Secure business process model specification through a UML 2.0 activity diagram profile

Business processes have become important resources, both for an enterprise's performance and to enable it to maintain its competitiveness. The languages used for business process representation have, in recent years, been improved and new notations have appeared. However, despite the wide acceptance of the importance of business process security, to date the business analyst perspective in relation to security has hardly been dealt with. Moreover, security requirements cannot be represented in modern business process modeling notations.In this paper, we present an extension of UML 2.0 activity diagrams which will allow security requirements to be specified in business processes. Our proposal, denominated as BPSec (Business Process Security), is Model Driven Architecture compliant since it is possible to obtain a set of UML artifacts (Platform Independent Model-PIM) used in software development from a Secure Business Process model specification (Computation Independent Model-CIM). We also present the application of our approach to an example based on a typical health care institution, in which our M-BPSec method is employed as a framework for the use of our UML extension.     

Model-based early and rapid estimation of COSMIC functional size – An experimental evaluation

ContextFunctional size measurement methods are widely used but have two major shortcomings: they require a complete and detailed knowledge of user requirements, and they involve relatively expensive and lengthy processes.ObjectiveUML is routinely used in the software industry to effectively describe software requirements in an incremental way, so UML models grow in detail and completeness through the requirements analysis phase. Here, we aim at defining the characteristics of increasingly more refined UML requirements models that support increasingly more sophisticated – hence presumably more accurate – size estimation processes.MethodWe consider the COSMIC method and three alternative processes (two of which are proposed in this paper) to estimate COSMIC size measures that can be applied to UML diagrams at progressive stages of the requirements definition phase. Then, we check the accuracy of the estimates by comparing the results obtained on a set of projects to the functional size values obtained with the standard COSMIC method.ResultsOur analysis shows that it is possible to write increasingly more detailed and complete UML models of user requirements that provide the data required by COSMIC size estimation methods, which in turn yield increasingly more accurate size measure estimates of the modeled software. Initial estimates are based on simple models and are obtained quickly and with little effort. The estimates increase their accuracy as models grow in completeness and detail, i.e., as the requirements definition phase progresses.ConclusionDevelopers that use UML for requirements modeling can obtain an early estimation of the application size at the beginning of the development process, when only a very simple UML model has been built for the application, and can obtain increasingly more accurate size estimates while the knowledge of the product increases and UML models are refined accordingly.     

Securing business processes using security risk-oriented patterns

Business process modelling and security engineering are two important concerns when developing information system. However current practices report that security is addressed at the later development stages (i.e. design and implementation). This raises a question whether the business processes are performed securely. In this paper, we propose a method to introduce security requirements to the business processes through the collaboration between business and security analysts. To support this collaboration we present a set of security risk-oriented patterns. We test our proposal in two industrial business models. The case findings characterise pattern performance when identifying business assets, risks, and countermeasures.     

An architecture for automatically developing secure OLAP applications from models

ContextDecision makers query enterprise information stored in Data Warehouses (DW) by using tools (such as On-Line Analytical Processing (OLAP) tools) which use specific views or cubes from the corporate DW or Data Marts, based on the multidimensional modeling. Since the information managed is critical, security constraints have to be correctly established in order to avoid unauthorized accesses.ObjectiveIn previous work we have defined a Model-Driven based approach for developing a secure DWs repository by following a relational approach. Nevertheless, is also important to define security constraints in the metadata layer that connects the DWs repository with the OLAP tools, that is, over the same multidimensional structures that final users manage. This paper defines a proposal to develop secure OLAP applications and incorporates it into our previous approach.MethodOur proposal is composed of models and transformations. Our models have been defined using the extension capabilities from UML (conceptual model) and extending the OLAP package of CWM with security (logical model). Transformations have been defined by using a graphical notation and implemented into QVT and MOFScript. Finally, this proposal has been evaluated through case studies.ResultsA complete MDA architecture for developing secure OLAP applications. The main contributions of this paper are: improvement of a UML profile for conceptual modeling; definition of a logical metamodel for OLAP applications; and definition and implementation of transformations from conceptual to logical models, and from logical models to the secure implementation into a specific OLAP tool (SSAS).ConclusionOur proposal allows us to develop secure OLAP applications, providing a complete MDA architecture composed of several security models and automatic transformations towards the final secure implementation. Security aspects are early identified and fitted into a most robust solution that provides us a better information assurance and a saving of time in maintenance.     

