Modern enterprise systems need to implement and comply to increasingly complex security, compliance, and privacy policies. To address this need, we developed SecureBPMN, a model-driven security approach for process-driven systems.
SecureBPMN is a model-driven security approach for business-process-driven systems. SecureBPMN integrates security and privacy aspects into BPMN. It allows to model, formally analyze SecureBPMN models as well as to generate code and configuration artefacts.
On the one hand, SecureBPMN provides a domain-specific modeling language that allows to model security aspects (e.g., access control, separation of duty, confidentiality). SecurePBPMN is defined as a meta-model that can easily be integrated into BPMN and, thus, can be used for modeling secure and business processes as well as secure service compositions.
On the other hand, SecureBPMN provides and end-to-end modeling, verification, and validation approach for building systems that comply to complex security, privacy, or compliance requirements. The SecureBPMN tool chain does not only support modeling of secure business process and service compositions: it also supports the formal analysis both on the level of SecureBPMN models as well as refinement properties between the model and the actual implementation.
1. Salnitri, M., Brucker, A. D., and Giorgini, P. “From Secure Business Process Models to Secure Artifact-Centric Specifications” Enterprise, business-process and information systems modeling bpmds (2015): 246–262. doi:10.1007/978-3-319-19237-6_16, URL: http://www.brucker.ch/bibliography/abstract/salnitri.ea-river-2015
2. Kohler, M., Brucker, A. D., and Schaad, A. “ProActive Caching: Generating Caching Heuristics for Business Process Environments” International conference on computational science and engineering (cse) 3, (2009): 207–304. doi:10.1109/CSE.2009.177, URL: http://www.brucker.ch/bibliography/abstract/kohler.ea-proactive-2009
3. Brucker, A. D., Hang, I., Lückemeyer, G., and Ruparel, R. “SecureBPMN: Modeling and Enforcing Access Control Requirements in Business Processes” ACM symposium on access control models and technologies (sacmat) (2012): 123–126. doi:10.1145/2295136.2295160, URL: http://www.brucker.ch/bibliography/abstract/brucker.ea-securebpmn-2012
4. Brucker, A. D. and Hang, I. “Secure and Compliant Implementation of Business Process-Driven Systems” Joint workshop on security in business processes (sbp) 132, (2012): 662–674. doi:10.1007/978-3-642-36285-9_66, URL: http://www.brucker.ch/bibliography/abstract/brucker.ea-secure-2012
5. Compagna, L., Guilleminot, P., and Brucker, A. D. “Business Process Compliance via Security Validation as a Service” ieee Sixth international conference on software testing, verification and validation (icst) (2013): 455–462. doi:10.1109/ICST.2013.63, URL: http://www.brucker.ch/bibliography/abstract/compagna.ea-bp-compliance-2013
6. Brucker, A. D. “Integrating Security Aspects into Business Process Models” it - Information Technology 55, no. 6 (2013): 239–246. doi:10.1524/itit.2013.2004, URL: http://www.brucker.ch/bibliography/abstract/brucker-securebpmn-2013