Towards CIM to PIM transformation: from Secure Business Processes defined by BPMN to Use Cases

1
5th International Conference on Business Process
Management 24-28 September 2007
BrisbaneAustralia

• Towards CIM to PIM transformation from Secure
  Business Processes defined by BPMN to Use Cases

Alfonso Rodríguez University of
Bio-Bio, Chile alfonso_at_ubiobio.cl
Eduardo Fernández-Medina and Mario
Piattini University of Castilla-La Mancha,
Spain Eduardo.FdezMedina, Mario.Piattini_at_uclm.e
s
2
Outline

• Introduction
• Security in Business Process
• CIM to PIM Transformations
• Example
• Conclusions

3
Business Processes are important
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions

• Business processes are a good answer
• to the complexity of an environment
• the speed required by new products and
• the growing number of actors involved in
  activities of an organization.

4
Security is important for enterprises
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions

• The introduction of electronic commerce, with the
  intensive use of communications and information
  technologies, implies that enterprises not only
  expand their businesses but also increase their
  vulnerability
• Although the importance of business process
  security is widely accepted, the business analyst
  perspective in relation to security has hardly
  been dealt
• Identification of security requirements is,
  usually, somewhat confused. However they are, in
  general, identified as functional security
  requirements
• Functional security requirements varies according
  to application types
• Quite the opposite, security requirements do not
  vary at a high level of abstraction

(Firesmith, 2004)
5
Business Processes are useful from the business
and software viewpoint
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions

• In previous work we introduced security
  representation into business processes. For this,
  we extended the BPMN-BPD
• BPSec-Profile was created to allow to capture a
  set of security requirements which had been
  expressed by the business analyst
• BPMN-BPD and BPSec-Profile allow to define a
  Secure Business Process (SBP)
• A SBP that is built by a business analyst is
• useful in the specific business field
• also very useful in a process of software
  construction

6
Transformations
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions

• In order to obtain more concrete models we may
  apply proper transformations
• Model transformation is focused on solving
  problems of time, cost and quality associated
  with software creation.
• For this the Object Management Group (OMG) have
  two proposals
• Model Driven Architecture (MDA) which is a
  framework for software development
• Query/View/Transformations (QVT) which is a
  standard for model transformation

7
In a nutshell
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
Model Driven Architecture
Unified Process (disciplines)
Our Proposal
Secure Business Process Model
BPMN-BPD
Computation Independent Model
C I M
Business Modeling
BPSec Profile
C2P transformations
QVT Rules
Checklist
Refinement rules
Platform Independent Model
P I M
UML Analysis-Level Classes
UML Use Cases
Requirement Analysis Design
Platform Specific Model
P S M
State Diagram Package Diagram (Java/J2EE,
.NET, CORBA)
Implementation
8
Security Requirement
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions

• Access Control It establishes the need to define
  and/or intensify the access control mechanisms to
  restrict access to certain components in an
  activity diagram
• Attack Harm Detection It indicates the degree to
  which the attempt or success of attacks or
  damages is detected, registered and notified
• Non repudiation It establishes the need to avoid
  the denial of any aspect of the interaction
• Integrity It establishes the degree of
  protection of intentional and non authorized
  corruption for components
• Privacy It indicates the degree to which non
  authorized parts are avoided to obtain sensitive
  information

Firesmith, D. Specifying Reusable Security
Requirements (2004)
9
BPSec-Profile and BPMN-BPD elements
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
10
Patient Admissions
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
Privacy (anonymity)
Non Repudiation
Access Control
11
C2P Transformations QVT Rules
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
C2P transformations
QVT Rules
Checklist
Refinement rules

• mapping from Secure Business Process elements to
  Use Case elements.
• For example pool to actor, activity to use case
  or Security requirement to use case