A complete approach for CIM modelling and model formalising

ContextComputation Independent Model (CIM) as a business model describes the requirements and environment of a business system and instructs the designing and development; it is a key to influencing software success. Although many studies currently focus on model driven development (MDD); those researches, to a large extent, study the PIM-level and PSM-level model, and few have dealt with CIM-level modelling for case in which the requirements are unclear or incomplete.ObjectiveThis paper proposes a CIM-level modelling approach, which applies a stepwise refinement approach to modelling the CIM-level model starting from a high-level goal model to a lower-level business process model. A key advantage of our approach is the combination of the requirement model with the business model, which helps software engineers to define business models exactly for cases in which the requirements are unclear or incomplete.MethodThis paper, based on the model driven approach, proposes a set of models at the CIM-level and model transformations to connect these models. Accordingly, the formalisation approach of this paper involves formalising the goal model using the category theory and the scenario model and business process model using Petri nets.ResultsWe have defined a set of metamodels and transformation rules making it possible to obtain automatically a scenario model from the goal model and a business process model from the scenario model. At the same time, we have defined a mapping rule to formalise these models. Our proposed CIM modelling approach and formalisation approach are implemented with an MDA tool, and it has been empirically validated by a travel agency case study.ConclusionThis study shows how a CIM modelling approach helps to build a complete and consistent model at the CIM level for cases in which the requirements are unclear or incomplete in advance.     

Development of Secure XML Data Warehouses with QVT

ContextData warehouses are systems which integrate heterogeneous sources to support the decision making process. Data from the Web is becoming increasingly more important as sources for these systems, which has motivated the extensive use of XML to facilitate data and metadata interchange among heterogeneous data sources from the Web and the data warehouse. However, the business information that data warehouses manage is highly sensitive and must, therefore, be carefully protected. Security is thus a key issue in the design of data warehouses, regardless of the implementation technology. It is important to note that the idiosyncrasy of the unstructured and semi-structured data requires particular security rules that have been specifically tailored to these systems in order to permit their particularities to be captured correctly. Unfortunately, although security issues have been considered in the development of traditional data warehouses, current research lacks approaches with which to consider security when the target platform is based on XML technology.ObjectiveWe shall focus on defining transformations to obtain a secure XML Schema from the conceptual multidimensional model of a data warehouse.MethodWe have first defined the rationale behind the transformation rules and how they have been developed in natural language, and we have then established them clearly and formally by using the QVT language. Finally, in order to validate our proposal we have carried out a case study.ResultsWe have proposed an approach for the model driven development of Secure XML Data Warehouses, defining a set of QVT transformation rules.ConclusionThe main benefit of our proposal is that it is possible to model security requirements together with the conceptual model of the data warehouse during the early stages of a project, and automatically obtain the corresponding implementation for XML.     

A measurement method for sizing the structure of UML sequence diagrams

ContextThe COSMIC functional size measurement method on UML diagrams has been investigated as a means to estimate the software effort early in the software development life cycle. Like other functional size measurement methods, the COSMIC method takes into account the data movements in the UML sequence diagrams for example, but does not consider the data manipulations in the control structure. This paper explores software sizing at a finer level of granularity by taking into account the structural aspect of a sequence diagram in order to quantify its structural size. These functional and structural sizes can then be used as distinct independent variables to improve effort estimation models.ObjectiveThe objective is to design an improved measurement of the size of the UML sequence diagrams by taking into account the data manipulations represented by the structure of the sequence diagram, which will be referred to as their structural size.MethodWhile the design of COSMIC defines the functional size of a functional process at a high level of granularity (i.e. the data movements), the structural size of a sequence diagram is defined at a finer level of granularity: the size of the flow graph of their control structure described through the alt, opt and loop constructs. This new measurement method was designed by following the process recommended in Software Metrics and Software Metrology (Abran, 2010).ResultsThe size of sequence diagrams can now be measured from two perspectives, both functional and structural, and at different levels of granularity with distinct measurement units.ConclusionIt is now feasible to measure the size of functional requirements at two levels of granularity: at an abstract level, the software functional size can be measured in terms of COSMIC Function Point (CFP) units; and at a detailed level, the software structural size can be measured in terms of Control Structure Manipulation (CSM) units. These measures represent complementary aspects of software size and can be used as distinct independent variables to improve effort estimation models.     

