%0 Journal Article %@ 18650929 %A Saleem, M.Q. %A Jaafar, J. %A Hassan, M.F. %C Kuantan %D 2011 %F scholars:1995 %J Communications in Computer and Information Science %K Booking systems; Business Process; Business process model; Business process modeling; Business process modelling; Cross-domain; General purpose; Model Driven Architecture; Model elements; Modelling language; Proof of work; Security experts; Security implementations; Security Intents; Security modeling; Security requirements; Security risks; Service Oriented; UML profiles; Web information systems; Web Services technologies, DSL; Information analysis; Information services; Mathematical models; Reservation systems; Service oriented architecture (SOA); Software architecture; User interfaces; Web services, Network security %N PART 3 %P 176-190 %R 10.1007/978-3-642-22203-0₁₆ %T Security modeling of SOA system using security intent DSL %U https://khub.utp.edu.my/scholars/1995/ %V 181 CC %X Currently most of the enterprises are using SOA and Web Services technologies to build their web information system. MDA principles are used to develop web service and they used UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts. Furthermore SOA security is cross-domain and all required information are not available at downstream phases. General purpose modelling language like UML lacks the model elements to define the security requirements of the business processes. As a result, business process expert either ignore the security intents in their model or indicate them in textual way. A security intents DSL is presented as a UML profile where security intents can be modelled as stereotypes on UML modelling elements during the business process modelling. Aim is to facilitate the business process expert in modelling the security requirements along the business process modelling. This security annotated business process model will facilitate the security expert in specifying the concrete security implementation. As a proof of work we apply our approach to a typical on-line flight booking system business process. © 2011 Springer-Verlag. %Z cited By 0; Conference of 2nd International Conference on Software Engineering and Computer Systems, ICSECS 2011 ; Conference Date: 27 June 2011 Through 29 June 2011; Conference Code:85603