Jump to ContentJump to Main Navigation
Show Summary Details
More options …

it - Information Technology

Methods and Applications of Informatics and Information Technology

Editor-in-Chief: Conrad, Stefan / Molitor, Paul

See all formats and pricing
More options …
Volume 55, Issue 6


Integrating Security Aspects into Business Process Models

Integration von Sicherheitsaspekten in Geschäftsprozessmodelle

Achim D. Brucker
Published Online: 2013-12-19 | DOI: https://doi.org/10.1515/itit.2013.2004


Modern enterprise systems are often process-driven and, thus, rely heavily on process-aware information systems. In such systems, high-level process-models play an important role both for communicating business requirements between domain experts and system experts as well as basis for the system implementation. Since several years, enterprise system need to fulfil an increasing number of the security and compliance requirements. Thus, there is an increasing demand for integrating high-level security and compliance requirements into process models, i. e. a common language for domain experts, system experts, and security experts. We present a security modelling language, called SecureBPMN, that can easily be integrated into business process modelling languages. In this paper, we exemplary integrate SecureBPMN into BPMN and, thus, present a common language for describing business process models together with their security and compliance requirements.


Moderne Unternehmensanwendungen müssen die Unternehmen dabei unterstützen, ihre Geschäftsprozesse effizient auszuführen. In solchen Anwendungen spielen abstrakte Geschäftsprozessmodelle eine zentrale Rolle. Die Geschäftsprozessmodelle werden für die Kommunikation zwischen Geschäfts- und IT-Experten genutzt und dienen darüber hinaus als Basis für die Implementierung der Unternehmensanwendungen. Seit einigen Jahren müssen Unternehmensanwendungen einer steigenden Anzahl von Sicherheits- und Compliance-Anforderungen genügen. Hieraus ergibt sich ein gesteigertes Bedürfnis nach der Integration von Sicherheits- und Compliance-Anforderungen in die Geschäftsprozessmodelle. In diesem Artikel stellen wir die Modellierungssprache SecureBPMN vor, welche es erlaubt, Sicherheitsanforderungen im Kontext von Geschäftsprozessmodelle zu spezifizieren.

Keywords: ACM CCS; Security and privacy; Formal methods and theory of security; Formal security models; ACM CCS; Applied computing; Enterprise computing; Business process management; Business process modeling; SecureBPMN; BPMN; Access Control; Confidentiality; Break-glass; Delegation

Schlagwörter: Sichere Geschäftsprozessmodelle; SecureBPMN; BPMN; Zugriffskontrolle; Vertraulichkeit; Break-glass; Delegation

About the article

Achim D. Brucker

Dr. Achim D. Brucker is a Senior Researcher and Project Lead in the “Product Security Research Team” as well as a member of the “Code Analysis Team” of SAP AG. His research interests include security, software engineering, and formal methods. In particular, he is interested in tools and methods for modelling, building, validating, and verifying secure and reliable systems. He also participates in the OCL standardisation process of the OMG. Further information can be found on his website: http://www.brucker.ch.

SAP AG, Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe, Germany +49-62-277-52595

Received: 2013-07-26

Published Online: 2013-12-19

Published in Print: 2013-12-01

Citation Information: it – Information Technology it – Information Technology, Volume 55, Issue 6, Pages 239–246, ISSN (Online) 2196-7032, ISSN (Print) 1611-2776, DOI: https://doi.org/10.1515/itit.2013.2004.

Export Citation

© 2013 by Walter de Gruyter Berlin Boston.Get Permission

Comments (0)

Please log in or register to comment.
Log in