Using intentional fragments to bridge the gap between organizational and intentional levels

ContextBusiness process models provide a natural way to describe real-world processes to be supported by software-intensive systems. These models can be used to analyze processes in the system-as-is and describe potential improvements for the system-to-be. But, how well does a given business process model satisfy its business goals? How can different perspectives be integrated in order to describe an inter-organizational process?ObjectiveThe aim of the present paper is to link the local and the global perspectives of the inter-organizational business process defined in BPMN 2.0 (Business Process Model and Notation) to KAOS goal models (Keep All Objectives Satisfied). We maintain a separation of concerns between the intentional level captured by the goal model and the organizational level captured by the process model. The paper presents the concept of intentional fragment (a set of flow elements of the process with a common purpose) and assess its usefulness.MethodWe conducted empirical experiments where the proposed concepts – here the intentional fragments – are validated by users. Our method relies on an iterative improvement process led by users feedback.ResultsWe find that the concept of intentional fragment is useful for (1) analyzing the business process model (2) reasoning about the relations between the goal model and the business process model and (3) identifying new goals. In a previous work we focused on BPMN 2.0 collaboration models (local view). This paper extends the previous work by integrating the global view given by choreography models in the approach.ConclusionWe conclude that the notion of intentional fragment is a useful mean to relate business process models and goal models while dealing with their different nature (activity oriented vs goal oriented). Intentional fragments can also be used to analyze the process model and to infer new goals in an iterative manner.     

A UML-based static verification framework for security

Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language.     

Embedding requirements within Model-Driven Architecture

Model-Driven Architecture (MDA) brings benefits to software development, among them the potential for connecting software models with the business domain. This paper focuses on the upstream or Computation-Independent Model (CIM) phase of MDA. Our contention is that, whilst there are many models and notations available within the CIM phase, those that are currently popular and supported by the Object Management Group (OMG) may not be the most useful notations for business analysts nor sufficient to fully support software requirements and specification. Therefore, with specific emphasis on the value of the Business Process Modelling Notation (BPMN) for business analysts, this paper provides an example of a typical CIM approach before describing an approach that incorporates specific requirements techniques. A framework extension to MDA is then introduced, which embeds requirements and specification within the CIM, thus further enhancing the utility of MDA by providing a more complete method for business analysis.     

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

ContextThe use of Business Process Management Systems (BPMS) has emerged in the IT arena for the automation of business processes. In the majority of cases, the issue of security is overlooked by default in these systems, and hence the potential cost and consequences of the materialization of threats could produce catastrophic loss for organizations. Therefore, the early selection of security controls that mitigate risks is a real and important necessity. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. Furthermore, configurations are carried out separately from the organization perspective and involve many security stakeholders. This separation makes difficult to ensure the effectiveness of the configuration with regard to organizational requirements.ObjectiveIn this paper, we strive to provide security stakeholders with automated tools for the optimal selection of IT security configurations in accordance with a range of business process scenarios and organizational multi-criteria.MethodAn approach based on feature model analysis and constraint programming techniques is presented, which enable the automated analysis and selection of optimal security configurations.ResultsA catalogue of feature models is determined by analyzing typical IT security controls for BPMSs for the enforcement of the standard goals of security: integrity, confidentiality, availability, authorization, and authentication. These feature models have been implemented through constraint programs, and Constraint Programming techniques based on optimized and non-optimized searches are used to automate the selection and generation of configurations. In order to compare the results of the determination of configuration a comparative analysis is given.ConclusionIn this paper, we present innovative tools based on feature models, Constraint Programming and multi-objective techniques that enable the agile, adaptable and automatic selection and generation of security configurations in accordance with the needs of the organization.     

