Obtaining Use Cases and Security Use Cases from Secure Business Process through the MDA Approach

Alfonso Rodríguez, Ignacio García-Rodríguez de Guzmán

Abstract

MDA is an approach based on the transformation of models for software development. It is complemented with QVT as a language for transformations specifications. This approach is being paid much attention by researchers and practitioners since it promotes the early specification of requirements at high levels of abstractions, independently of computation, that will be later part of models closer to the software solution. Taking into account this approach, we can create business process models incorporating requirements, even those of security, that will be later part of more concrete models. In our proposal, based on MDA, we start from secure business process specifications and through transformations specified with QVT, we obtain use cases and security use cases. Such artifacts complement the first stages of an ordered and systematic software development process such as UP.

References

  1. Aguilar-Savén, R. S.; Business process modelling: Review and framework, International Journal of Production Economics. Vol. 90 (2). (2004). pp.129-149.
  2. Alexander, I. F.; Misuse Cases: Use Cases with Hostile Intent, IEEE Software. Vol. 20 (1). (2003). pp.58-66.
  3. Backes, M., Pfitzmann, B. and Waider, M.; Security in Business Process Engineering, International Conference on Business Process Management (BPM). Vol. 2678, LNCS. Eindhoven, Netherlands. (2003). pp.168-183.
  4. Dijkman, R. M. and Joosten, S. M. M.; An Algorithm to Derive Use Cases from Business Processes, 6th IASTED International Conference on Software Engineering and Applications (SEA). Boston, MA, USA,. (2002). pp.679-684.
  5. Eriksson, H.-E. and Penker, M., Business Modeling with UML, OMG Press. (2001).
  6. Firesmith, D.; Security Use Case, Journal of Object Technology. Vol. 2 (3). (2003). pp.53- 64.
  7. Firesmith, D.; Specifying Reusable Security Requirements, Journal of Object Technology. Vol. 3 (1), January-February. (2004). pp.61-75.
  8. Herrmann, G. and Pernul, G.; Viewing Business Process Security from Different Perspectives, 11th International Bled Electronic Commerce Conference. Slovenia. (1998). pp.89-103.
  9. Herrmann, P. and Herrmann, G.; Security requirement analysis of business processes, Electronic Commerce Research. Vol. 6 (3-4). (2006). pp.305-335.
  10. Jacobson, I., Booch, G. and Rumbaugh, J., The Unified Software Development Process, (1999). 463 p.
  11. Jürjens, J.; Using UMLsec and goal trees for secure systems development, Proceedings of the 2002 ACM Symposium on Applied Computing (SAC). Madrid, Spain. (2002). pp.1026- 1030.
  12. Liew, P., Kontogiannis, P. and Tong, T.; A Framework for Business Model Driven Development, 12 International Workshop on Software Technology and Engineering Practice (STEP). (2004). pp.47-56.
  13. Lopez, J., Montenegro, J. A., Vivas, J. L., Okamoto, E. and Dawson, E.; Specification and design of advanced authentication and authorization services, Computer Standards & Interfaces. Vol. 27 (5). (2005). pp.467-478.
  14. Maña, A., Montenegro, J. A., Rudolph, C. and Vivas, J. L.; A business process-driven approach to security engineering, 14th. International Workshop on Database and Expert Systems Applications (DEXA). Prague, Czech Republic. (2003). pp.477-481.
  15. Monfort, V. and Kadima, H.; Extending The Unified Process With Composition, Electronic Notes in Theoretical Computer Science. Vol. 65 (4). (2002). pp.1-13.
  16. Object Management Group; MDA Guide Version 1.0.1. In http://www.omg.org/docs/omg/03-06-01.pdf. (2003).
  17. Quirchmayr, G.; Survivability and Business Continuity Management, ACSW Frontiers 2004 Workshops. Dunedin, New Zealand. (2004). pp.3-6.
  18. QVT, Meta Object Facility (MOF) 2.0 Query/View/Transformation Specification, OMG Adopted Specification ptc/05-11-01, (2005). 204 p.
  19. Rodríguez, A., Fernández-Medina, E. and Piattini, M.; Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes, 3rd International Conference on Trust, Privacy and Security in Digital Business (TrustBus). Vol. 4083. Krakow-Poland. (2006). pp.51-61.
  20. Röhm, A. W., Pernul, G. and Herrmann, G.; Modelling Secure and Fair Electronic Commerce, 14th. Annual Computer Security Applications Conference. Scottsdale, Arizona. (1998). pp.155-164.
  21. Roser, S. and Bauer, B.; A Categorization of Collaborative Business Process Modeling Techniques, 7th IEEE International Conference on E-Commerce Technology Workshops (CEC 2005). Munchen, Germany. (2005). pp.43-54.
  22. Rungworawut, W. and Senivongse, T.; A Guideline to Mapping Business Processes to UML Class Diagrams, WSEAS Transactions on Computers. Vol. 4 (11). (2005). pp.1526- 1533.
  23. Sindre, G. and Opdahl, A.; Capturing Security Requirements through Misuse Cases, Proceedings of Norsk informatikkonferanse (NIK). Trondheim, Norway. (2001). pp.219- 230.
  24. Štolfa, S. and Vondrák, I.; A Description of Business Process Modeling as a Tool for Definition of Requirements Specification, Systems Integration 12th Annual International Conference. Prague, Czech Republic. (2004). pp.463-469.
  25. Vivas, J. L., Montenegro, J. A. and Lopez, J.; Towards a Business Process-Driven Framework for security Engineering with the UML, Information Security: 6th International Conference, ISC. Bristol, U.K. (2003). pp.381-395.
Download


Paper Citation


in Harvard Style

Rodríguez A. and García-Rodríguez de Guzmán I. (2007). Obtaining Use Cases and Security Use Cases from Secure Business Process through the MDA Approach . In Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007) ISBN 978-972-8865-96-2, pages 209-219. DOI: 10.5220/0002421502090219


in Bibtex Style

@conference{wosis07,
author={Alfonso Rodríguez and Ignacio García-Rodríguez de Guzmán},
title={Obtaining Use Cases and Security Use Cases from Secure Business Process through the MDA Approach},
booktitle={Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)},
year={2007},
pages={209-219},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002421502090219},
isbn={978-972-8865-96-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)
TI - Obtaining Use Cases and Security Use Cases from Secure Business Process through the MDA Approach
SN - 978-972-8865-96-2
AU - Rodríguez A.
AU - García-Rodríguez de Guzmán I.
PY - 2007
SP - 209
EP - 219
DO - 10.5220/0002421502090219