eprintid: 3038 rev_number: 2 eprint_status: archive userid: 1 dir: disk0/00/00/30/38 datestamp: 2023-11-09 15:51:17 lastmod: 2023-11-09 15:51:17 status_changed: 2023-11-09 15:44:50 type: article metadata_visibility: show creators_name: Saleem, M.Q. creators_name: Jaafar, J. creators_name: Hassan, M.F. title: Secure business process modelling of SOA applications using "UML-SOA-Sec" ispublished: pub keywords: Booking systems; Business Process; Business process model; Business process modelling; Cross-domain; Design and Development; Domain specific languages; General purpose; High level of abstraction; IS technologies; Model driven architecture; Modelling language; Proof of work; Security experts; Security goals; Security implementations; Security objectives; Security requirements; Security risks; Security standards; System development; Uml profiles, Information analysis; Information services; Reservation systems; Service oriented architecture (SOA); Software architecture; Unified Modeling Language; Web services, Mathematical models note: cited By 7 abstract: Nowadays enterprises are implementing their WIS through SOA using Web services. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA applications, security risks rise exponentially. Security is not defined during the early phases of system development and left onto the developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts. Furthermore, SOA security is cross-domain and all required information is not available at downstream phases. Moreover, focus of the currently available security standards and protocols is technology; they do not provide high level of abstraction. Furthermore, a business process expert, who is the actual stakeholder of the business process model is unable to specify security objectives due to lake of security modelling elements in general purpose modelling languages like UML. As a result, he/she either ignores the security intents in his/her model or indicates them, in textual way. We are fostering the specification of security intents at high level of abstraction by presenting a security intents DSL containing the essential SOA security objective. It is a UML profile where security intents can be modeled as stereotypes on UML modelling elements during the business process modelling. Aim is to facilitate the business process expert in modelling the security requirements along with the business process modelling. This security annotated business process model will facilitate the security expert in specifying the concrete security implementation. As a proof of work vie apply our approach to a typical business process of "on-line flight booking system". © 2012 ICIC International. date: 2012 official_url: https://www.scopus.com/inward/record.uri?eid=2-s2.0-84859177968&partnerID=40&md5=056b361613d5185bfc226168e1e66f55 full_text_status: none publication: International Journal of Innovative Computing, Information and Control volume: 8 number: 4 pagerange: 2729-2746 refereed: TRUE issn: 13494198 citation: Saleem, M.Q. and Jaafar, J. and Hassan, M.F. (2012) Secure business process modelling of SOA applications using "UML-SOA-Sec". International Journal of Innovative Computing, Information and Control, 8 (4). pp. 2729-2746. ISSN 13494198