Agile enterprise architecture modelling: Evaluating the applicability and integration of six modelling standards

ContextAgile enterprise architecture artefacts are initially architected at the high-level and the details of those artefacts iteratively evolve in small project increments. There is a need to model agile enterprise architecture artefacts both at the high and low detailed level for a particular context. ArchiMate is relatively a new high-level architecture modelling standard. There is a growing interest amongst organisations in applying ArchiMate for high-level agile enterprise architecture modelling. However, organisations are unsure how to effectively apply ArchiMate at high-level and integrate it with their existing low detailed level modelling standards in practice for supporting end-to-end agile enterprise architecture modelling.ObjectiveThis paper evaluates the applicability and integration of high-level ArchiMate modelling standard with the existing low-level modelling standards such as BPMN (Business Process Model and Notation), UML (Unified Modelling Language), FAML (FAME [Framework for Agent-Oriented Method Engineering] Language), SoaML (Service Oriented Architecture Modelling Language), and BMM (Business Motivation Model).MethodA qualitative questionnaire-based evaluation criteria has been developed based on the well-known and comprehensive The Open Group Architecture Framework (TOGAF). The evaluation criteria has been applied to evaluate the applicability and integration of the selected six modelling standards from the business, application, infrastructure and extension perspectives.ResultsEach modelling standard is different in scope. A single modelling standard usually does not provide the kind of support required by the agile enterprise architecture modelling. Based on the review results, a hybrid enterprise architecture modelling approach is proposed. This paper demonstrates the application of the proposed hybrid approach with the help of an agile enterprise architecture modelling case study.ConclusionIt is concluded that the ArchiMate does not replace the existing low-level modelling standards, rather it can be used in conjunction with low-level modelling standards. This calls for the adoption of hybrid and integrated approach for agile enterprise architecture modelling.     

Requirements engineering for e-business advantage

As a means of contributing to the achievement of business advantage for companies engaging in e-business, we propose a requirements engineering framework that incorporates a business strategy dimension. We employ Jackson’s Problem Frames approach, goal modeling, and business process modeling (BPM) to achieve this. Jackson’s context diagrams, used to represent business model context, are integrated with goal models to describe the requirements of the business strategy. We leverage the paradigm of projection in both approaches as a means of simultaneously decomposing both the requirement and context parts, from an abstract business level to concrete system requirements. Our approach maintains traceability to high-level business objectives via contribution relationship links in the goal model. We integrate use of role activity diagrams to describe business processes in detail where needed. The feasibility of our approach is shown by a well-known case study taken from the literature.     

A language-independent and formal approach to pattern-based modelling with support for composition and analysis

ContextPatterns are used in different disciplines as a way to record expert knowledge for problem solving in specific areas. Their systematic use in Software Engineering promotes quality, standardization, reusability and maintainability of software artefacts. The full realisation of their power is however hindered by the lack of a standard formalization of the notion of pattern.ObjectiveOur goal is to provide a language-independent formalization of the notion of pattern, so that it allows its application to different modelling languages and tools, as well as generic methods to enable pattern discovery, instantiation, composition, and conflict analysis.MethodFor this purpose, we present a new visual and formal, language-independent approach to the specification of patterns. The approach is formulated in a general way, based on graphs and category theory, and allows the specification of patterns in terms of (nested) variable submodels, constraints on their allowed variance, and inter-pattern synchronization across several diagrams (e.g. class and sequence diagrams for UML design patterns).ResultsWe provide a formal notion of pattern satisfaction by models and propose mechanisms to suggest model transformations so that models become consistent with the patterns. We define methods for pattern composition, and conflict analysis. We illustrate our proposal on UML design patterns, and discuss its generality and applicability on different types of patterns, e.g. workflow patterns, enterprise integration patterns and interaction patterns.ConclusionThe approach has proven to be powerful enough to formalize patterns from different domains, providing methods to analyse conflicts and dependencies that usually are expressed only in textual form. Its language independence makes it suitable for integration in meta-modelling tools and for use in Model-Driven Engineering.     

