Alfonso Rodríguez

A BPMN Extension for the Modeling of Security Requirements in Business Processes

Business Processes are considered a crucial issue by many enterprises because they are the key to maintain competitiveness. Moreover, business processes are important for software developers, since they can capture from them the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. Security is important for business performance, but traditionally, it is considered after the business processes definition. Empirical studies show that, at the business process level, customers, end users, and business analysts are able to express their security needs. In this work, we will present a proposal aimed at integrating security requirements through business process modeling. We will summarize our Business Process Modeling Notation extension for modeling secure business process through Business Process Diagrams, and we will apply this approach to a typical health-care business process.

Towards CIM to PIM transformation: from secure business processes defined in BPMN to use-cases

The software community is currently paying attention to modeltransformation. The MDA approach is particularly orientated towards solvingthe problems of time, cost and quality associated with software creation.Enterprises are, moreover, aware of the importance that business processes andsecurity have in relation to their competitive position and performance. In ourprevious work, we have proposed a BPMN extension which can be used todefine security requirement in business process specifications. A SecureBusiness Process description is that of computation independent models in anMDA context. In this paper we propose a CIM to PIM transformationcomposed of QVT rules. Various UML use cases, which will be part of aninformation system, are obtained from the secure business process description.

Semi-formal transformation of secure business processes into analysis class and use case models: An MDA approach

Context: Model-Driven Development (MDD) is an alternative approach for information systems development. The basic underlying concept of this approach is the definition of abstract models that can be transformed to obtain models near implementation. One fairly widespread proposal in this sphere is that of Model Driven Architecture (MDA). Business process models are abstract models which additionally contain key information about the tasks that are being carried out to achieve the companys goals, and two notations currently exist for modelling business processes: the Unified Modelling Language (UML), through activity diagrams, and the Business Process Modelling Notation (BPMN). Objective: Our research is particularly focused on security requirements, in such a way that security is modelled along with the other aspects that are included in a business process. To this end, in earlier works we have defined a metamodel called secure business process (SBP), which may assist in the process of developing software as a source of highly valuable requirements (including very abstract security requirements), which are transformed into models with a lower abstraction level, such as analysis class diagrams and use case diagrams through the approach presented in this paper. Method: We have defined all the transformation rules necessary to obtain analysis class diagrams and use case diagrams from SBP, and refined them through the characteristic iterative process of the action-research method. Results: We have obtained a set of rules and a checklist that make it possible to automatically obtain a set of UML analysis classes and use cases, starting from SBP models. Our approach has additionally been applied in a real environment in the area of the payment of electrical energy consumption. Conclusions: The application of our proposal shows that our semi-automatic process can be used to obtain a set of useful artifacts for software development processes.

Towards a UML 2.0 extension for the modeling of security requirements in business processes

Security is a crucial issue for business performance, but usually, it is considered after the business processes definition. Many security requirements can be expressed at the business process level. A business process model is important for software developers, since they can capture from it the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. This paper contains a description of our UML 2.0 extension for modeling secure business process through activity diagrams. We will apply this approach to a typical health-care business process.

Security requirement with a UML 2.0 profile

Business processes are important for companies because they allow us to obtain an advanced marketplace position, and then, these enterprises can optimize and assure the quality of their products and services. Moreover, business processes are important for software developers, because they can capture from them the necessary requirements for software design and creation. At the same time, organizations have been opened and this implies more vulnerability. In spite of all these facts, security is an aspect that has been scarcely dealt with in the business process modeling. In this paper, we summarize our UML 2.0 profile for secure business process modeling through activity diagrams, and we apply this approach to a typical health-care business process.

A BPMN Extension for Including Data Quality Requirements in Business Process Modeling

BPMN is a notation for business process modeling through which it is possible to represent multiple characteristics of the analyzed business processes. However, although in a business process data play a fundamental role, it is still not possible to model data quality issues using BPMN due mainly to the lack of a specific notation. Since data quality is one of the main elements for achieving the business process goals, we aim to develop a comprehensive framework that supports the design of data quality-aware business processes. In this paper, we mainly focus on the part related to the elicitation and definition of data quality requirements and we present an extension of BPMN suitable to include them at a business process modeling level.

Towards Obtaining Analysis-Level Class and Use Case Diagrams from Business Process Models

Nowadays, business process modeling, using industrial standards such as UML or BPMN, offers us a good opportunity to incorporate requirements at high levels of abstraction. In the context of Model Driven Architecture (MDA), the business process model is considered as a Computation Independent Model (CIM). In our proposal we will transform the business process specifications into analysis-level classes and use cases, both of which are UML artifacts used to describe the problem in the context of Platform Independent Models (PIM). Such artifacts are complementary, as they are only a subset of the analysis-level classes and use cases that describe the whole problem, in the first stages of the software development process. This work contains the principle issues involved in the main standards that allow us to represent a business process, details of the transformation rules in QVT specification and an illustrative example in which our proposal has been applied.

CIM to PIM Transformation: A Reality

Within the scope of MDA, the model transformation is orientated towards solving the problems of time, cost and quality associated with software creation. Moreover, business process modeling, through the use of industrial standards such as UML or BPMN, offers us a good opportunity to incorporate requirements at high levels of abstraction. We consider Secure Business Process models such as the Computation Independent Model (CIM). In this paper we show that it is possible to define CIM to PIM (Platform Independent Model) transformations, using QVT rules. Through our rules, we obtain certain UML analysis-level classes and use cases which will be part of the PIM of an information system. We illustrate our approach with a case study concerned with payment for the consumption of electrical energy.

Analysis-level classes from secure business processes through model transformations

Nowadays, business processes (BP) are important in the maintenance of competitiveness within enterprises. Moreover, security is a crucial issue in business performance. In the last few years, the languages used for BP representation have been improved and new notations have appeared. Proposals for security requirement specifications at this high level of abstraction have also appeared. Nevertheless, these models have not been transformed into concrete models that can be used in a software development process. In our proposal, we will obtain analysis-level classes from a business process specification in which security requirements are included. Model transformations are within the scope of MDA and they are specified by using the QVT standard. Finally, we shall apply this approach to a typical health-care business process.

M-BPSec: a method for security requirement elicitation from a UML 2.0 business process specification

The early attainment of requirements in a software development process allows us to improve the quality of the product. Although many methods through which to elicit requirements exist, few of them are specifically designed for security requirements. This paper describes a method - M-BPSec - which permits the elicitation of security requirements which form part of a business process description carried out with a UML 2.0 Activity Diagram. MBPSec is made up of stages, actors, tools and artifacts which, when applied in a coordinated manner, allow us to specify security requirements in business processes and to obtain class and use cases from this specification.