. Department of Statistics and Informatics, Federal Rural University of Pernambuco, Recife, PE, Brazil

    Fernando Lins

  2. Federal University of Pernambuco, Center of Informatics, Recife, PE, Brazil

    Julio Damasceno, Robson Medeiros, Erica Sousa & Nelson Rosa

Authors
  1. Fernando Lins
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julio Damasceno
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robson Medeiros
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Erica Sousa
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Nelson Rosa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fernando Lins.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lins, F., Damasceno, J., Medeiros, R. et al. Automation of service-based security-aware business processes in the Cloud. Computing 98, 847–870 (2016). https://doi.org/10.1007/s00607-015-0476-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-015-0476-3

Keywords

Mathematics Subject Classification

Search

Navigation