Empirical studies concerning the maintenance of UML diagrams and their use in the maintenance of code: A systematic mapping study

ContextThe Unified Modelling Language (UML) has, after ten years, become established as the de facto standard for the modelling of object-oriented software systems. It is therefore relevant to investigate whether its use is important as regards the costs involved in its implantation in industry being worthwhile.MethodWe have carried out a systematic mapping study to collect the empirical studies published in order to discover “What is the current existing empirical evidence with regard to the use of UML diagrams in source code maintenance and the maintenance of the UML diagrams themselves?ResultsWe found 38 papers, which contained 63 experiments and 3 case studies.ConclusionAlthough there is common belief that the use of UML is beneficial for source code maintenance, since the quality of the modifications is greater when UML diagrams are available, only 3 papers concerning this issue have been published. Most research (60 empirical studies) concerns the maintainability and comprehensibility of the UML diagrams themselves which form part of the system’s documentation, since it is assumed that they may influence source code maintainability, although this has not been empirically validated. Moreover, the generalizability of the majority of the experiments is questionable given the material, tasks and subjects used. There is thus a need for more experiments and case studies to be performed in industrial contexts, i.e., with real systems and using maintenance tasks conducted by practitioners under real conditions that truly show the utility of UML diagrams in maintaining code, and that the fact that a diagram is more comprehensible or modifiable influences the maintainability of the code itself. This utility should also be studied from the viewpoint of cost and productivity, and the consistent and simultaneous maintenance of diagrams and code must also be considered in future empirical studies.     

Security requirement analysis of business processes

Economic globalization leads to complex decentralized company structures calling for the extensive use of distributed IT-systems. The business processes of a company have to reflect these changes of infrastructure. In particular, due to new electronic applications and the inclusion of a higher number of—potentially unknown—persons, the business processes are more vulnerable against malicious attacks than traditional processes. Thus, a business should undergo a security analysis. Here, the vulnerabilities of the business process are recognized, the risks resulting from the vulnerabilities are calculated, and suitable safeguards reducing the vulnerabilities are selected. Unfortunately, a security analysis tends to be complex and affords expensive security expert support. In order to reduce the expense and to enable domain experts with in-depth insight in business processes but with limited knowledge about security to develop secure business processes, we developed the framework MoSS_BP facilitating the handling of business process security requirements from their specification to their realization. In particular, MoSS _BP provides graphical concepts to specify security requirements, repositories of various mechanisms enforcing the security requirements, and a collection of reference models and case studies enabling the modification of the business processes. In this paper, the MoSS _BP -framework is presented. Additionally, we introduce a tool supporting the MoSS_BP-related security analysis of business processes and the incorporation of safeguards. This tool is based on object-oriented process models and acts with graph rewrite systems. Finally, we clarify the application of the MoSS_BP-framework by means of a business process for tender-handling which is provided by anonymity-preserving safeguards. Peter Herrmann studied computer science at the University of Karlsruhe, Germany (diploma in 1990). Afterwards, he worked as a Ph.D. student (doctorate in 1997) and postdoctoral researcher in the Computer Networks and Distributed Systems Group of the Computer Science Department at the University of Dortmund, Germany. Since 2005 he is a full professor for formal methods at the Department for Telematics of the Norwegian University of Science and Technology (NTNU) in Trondheim, Norway. His research interests include the formal-based development of networked systems and the engineering of distributed services. Moreover, he is interested in security and trust aspects of component structured distributed software. Gaby Herrmann studied computer science at the University of Karlsruhe, Germany (diploma in 1991). Afterwards, she worked as a researcher in the Communication Group and the Information Systems Group at University of Duisburg-Essen (Doctorate in 2001, topic: security of business processes). Since 2000 she works as executive secretary at the Department of Economics, Business Studies and Computer Sciences at the same university.     

