Integrating Security Aspects into Business Process Models

By Achim D. Brucker.

Modern enterprise systems are often process-driven and, thus, rely heavily on process-aware information systems. In such systems, high-level process-models play an important role both for communicating business requirements between domain experts and system experts as well as basis for the system implementation. Since several years, enterprise system need to fulfil an increasing number of the security and compliance requirements. Thus, there is an increasing demand for integrating high-level security and compliance requirements into process models, , a common language for domain experts, system experts, and security experts.

We present a security modelling language, called SecureBPMN, that can easily be integrated into business process modelling languages. In this paper, we exemplary integrate SecureBPMN into BPMN and, thus, present a common language for describing business process models together with their security and compliance requirements.

Keywords:
Management of Computing and Information Systems, SecureBPMN, BPMN, Break-Glass, Break-the-Glass

Please cite this work as follows:
A. D. Brucker, “Integrating security aspects into business process models,” it - Information Technology, vol. 55, no. 6, pp. 239–246, Dec. 2013, doi: 10.1524/itit.2013.2004. Special Issue on “Security in Business Processes.” Author copy: https://logicalhacking.com/publications/brucker-securebpmn-2013/

BibTeX
@Article{ brucker:securebpmn:2013,
  author      = {Achim D. Brucker},
  journal     = {it - Information Technology},
  publisher   = {Oldenbourg Wissenschaftsverlag},
  language    = {USenglish},
  title       = {Integrating Security Aspects into Business Process Models},
  title_de    = {Integration von Sicherheitsaspekten in
                 Gesch{\"a}ftsprozessmodelle},
  year        = {2013},
  issn        = {2196-7032},
  pages       = {239--246},
  volume      = {55},
  number      = {6},
  month       = {dec},
  areas       = {security, software},
  doi         = {10.1524/itit.2013.2004},
  keywords    = {Management of Computing and Information Systems, SecureBPMN,
                 BPMN, Break-Glass, Break-the-Glass},
  abstract    = {Modern enterprise systems are often process-driven and, thus,
                 rely heavily on process-aware information systems. In such
                 systems, high-level process-models play an important role both
                 for communicating business requirements between domain experts
                 and system experts as well as basis for the system
                 implementation. Since several years, enterprise system need to
                 fulfil an increasing number of the security and compliance
                 requirements. Thus, there is an increasing demand for
                 integrating high-level security and compliance requirements
                 into process models, \ie, a common language for domain
                 experts, system experts, and security experts.
                 
                 We present a security modelling language, called SecureBPMN,
                 that can easily be integrated into business process modelling
                 languages. In this paper, we exemplary integrate SecureBPMN
                 into BPMN and, thus, present a common language for describing
                 business process models together with their security and
                 compliance requirements.},
  abstract_de = {Moderne Unternehmensanwendungen m{\"u}ssen die Unternehmen
                 dabei unterst{\"u}tzen, ihre Gesch{\"a}ftsprozesse effizient
                 auszuf{\"u}hren. In solchen Anwendungen spielen abstrakte
                 Gesch{\"a}ftsprozessmodelle eine zentrale Rolle. Die
                 Gesch{\"a}ftsprozessmodelle werden f{\"u}r die Kommunikation
                 zwischen Gesch{\"a}fts- und IT-Experten genutzt und dienen
                 dar{\"u}ber hinaus als Basis f{\"u}r die Implementierung der
                 Unternehmensanwendungen. Seit einigen Jahren m{\"u}ssen
                 Unternehmensanwendungen einer steigenden Anzahl von
                 Sicherheits- und Compliance-Anforderungen gen{\"u}gen. Hieraus
                 ergibt sich ein gesteigerte Bed{\"u}rfnis nach der Integration
                 von Sicherheits- und Compliance-Anforderungen in die
                 Gesch{\"a}ftsprozessmodelle.
                 
                 In diesem Artikel stellen wir die Modellierungssprache
                 SecureBPMN vor, welche es erlaubt, Sicherheitsanforderungen im
                 Kontext von Gesch{\"a}ftsprozessmodelle zu spezifizieren.},
  note        = {Special Issue on ``Security in Business Processes.''. 
                 Author copy: \url{https://logicalhacking.com/publications/brucker-securebpmn-2013/}},
  pdf         = {https://logicalhacking.com/publications/brucker-securebpmn-2013/brucker-securebpmn-2013.pdf},
}