Integrating Security Aspects into Business Process Models
it - Information Technology
Achim D. Brucker is a Senior Researcher and Project Lead in the "Product Security Research Team" as well as a member of the "Code Analysis Team" of SAP AG. His research interests include security, software engineering, and formal methods. In particular, he is interested in tools and methods for modelling, building, validating, and verifying secure and reliable systems. He also participates in the OCL standardisation process of the OMG. Further information can be found on his website:
... website: http://www.brucker.ch. Abstract Modern enterprise systems are often process-driven and, thus, rely heavily on process-aware information systems. In such systems, high-level process-models play an important role both for communicating business requirements between domain experts and system experts as well as basis for the system implementation. Since several years, enterprise system need to fulfil an increasing number of the security and compliance requirements. Thus, there is an increasing demand for integrating high-level security and compliance requirements into process models, i. e., a common language for domain experts, system experts, and security experts. We present a security modelling language, called SecureBPMN, that can easily be integrated into business process modelling languages. In this paper, we exemplary integrate SecureBPMN into BPMN and, thus, present a common language for describing business process models together with their security and compliance requirements.