Tools for secure systems development with UML

For model-based development to be a success in practice, it needs to have a convincing added-value associated with its use. Our goal is to provide such added-value by developing tool-support for the analysis of UML models against difficult system requirements. Towards this goal, we describe a UML verification framework supporting the construction of automated requirements analysis tools for UML diagrams. The framework is connected to industrial CASE tools using XMI and allows convenient access to this data and to the human user. As a particular example, we present plugins for verifying models defined using the security extension UMLsec of UML. The verification framework allows advanced users of the UMLsec approach to themselves implement verification routines for the constraints of self-defined stereotypes. In particular, we focus on an analysis plug-in that utilizes the model-checker Spin to verify security properties of cryptography-based systems.     

A metamodel to integrate business processes time perspective in BPMN 2.0

ContextBusiness Process Management (BPM) is becoming a strategic advantage for organizations to streamline their operations. Most business experts are betting for OMG Business Process Model and Notation (BPMN) as de-facto standard (ISO/IEC 19510:2013) and selected technology to model processes. The temporal dimension underlies in any kind of process however, technicians need to shape this perspective that must also coexist with task control flow aspects, as well as resource and case perspectives. BPMN poorly gathers temporary rules. This is why there are contributions that extend the standard to cover such dimension. BPMN is mainly an imperative language. There are research contributions showing time constraints in BPMN, such as (i) BPMN patterns to express each rule with a combination of artifacts, thus these approaches increase the use of imperative BPMN style, and (ii) new decorators to capture time rules semantics giving clearer and simpler comprehensible specifications. Nevertheless, these extensions cannot yet be found in the present standard.ObjectiveTo define a time rule taxonomy easily found in most business processes and look for an approach that applies each rule with current BPMN 2.0 standard in a declarative way.MethodA model-driven approach is used to propose a BPMN metamodel extension to address time-perspective.ResultsWe look at a declarative approach where new time specifications may overlie the main control flow of a BPMN process. This proposal is totally supported with current BPMN standard, giving a BPMN metamodel extension with OCL constraints. We also use AQUA-WS as a software project case study which is planned and managed with MS Project. We illustrate business process extraction from project plans.ConclusionThis paper suggests to handle business temporal rules with current BPMN standard, along with other business perspectives like resources and cases. This approach can be applied to reverse engineering processes from legacy databases.     

Exploiting Visual Languages Generation and UML Meta Modeling to Construct Meta-CASE Workbenches

In the paper we propose an approach for the construction of meta-CASE workbenches. The approach is based on the technology of visual language generation systems and on UML meta modeling. Visual modeling environments are generated starting from UML class diagrams specifying abstract syntax of the underlying visual language. The meta-CASE generates a workbench by integrating a set of visual modeling environments through inter-consistency constraints defined on the corresponding UML class diagrams.     

Managing the alignment between business processes and software systems

ContextThe alignment degree existing between a business process and the supporting software systems strongly affects the performance of the business process execution. Methodologies and tools are needed for detecting the alignment level and keeping a business process aligned with the supporting software systems even when they evolve.ObjectiveThis paper aims to provide an adequate support for managing such a kind of alignment and suggesting evolution actions if misalignment is detected. It proposes an approach including modeling and measuring activities for evaluating the alignment level and suggesting evolution activities, if needed.MethodThe proposed approach is composed of three main phases. The first phase regards the modeling of business process and software systems supporting it by applying a modeling notation based on UML and adequately extended for representing business processes. The second phase concerns the evaluation of the alignment degree through the assessment of a set of metrics codifying the alignment concept. Finally, the last phase analyses the evaluation results for suggesting evolution activities if misalignment is detected.ResultsThe paper analyses the application of the proposed approach to a case study regarding a working business process and related software system. The obtained results provided useful suggestion for evolving the supporting software system and improving the alignment level existing between them and the supported business process.ConclusionThe approach contributes in all phases of the process and software system evolution, even if its improvement can be needed for identifying the impact of the changes. The proposed approach facilitates the understanding of business processes, software systems and related models. This favors the interaction of the software and business analysts, as it was possible to better formulate the interviews to be conducted with regard to the objectives and, thus, to collect the required data.