Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Capturing Security Requirements in Business Processes Through a UML 2.0 Activity Diagrams Profile

  • Conference paper
Advances in Conceptual Modeling - Theory and Practice (ER 2006)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 4231))

Included in the following conference series:

Abstract

Security has become a crucial aspect for the performance of present organizations since the protected object is the mission of them. Therefore, the management approach oriented to business processes has been a good answer for the current scenarios, changing and complex, where organizations develop their task. Both subjects form a basic requirement to reach not only the mission but also the organizational objectives in a strongly connected global economy. In this work, we will show a microprocess through which it is possible to specify and refine security requirements at a high level of abstraction, in a way that they can be incorporated into the development of a software system. In addition, an extension of UML 2.0 activity diagrams will be presented through which it is possible to identify such requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abie, H., Aredo, D.B., Kristoffersen, T., Mazaher, S., Raguin, T.: Integrating a Security Requirement Language with UML. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds.) UML 2004. LNCS, vol. 3273, pp. 350–364. Springer, Heidelberg (2004)

    Google Scholar 

  2. Artelsmair, C., Wagner, R.: Towards a Security Engineering Process. In: The 7th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, Florida, USA, vol. VI, pp. 22–27 (2003)

    Google Scholar 

  3. Backes, M., Pfitzmann, B., Waidner, M.: Security in Business Process Engineering. In: van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 168–183. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: SACMAT 2003, 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy (2003)

    Google Scholar 

  5. Bock, C.: UML 2 Activity and Action Models. Journal of Object Technology 2(4), 43–53 (2003)

    Article  Google Scholar 

  6. Eriksson, H.-E., Penker, M.: Business Modeling with UML. OMG Press (2001)

    Google Scholar 

  7. Firesmith, D.: Engineering Security Requirements. Journal of Object Technology 2(1), 53–68 (2003)

    Article  Google Scholar 

  8. Firesmith, D.: Specifying Reusable Security. Journal of Object Technology 3(1), 61–75 (2004)

    Article  Google Scholar 

  9. Fuggetta, A.: Software process: a roadmap. In: ICSE 2000, 22nd International Conference on Software Engineering, Future of Software Engineering, Limerick, Ireland, pp. 25–34 (2000)

    Google Scholar 

  10. Herrmann, G., Pernul, G.: Viewing Business Process Security from Different Perspectives. In: 11th International Bled Electronic Commerce Conference, Slovenia, pp. 89–103 (1998)

    Google Scholar 

  11. Jacobson, I., Booch, G., Rumbaugh, J.: El proceso unificado de desarrollo de software, 464 p. (2000)

    Google Scholar 

  12. Jürjens, J.: Secure Systems Development with UML, 309 p. Springer, Heidelberg (2004)

    Google Scholar 

  13. Kalnins, A., Barzdins, J., Celms, E.: UML Business Modeling Profile. In: Thirteenth International Conference on Information Systems Development, Advances in Theory, Practice and Education, Vilnius, Lithuania, pp. 182–194 (2004)

    Google Scholar 

  14. List, B., Korherr, B.: A UML 2 Profile for Business Process Modelling. In: 1st International Workshop on Best Practices of UML (BP-UML 2005) at ER 2005, Klagenfurt, Austria (2005)

    Google Scholar 

  15. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  16. Lopez, J., Montenegro, J.A., Vivas, J.L., Okamoto, E., Dawson, E.: Specification and design of advanced authentication and authorization services. Computer Standards & Interfaces 27(5), 467–478 (2005)

    Article  Google Scholar 

  17. Maña, A., Montenegro, J.A., Rudolph, C., Vivas, J.L.: A business process-driven approach to security engineering. In: 14th International Workshop on Database and Expert Systems Applications (DEXA). Prague, Czech Republic, pp. 477–481 (2003)

    Google Scholar 

  18. Maña, A., Ray, D., Sánchez, F., Yagüe, M.I.: Integrando la Ingeniería de Seguridad en un Proceso de Ingeniería Software. In: VIII Reunión Española de Criptología y Seguridad de la Información, RECSI. Leganés, Madrid, España, pp. 383–392 (2004)

