Logo des Repositoriums
 

Integrating BPMN- and UML-based Security Engineering via Model Transformation

dc.contributor.authorRamadan, Qusai
dc.contributor.authorSalnitri, Mattia
dc.contributor.authorStrüber, Daniel
dc.contributor.authorJürjens, Jan
dc.contributor.authorGiorgini, Paolo
dc.contributor.editorTichy, Matthias
dc.contributor.editorBodden, Eric
dc.contributor.editorKuhrmann, Marco
dc.contributor.editorWagner, Stefan
dc.contributor.editorSteghöfer, Jan-Philipp
dc.date.accessioned2019-03-29T10:24:04Z
dc.date.available2019-03-29T10:24:04Z
dc.date.issued2018
dc.description.abstractWe present our paper from the proceedings of 2017 edition of the MODELS conference. Tracing and integrating security requirements throughout the development process is a key challenge in security engineering. In socio-technical systems, security requirements for the organizational and technical aspects of a system are currently dealt with separately, giving rise to substantial misconceptions and errors. In this paper, we present a model-based security engineering framework for supporting the system design on the organizational and technical level. The key idea is to allow the involved experts to specify security requirements in the languages they are familiar with: business analysts use BPMN for procedural system descriptions; system developers use UML to design and implement the system architecture. Security requirements are captured via the language extensions SecBPMN2 and UMLsec. We provide a model transformation to bridge the conceptual gap between SecBPMN2 and UMLsec. Using UMLsec policies, various security properties of the resulting architecture can be verified. In a case study featuring an air traffic management system, we show how our framework can be practically applied.en
dc.identifier.isbn978-3-88579-673-2
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/21132
dc.language.isoen
dc.publisherGesellschaft für Informatik
dc.relation.ispartofSoftware Engineering und Software Management 2018
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-279
dc.subjectsocio-technical systems
dc.subjectsecurity by design
dc.subjecttraceability
dc.subjectmodel transformation
dc.subjectBPMN
dc.subjectUML
dc.titleIntegrating BPMN- and UML-based Security Engineering via Model Transformationen
dc.typeText/Conference Paper
gi.citation.endPage64
gi.citation.publisherPlaceBonn
gi.citation.startPage63
gi.conference.date5.-9. März 2018
gi.conference.locationUlm
gi.conference.sessiontitleSoftware Engineering 2018 - Wissenschaftliches Hauptprogramm

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
A1-29.pdf
Größe:
52.92 KB
Format:
Adobe Portable Document Format