Abstract
Nowadays, business processes (BP) are important in the maintenance of competitiveness within enterprises. Moreover, security is a crucial issue in business performance. In the last few years, the languages used for BP representation have been improved and new notations have appeared. Proposals for security requirement specifications at this high level of abstraction have also appeared. Nevertheless, these models have not been transformed into concrete models that can be used in a software development process. In our proposal, we will obtain analysis-level classes from a business process specification in which security requirements are included. Model transformations are within the scope of MDA and they are specified by using the QVT standard. Finally, we shall apply this approach to a typical health-care business process.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Backes, M., Pfitzmann, B., Waider, M.: Security in Business Process Engineering, International Conference on Business Process Management (BPM). In: van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 168–183. Springer, Heidelberg (2003)
Barros, J.P., Gomes, L.: From Activity Diagrams to Class Diagrams. In: Workshop Dynamic Behaviour in UML Models: Semantic Questions In conjunction with Third International Conference on UML, York, UK (2000)
Castela, N., Tribolet, J., Silva, A., Guerra, A.: Business Process Modeling with UML. In: 3st. International Conference on Enterprise Information Systems, Setubal, Portugal, vol. 2, pp. 679–685 (2001)
Firesmith, D.: Specifying Reusable Security Requirements. Journal of Object Technology 3(1), 61–75 (2004)
Fuggetta, A.: Software process: a roadmap. In: ICSE 2000, 22nd International Conference on Software Engineering, Future of Software Engineering, Limerick Ireland pp. 25–34 (2000)
Herrmann, G., Pernul, G.: Viewing Business Process Security from Different Perspectives. In: 11th International Bled Electronic Commerce Conference, 1998, Slovenia, pp. 89–103 (1998)
Herrmann, P., Herrmann, G.: Security requirement analysis of business processes. Electronic Commerce Research 6(3-4), 305–335 (2006)
Jacobson, I., Booch, G., Rumbaugh, J.: El proceso unificado de desarrollo de software, p. 464 (2000)
Lopez, J., Montenegro, J.A., Vivas, J.L., Okamoto, E., Dawson, E.: Specification and design of advanced authentication and authorization services. Computer Standards & Interfaces 27(5), 467–478 (2005)
Maña, A., Montenegro, J.A., Rudolph, C., Vivas, J.L.: A business process-driven approach to security engineering. In: 14th. International Workshop on Database and Expert Systems Applications (DEXA), Prague, Czech Republic, pp. 477–481 (2003)
Maña, A., Ray, D., Sánchez, F., Yagüe, M. I.: Integrando la Ingeniería de Seguridad en un Proceso de Ingeniería Software, VIII Reunión Española de Criptología y Seguridad de la Información, RECSI, Madrid. Españ, pp. 383–392 (2004)
Object Management Group; MDA Guide Version 1.0.1. (2003), http://www.omg.org/docs/omg/03-06-01.pdf
Object Management Group; Unified Modeling Language: Superstructure, version 2.0, formal/05-07-04 (2005), http://www.omg.org/docs/formal/05-07-04.pdf
Quirchmayr, G.: Survivability and Business Continuity Management. In: ACSW Frontiers 2004 Workshops, Dunedin, New Zealand, pp. 3–6 (2004)
QVT, Meta Object Facility (MOF) 2.0 Query/View/Transformation Specification, OMG Adopted Specification ptc/05-11-01, p. 204 (2005)
Rational Software, Rational Unified Process, Best Practices for Software Development Teams, p. 21 (2001)
Rodríguez, A., Fernández-Medina, E., Piattini, M.: Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 51–61. Springer, Heidelberg (2006)
Röhm, A.W., Herrmann, G., Pernul, G.: A Language for Modelling Secure Business Transactions. In: 15th. Annual Computer Security Applications Conference, Phoenix, Arizona, pp. 22–31 (1999)
Roser, S., Bauer, B.: A Categorization of Collaborative Business Process Modeling Techniques. In: 7th IEEE International Conference on E-Commerce Technology Workshops (CEC 2005), Munchen, Germany, pp. 43–54 (2005)
Rungworawut, W., Senivongse, T.: Using Ontology Search in the Design of Class Diagram from Business Process Model, Enformatika, Transactions on Engineering. Computing and Technology 12, 165–170 (2006)
Tryfonas, T., Kiountouzis, E.A.: Perceptions of Security Contributing to the Implementation of Secure IS, Security and Privacy in the Age of Uncertainty, IFIP TC11 18th International Conference on Information Security (SEC2003), Athens, Greece, vol. 250, pp. 313–324 (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rodríguez, A., Fernández-Medina, E., Piattini, M. (2007). Analysis-Level Classes from Secure Business Processes Through Model Transformations. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)