eprintid: 3210
rev_number: 2
eprint_status: archive
userid: 1
dir: disk0/00/00/32/10
datestamp: 2023-11-09 15:51:28
lastmod: 2023-11-09 15:51:28
status_changed: 2023-11-09 15:45:14
type: article
metadata_visibility: show
creators_name: Saleem, M.Q.
creators_name: Jaafar, J.B.
creators_name: Hassan, M.F.
title: A domain-specific language for modelling security objectives in a business process models of SOA applications
ispublished: pub
keywords: Business process modelling; Domain specific languages; Model driven security; Security goals; Service Oriented, Information analysis; Information services; Information systems; Problem oriented languages; Service oriented architecture (SOA), Mathematical models
note: cited By 37
abstract: Business process modelling is very crucial for enterprises because it give an idea how the business would be operated in the real world and it is important for every stakeholder. SOA is one of the most popular architecture for building Web Information Systems. In current SOA system development practices, security is not defined at the early phases of software development and left on the developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts, furthermore SOA security is cross-domain and all required information are not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on resulting SOA applications. Business process modelling is normally performed by the Business Process expert who is not a security expert. Furthermore current business process modelling languages like UML or BPMN do not support the specification of security requirements along the business process modelling. We have presented a DSL, to model the security requirements along the business process model. We are facilitating the Business Process expert to model the security in business process diagram. This security annotated business process model will facilitate the security expert in specifying concrete security implementation. As a proof of work the proposed DSL is applied to the modeling of a typical business process of "on-line student information system".
date: 2012
official_url: https://www.scopus.com/inward/record.uri?eid=2-s2.0-84856582306&doi=10.4156%2fAISS.vol4.issue1.45&partnerID=40&md5=3898bf6a3315098bd6f308caecaeb594
id_number: 10.4156/AISS.vol4.issue1.45
full_text_status: none
publication: Advances in Information Sciences and Service Sciences
volume: 4
number: 1
pagerange: 353-362
refereed: TRUE
issn: 19763700
citation:   Saleem, M.Q. and Jaafar, J.B. and Hassan, M.F.  (2012) A domain-specific language for modelling security objectives in a business process models of SOA applications.  Advances in Information Sciences and Service Sciences, 4 (1).  pp. 353-362.  ISSN 19763700