    Google Scholar 

  19. Mouratidis, H., Giorgini, P., Manson, G.A.: When security meets software engineering: a case of modelling secure information systems. Information Systems 30(8), 609–629 (2005)

    Article  Google Scholar 

  20. Object Management Group, Unified Modeling Language: Superstructure, version 2.0, formal/05-07-04 (2005), http://www.omg.org/docs/formal/05-07-04.pdf

  21. Pressman, R.S.: Software Engineering: A Practitioner’s Approach, 6th edn., 880 p. (2006)

    Google Scholar 

  22. Quirchmayr, G.: Survivability and Business Continuity Management. In: ACSW Frontiers 2004 Workshops, Dunedin, New Zealand, pp. 3–6 (2004)

    Google Scholar 

  23. Röhm, A.W., Herrmann, G., Pernul, G.: A Language for Modelling Secure Business Transactions. In: 15th Annual Computer Security Applications Conference, Phoenix, Arizona, pp. 22–31 (1999)

    Google Scholar 

  24. Röhm, A.W., Pernul, G., Herrmann, G.: Modelling Secure and Fair Electronic Commerce. In: 14th Annual Computer Security Applications Conference, Scottsdale, Arizona, pp. 155–164 (1998)

    Google Scholar 

  25. Siponen, M.T.: Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods. Information and Organization 15, 339–375 (2005)

    Article  Google Scholar 

  26. Stefanov, V., List, B., Korherr, B.: Extending UML 2 Activity Diagrams with Business Intelligence Objects. In: Tjoa, A.M., Trujillo, J. (eds.) DaWaK 2005. LNCS, vol. 3589, pp. 53–63. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Vivas, J.L., Montenegro, J.A., Lopez, J.: Towards a Business Process-Driven Framework for security Engineering with the UML. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 381–395. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  28. Zulkernine, M., Ahamed, S.I.: Software Security Engineering: Toward Unifying Software Engineering and Security Engineering. In: Idea Group (eds.) Enterprise Information Systems Assurance and Systems Security: Managerial and Technical Issues, M. Warkentin & R. Vaughn, pp. 215–232 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Departamento de Auditoría e Informática, Universidad del Bio Bio, Chillán, Chile

    Alfonso Rodríguez

  2. ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Ciudad Real, Spain

    Eduardo Fernández-Medina & Mario Piattini

Authors
  1. Alfonso Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eduardo Fernández-Medina
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mario Piattini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Flinders University, Adelaide, Australia

    John F. Roddick

  2. iSOCO, Spain

    V. Richard Benjamins

  3. CEDRIC-CNAM, France

    Samira Si-said Cherfi

  4. University of Cincinnati, USA

    Roger Chiang

  5. Naval Academy Research Institute, Brest Naval, France

    Christophe Claramunt

  6. Department of Computer Science and Engineering, The University of Texas at Arlington, USA

    Ramez A. Elmasri

  7. Dipartimento di Elettronica, Informatica e Sistemistica, Alma Mater Studiorum – Università di Bologna, Italy

    Fabio Grandi

  8. Drexel University, USA

    Hyoil Han

  9. E-Business and Web Science Research Group, Bundeswehr University Munich, Germany

    Martin Hepp

  10. University of Patras, Argolidos 40-42, 153-44, Gerakas Attikis, Greece

    Miltiadis D. Lytras

  11. University of Manitoba, Canada

    Vojislav B. Mišić

  12. Ghent University, Belgium

    Geert Poels

  13. College of Information Science and Technology, Drexel University, USA

    Il-Yeol Song

  14. Department of Software and Computing Systems, University of Alicante, Spain

    Juan Trujillo

  15. EPFL, Switzerland

    Christelle Vangenot

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rodríguez, A., Fernández-Medina, E., Piattini, M. (2006). Capturing Security Requirements in Business Processes Through a UML 2.0 Activity Diagrams Profile. In: Roddick, J.F., et al. Advances in Conceptual Modeling - Theory and Practice. ER 2006. Lecture Notes in Computer Science, vol 4231. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908883_6

Download citation

  • DOI: https://doi.org/10.1007/11908883_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-47703-7

  • Online ISBN: 978-3-540-47704-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation