Change language
English Deutsch
Change currency
€ EUR £ GBP $ USD
Licensed Unlicensed Requires Authentication Published by De Gruyter Oldenbourg December 19, 2013

Integrating Security Aspects into Business Process Models

Integration von Sicherheitsaspekten in Geschäftsprozessmodelle
  • Achim D. Brucker

    Dr. Achim D. Brucker is a Senior Researcher and Project Lead in the “Product Security Research Team” as well as a member of the “Code Analysis Team” of SAP AG. His research interests include security, software engineering, and formal methods. In particular, he is interested in tools and methods for modelling, building, validating, and verifying secure and reliable systems. He also participates in the OCL standardisation process of the OMG. Further information can be found on his website: http://www.brucker.ch.

    SAP AG, Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe, Germany +49-62-277-52595

     EMAIL logo
From the journal it – Information Technology
https://doi.org/10.1524/itit.2013.2004

Abstract

Modern enterprise systems are often process-driven and, thus, rely heavily on process-aware information systems. In such systems, high-level process-models play an important role both for communicating business requirements between domain experts and system experts as well as basis for the system implementation. Since several years, enterprise system need to fulfil an increasing number of the security and compliance requirements. Thus, there is an increasing demand for integrating high-level security and compliance requirements into process models, i. e. a common language for domain experts, system experts, and security experts. We present a security modelling language, called SecureBPMN, that can easily be integrated into business process modelling languages. In this paper, we exemplary integrate SecureBPMN into BPMN and, thus, present a common language for describing business process models together with their security and compliance requirements.

Zusammenfassung

Moderne Unternehmensanwendungen müssen die Unternehmen dabei unterstützen, ihre Geschäftsprozesse effizient auszuführen. In solchen Anwendungen spielen abstrakte Geschäftsprozessmodelle eine zentrale Rolle. Die Geschäftsprozessmodelle werden für die Kommunikation zwischen Geschäfts- und IT-Experten genutzt und dienen darüber hinaus als Basis für die Implementierung der Unternehmensanwendungen. Seit einigen Jahren müssen Unternehmensanwendungen einer steigenden Anzahl von Sicherheits- und Compliance-Anforderungen genügen. Hieraus ergibt sich ein gesteigertes Bedürfnis nach der Integration von Sicherheits- und Compliance-Anforderungen in die Geschäftsprozessmodelle. In diesem Artikel stellen wir die Modellierungssprache SecureBPMN vor, welche es erlaubt, Sicherheitsanforderungen im Kontext von Geschäftsprozessmodelle zu spezifizieren.

Keywords: ACM CCS; Security and privacy; Formal methods and theory of security; Formal security models; ACM CCS; Applied computing; Enterprise computing; Business process management; Business process modeling; SecureBPMN; BPMN; Access Control; Confidentiality; Break-glass; Delegation
Schlagwörter: Sichere Geschäftsprozessmodelle; SecureBPMN; BPMN; Zugriffskontrolle; Vertraulichkeit; Break-glass; Delegation

About the author

Achim D. Brucker

Dr. Achim D. Brucker is a Senior Researcher and Project Lead in the “Product Security Research Team” as well as a member of the “Code Analysis Team” of SAP AG. His research interests include security, software engineering, and formal methods. In particular, he is interested in tools and methods for modelling, building, validating, and verifying secure and reliable systems. He also participates in the OCL standardisation process of the OMG. Further information can be found on his website: http://www.brucker.ch.

SAP AG, Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe, Germany +49-62-277-52595

Received: 2013-7-26
Published Online: 2013-12-19
Published in Print: 2013-12-1

© 2013 by Walter de Gruyter Berlin Boston

From the journal
it – Information Technology
it – Information Technology
Volume 55 Issue 6
Submit manuscript

Journal and Issue

Articles in the same Issue

Masthead
Security in Business Process Management
Business Process Security Analysis – Design Time, Run Time, Audit Time
Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns
Business Process Compliance: An Abstract Normative Framework
Integrating Security Aspects into Business Process Models
Security and Privacy in Business Processes: A Posteriori Analysis Techniques
Privacy Analysis of User Behavior Using Alignments
Masthead
Masthead
Editorial
Security in Business Process Management
Schwerpunkt
Business Process Security Analysis – Design Time, Run Time, Audit Time
Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns
Business Process Compliance: An Abstract Normative Framework
Integrating Security Aspects into Business Process Models
Security and Privacy in Business Processes: A Posteriori Analysis Techniques
Privacy Analysis of User Behavior Using Alignments
Downloaded on 24.4.2024 from https://www.degruyter.com/document/doi/10.1524/itit.2013.2004/html
Scroll to top button