Towards SecureBPMN - Aligning BPMN with the Information Assurance and Security Domain

The participation of business experts in the elicitation and formulation of Information Assurance & Security (IAS) requirements is crucial. Although business experts have security-related knowledge, there is still no formalised business process modelling notation allowing them to express this knowledge in a clear, unambiguous manner. In this paper we outline the foundational basis for SecureBPMN - a graphical security modelling extension for the BPMN 2.0. We also align the BPMN with the IAS domain in order to identify points for the extension. SecureBPMN adopts a holistic approach to IAS and is designed to serve as a ”communication bridge” between business and security experts.

[1]  Nicolas Mayer,et al.  Model-based Management of Information System Security Risk , 2012 .

[2]  Mohd Fadzil Hassan,et al.  A Domain-Specific Language for Modelling Security Objectives in a Business Process Models of SOA Applications , 2012 .

[3]  Gerald Quirchmayr,et al.  A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management , 2009, 2009 20th International Workshop on Database and Expert Systems Application.

[4]  Hagen Völzer,et al.  An Overview of BPMN 2.0 and Its Potential Use , 2010, BPMN.

[5]  George M. Giaglis,et al.  A Taxonomy of Business Process Modeling and Information Systems Modeling Techniques , 2001 .

[6]  Klemens Böhm,et al.  A Security Language for BPMN Process Models , 2011 .

[7]  Frank Leymann BPEL vs. BPMN 2.0: Should You Care? , 2010, BPMN.

[8]  Raimundas Matulevicius,et al.  Towards Definition of Secure Business Processes , 2012, CAiSE Workshops.

[9]  Mario Piattini,et al.  A BPMN Extension for the Modeling of Security Requirements in Business Processes , 2007, IEICE Trans. Inf. Syst..

[10]  Remco M. Dijkman,et al.  Business Process Model and Notation - Third International Workshop, BPMN 2011, Lucerne, Switzerland, November 21-22, 2011. Proceedings , 2011, Business Process Modeling Notation.

[11]  Christoph Meinel,et al.  Modelling Security Goals in Business Processes , 2008, Modellierung.

[12]  Jeremy Hilton,et al.  Information Security and Information Assurance: Discussion about the Meaning, Scope, and Goals , 2014 .

[13]  Peter Fettke,et al.  Business Process Modeling Notation , 2008, Wirtschaftsinf..

[14]  Ed Dawson,et al.  Specification and design of advanced authentication and authorization services , 2005, Comput. Stand. Interfaces.

[15]  Andreas Schaad,et al.  Modeling of Task-Based Authorization Constraints in BPMN , 2007, BPM.