SecureBPMN

SecureBPMN is a domain-specific modeling language that allows to model security aspects (e.g., access control, separation of duty, confidentiality). SecurePBPMN is defined as a meta-model that can easily be integrated into BPMN and, thus, can be used for modeling secure and business processes as well as secure service compositions.

The SecureBPMN tool chain does not only support modeling of secure business process and service compositions: it also supports the formal analysis both on the level of SecureBPMN models as well as refinement properties between the model and the actual implementation.

Source Code

The source code is released under the Apache 2.0 license: https://git.logicalhacking.com/SecureBPMN/SecureBPMN.

Related Publications

2015

• Mattia Salnitri, Achim D. Brucker, and Paolo Giorgini. From Secure Business Process Models to Secure Artifact-Centric Specifications. In Enterprise, Business-Process and Information Systems Modeling BPMDS. Lecture Notes in Business Information Processing, 214, pages 246-262, Springer-Verlag, 2015.
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-319-19237-6_16) ( )
  

2014

• Muhammad Asim, Artsiom Yautsiukhin, Achim D. Brucker, Brett Lempereur, and Qi Shi. Security Policy Monitoring of Composite Services. In Secure and Trustworthy Service Composition: The Aniketos Approach. Lecture Notes in Computer Science: State of the Art Surveys (8900), pages 192-202, Springer-Verlag , 2014.
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-319-13518-2_13) ( )
  
• Achim D. Brucker. Using SecureBPMN for Modelling Security-Aware Service Compositions. In Secure and Trustworthy Service Composition: The Aniketos Approach. Lecture Notes in Computer Science: State of the Art Surveys (8900), pages 110-120, Springer-Verlag , 2014.
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-319-13518-2_8) ( )
  
• Achim D. Brucker, Luca Compagna, and Pierre Guilleminot. Compliance Validation of Secure Service Compositions. In Secure and Trustworthy Service Composition: The Aniketos Approach. Lecture Notes in Computer Science: State of the Art Surveys (8900), pages 136-149, Springer-Verlag , 2014.
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-319-13518-2_10) ( )
  
• Achim D. Brucker, Francesco Malmignati, Madjid Merabti, Qi Shi, and Bo Zhou. Aniketos Service Composition Framework: Analysing and Ranking of Secure Services. In Secure and Trustworthy Service Composition: The Aniketos Approach. Lecture Notes in Computer Science: State of the Art Surveys (8900), pages 121-135, Springer-Verlag , 2014.
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-319-13518-2_9) ( )
  
• Achim D. Brucker, Fabiano Dalpiaz, Paolo Giorgini, Per Haakon Meland, and Erkuden Rios Secure and Trustworthy Service Composition: The Aniketos Approach. Springer-Verlag, 2014.
  Categories: ,
  (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-319-13518-2) ( )
  

2013

• Achim D. Brucker. Reasoning over Secure Business Processes. Dagstuhl Seminar 13211 "Automated Reasoning on Conceptual Schemas", 21. may. 2013.
  (abstract) (slides) (handout) (BibTeX) ( )
  
• Achim D. Brucker. Integrating Security Aspects into Business Process Models. In it - Information Technology, 55 (6), pages 239-246, 2013. Special Issue on "Security in Business Processes."
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1524/itit.2013.2004) ( )
  
• Achim D. Brucker, Francesco Malmignati, Madjid Merabti, Qi Shi, and Bo Zhou. A Framework for Secure Service Composition. In International Conference on Information Privacy, Security, Risk and Trust (PASSAT), pages 647-652, IEEE Computer Society , 2013.
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1109/SocialCom.2013.97) ( )
  
• Achim D. Brucker, Francesco Malmignati, Madjid Merabti, Qi Shi, and Bo Zhou. A Framework for Secure Service Composition. ASE/IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT), Washington D.C., USA, 11. sep. 2013.
  (abstract) (slides) (handout) (full text as PDF file) (BibTeX) ( )
  
• Luca Compagna, Pierre Guilleminot, and Achim D. Brucker. Business Process Compliance via Security Validation as a Service. In IEEE Sixth International Conference on Software Testing, Verification and Validation (ICST). , pages 455-462, IEEE Computer Society, 2013.
  Categories: , ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1109/ICST.2013.63) ( )
  

2012

• Achim D. Brucker and Isabelle Hang. Secure and Compliant Implementation of Business Process-driven Systems. In Joint Workshop on Security in Business Processes (SBP). Lecture Notes in Business Information Processing (LNBIP), 132, pages 662-674, Springer-Verlag, 2012.
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-642-36285-9_66) ( )
  
• Achim D. Brucker, Isabelle Hang, Gero Lückemeyer, and Raj Ruparel. SecureBPMN: Modeling and Enforcing Access Control Requirements in Business Processes. In ACM symposium on access control models and technologies (SACMAT). , pages 123-126, ACM Press, 2012.
  Categories: , ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1145/2295136.2295160) (ACM) ( )
  
• Ganna Monakova, Achim D. Brucker, and Andreas Schaad. Security and Safety of Assets in Business Processes. In ACM Symposium on Applied Computing (SAC). , pages 1667-1673, ACM Press, 2012.
  Categories: , ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1145/2245276.2232045) (ACM) ( )
  
• Ganna Monakova, Cristina Severin, Achim D. Brucker, Ulrich Flegel, and Andreas Schaad. Monitoring Security and Safety of Assets in Supply Chains. In Future Security. Communications in Computer and Information Science, 318, pages 9-20, Springer-Verlag, 2012.
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-642-33161-9_3) ( )
  

2010

• Mathias Kohler and Achim D. Brucker. Caching Strategies: An Empirical Evaluation. In International Workshop on Security Measurements and Metrics (MetriSec), pages 1-8, ACM Press , 2010.
  Categories: , ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1145/1853919.1853930) (ACM) ( )
  

2009

• Mathias Kohler, Achim D. Brucker, and Andreas Schaad. ProActive Caching: Generating Caching Heuristics for Business Process Environments. In International Conference on Computational Science and Engineering (CSE), pages 207-304, IEEE Computer Society , 2009.
  Categories: ,
  (abstract) (full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1109/CSE.2009.177) ( )