[1] A. Rodr ́ıguez, E. Ferna ́ndez-Medina, and M. Piattini. Towards a uml 2.0 extension for the modeling of security requirements in business processes. In S. Fischer-Hu ̈bner, S. Furnell, and C. Lambrinoudakis, editors, TrustBus, volume 4083 of Lecture Notes in Computer Science, pages 51–61. Springer, 2006.
This paper presents an extension to UML 2.0 that can integrate security recruitments in the business process model. The paper started with showing the importance of security and the growth of BPM, then showed that security is usually neglected at the beginning and how that might lead to security complications. Moreover it explained the reason of choosing UML among all modelling languages.
On the second section the paper went into showing how important is security to BPM, and showed that there are two problems in this field; first that modelling has not been adequate yet, and the second that security usually not considered till actual implementation process. Moreover it compeered this work to other works related to security and BPM. In section 3 it briefly presented an overview of UML 2.0 and extensions.
Section 4 proposed the extension to represent security requirements in the model; the extension made use of the stereotypes by adding «SecureActivity» and «SecurityRequirement» which need to be followed by latter to represent the requirement (NR, AD, I, P or AC). also added «SecurityRole» and «SecurityPermissions». Then gave a table explaining all the new data type stereotypes definitions. Finally gave the notation and constrains for each new stereotype. Section 5 presented an example of "admission of patients in a health-care institution" and used this case study to present the new extension and to show how it could help in presenting security requirement in the process model.
The
paper concluded that the new extension allowed for considering security requirements
from the beginning and to include them in the model.
Relation
to research in hand, this paper presented a methodology that can be used to
integrate security requirements in the business process model. it provided an
actual tool that can be used. The paper gave a solution to part of the research
problem by integrating security in modelling, but it was limited to one toll
(UML 2.0), the idea can be useful to extend and be generic that can be used on
any other toll.