Towards Business Process-Driven Framework for Security Engineering with the UML

TitleTowards Business Process-Driven Framework for Security Engineering with the UML
Publication TypeConference Paper
Year of Publication2003
AuthorsJ. L. Vivas, J. A. Montenegro, and J. Lopez
Conference Name6th International Conference on Information Security (ISC’03)
Series TitleLNCS
Volume2851
Pagination381-395
Date PublishedOctober
PublisherSpringer-Verlag
Conference LocationBristol, U.K.
ISBN Number1-4020-7449-2
Abstract

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is commonly at the business process level that customers and end users are able to express their security needs. In addition, systems are often developed by automating existing manual business processes. Since many security notions belongs conceptually to the world of business processes, it is natural to try to capture and express them in the context of business models in which moreover customers and end users feel most comfortable. In this paper, based on experience drawn from an ongoing work within the CASENET project \cite{CASENET}, we propose a UML-based business process-driven framework for the development of security-critical systems.

Citation Keyjosevivas2003
Paper File: 
https://nics.uma.es:8082/sites/default/files/papers/josevivas2003.pdf