12
QVT Rules(textual notation)
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
transformation BusinessProcessDiagram2UseCaseDiagr
am top relation R1 // from Pool to
Actor checkonly domain bpmn_BusinessprocessDiag
ram pPool namen enforce domain
uml_UseCaseDiagram aActornamen where
ap.containedNode?forAll(cnActivityR4(cn)) to
p relation R2 // from Lane to Actor checkonly
domain bpmn_BusinessProcessDiagram lLane
namen enforce domain uml_UseCaseDiagram
aActornamen where ap.containedNode?forAl
l(cnActivityR4(cn)) relation R4 // from
Activities to Use Case checkonly domain
bpmn_BusinessProcessDiagram acActivity namen,
inPartitionap enforce domain
uml_UseCaseDiagram ucUseCase namen,
subjectACTORS Set(Actor) where
ACTORS?including (aActornameap.name) top
relation R6 // from Security Requirement to
Actor checkonly domain bpsec_BPSec
srSecurityRequirement enforce domain
uml_UseCaseDiagram aActor nameSecurity
Staff
top relation R1 // from Pool to Actor
checkonly domain bpmn_BPD pPool namen
enforce domain uml_UCD aActornamen
where ap.containedNode?forAll(cnActivityR4(cn))

relation R4 // from Activities to Use Case
checkonly domain bpmn_BPD acActivity namen,
inPartitionap enforce domain uml_UCD
ucUseCase namen, subjectACTORS Set(Actor)
where ACTORS?including
(aActornameap.name)
Security Staff
13
C2P Checklist
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
C2P transformations
QVT Rules
Checklist
Refinement rules

• used to map each security requirement in subjects
  name and use cases

14
Checklist for Access Control
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions

• Access Control
• Preconditions Secure Role, and Permissions for
  the objects in the secure role scope
• Postconditions Secure role validated to access
  to resources, Permissions for the validated
  objects, and Audit Register (optional)
• Assign secure role to the pool, lane or group
• Validate the secure role. This task is divided
  into identify, authenticate and authorize the
  secure role
• Verify permissions for the objects in the secure
  role field. This implies a review of the
  permissions granted to the objects that are
  within the field of access control specification
• If the audit register has been specified, then
  the information related to the security role, the
  security permissions and the objects in the
  access control specification field must be stored

15
C2P Refinement Rules
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
C2P transformations
QVT Rules
Checklist
Refinement rules

• the aim is to complete the QVT rules by adding
• subject names
• group names
• main actor identification
• actor generalization and
• redundancies which have to be eliminated

16
Refinement Rules
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions

• RR1 Subject name (not related to security
  specification) is obtained from the business
  process name
• RR2 Subject name obtained from C2P-R5 must be
  complemented with the name of the BPMN-BPD
  element where security requirement has been
  specified
• RR3 Group Name is obtained by linking the Pool
  or Lane names where Group is contained
• RR4 Main Actor corresponds to the Pool, Lane or
  Group name where Start Event is present
• RR5 Actor Generalization is obtained from Pool
  and Lane
• RR6 Redundant specifications must be eliminated

17
Our Illustrative Example
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
18
Our Illustrative Example
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
19
Our Illustrative Example
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
20
Our Illustrative Example
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
21
Our Illustrative Example
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions
22
Conclusions
1. Introduction
2. Security in BP
Outline
3. Transformation
4. Example
5. Conclusions

• In our work we have gone beyond the business
  analysts perspective (CIM level), in relating
  security to more concrete models (PIM level)
  which are oriented to software construction
• The result has been a set of UML Use Cases which
  have been obtained from the SBP specification
  described with BPMN-BPD
• Such UML artifacts, together with SBP, can be
  used in the first stages of a consolidated
  software development process such as UP
• Future work is focused to enriching
  transformations to thus make it possible to
  achieve more complete Use Cases models

23
Thanks !!
5th International Conference on Business Process
Management 24-28 September 2007
BrisbaneAustralia

• Towards CIM to PIM transformation from Secure
  Business Processes defined by BPMN to Use Cases

Alfonso Rodríguez University of
Bio-Bio, Chile alfonso_at_ubiobio.cl
Eduardo Fernández-Medina and Mario
Piattini University of Castilla-La Mancha,
Spain Eduardo.FdezMedina, Mario.Piattini_at_uclm.e
s