[ PDF |
DOI |
BibTeX |
EndNote |
RIS |
Word ]
Using SecureBPMN for Modelling Security-Aware Service Compositions
By Achim D. Brucker.
Today, many systems are built by orchestrating existing services, custom developed services, as well as interaction with users. These orchestrations, also called composition plans, are often described using high-level modelling languages that allow for simplifying 1) the implementation of systems by using generic execution engines and 2) the adaption of deployed systems to changing business needs. Thus, composition plans play an important role for both communicating business requirements between domain experts and system experts, and serving as a basis for the system implementation.
At the same time, ICT systems need to fulfil an increasing number of security and compliance requirements. Thus, there is a demand for integrating security and compliance requirements into composition plans.
We present SecureBPMN, a language for modelling security properties that can easily be integrated into languages used for describing service orchestrations. Moreover, we integrate SecureBPMN into BPMN and, thus, present a common language for describing service orchestration (in terms of business process models) together with their security and compliance requirements.
Keywords: SecureBPMN, BPMN, Access Control, Confidentiality
Please cite this work as follows: A. D. Brucker, “Using SecureBPMN for modelling security-aware service compositions,” in Secure and trustworthy service composition: The aniketos approach, A. D. Brucker, F. Dalpiaz, P. Giorgini, P. H. Meland, and E. Rios, Eds. Heidelberg: Springer-Verlag, 2014, pp. 110–120. doi: 10.1007/978-3-319-13518-2_8. Author copy: https://logicalhacking.com/publications/brucker-aniketos-securebpmn-2014/
BibTeX
@InCollection{ brucker:aniketos-securebpmn:2014,
author = {Achim D. Brucker},
title = {Using {SecureBPMN} for Modelling Security-Aware Service
Compositions},
areas = {security, software},
editor = {Achim D. Brucker and Fabiano Dalpiaz and Paolo Giorgini and
Per H{\aa}kon Meland and Erkuden {Rios}},
booktitle = {Secure and Trustworthy Service Composition: The Aniketos
Approach},
publisher = {Springer-Verlag },
address = {Heidelberg },
series = {Lecture Notes in Computer Science : State of the Art
Surveys},
number = {8900},
pages = {110--120},
isbn = {978-3-319-13517-5},
doi = {10.1007/978-3-319-13518-2_8},
year = {2014},
abstract = {Today, many systems are built by orchestrating existing
services, custom developed services, as well as interaction
with users. These orchestrations, also called composition
plans, are often described using high-level modelling
languages that allow for simplifying 1) the implementation of
systems by using generic execution engines and 2) the adaption
of deployed systems to changing business needs. Thus,
composition plans play an important role for both
communicating business requirements between domain experts and
system experts, and serving as a basis for the system
implementation.
At the same time, ICT systems need to fulfil an increasing
number of security and compliance requirements. Thus, there is
a demand for integrating security and compliance requirements
into composition plans.
We present SecureBPMN, a language for modelling security
properties that can easily be integrated into languages used
for describing service orchestrations. Moreover, we integrate
SecureBPMN into BPMN and, thus, present a common language for
describing service orchestration (in terms of business process
models) together with their security and compliance
requirements.},
keywords = {SecureBPMN, BPMN, Access Control, Confidentiality},
note = {Author copy: \url{https://logicalhacking.com/publications/brucker-aniketos-securebpmn-2014/}},
pdf = {https://logicalhacking.com/publications/brucker-aniketos-securebpmn-2014/brucker-aniketos-securebpmn-2014.pdf},
}