An Aspect-Oriented Approach to Enforce Security Properties in Business Processes

  • Inaya Yahya
  • Sameh Hbaieb Turki
  • Anis Charfi
  • Slim Kallel
  • Rafik Bouaziz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7759)


Security is an essential requirement for business processes. However, we observe that security is mostly addressed at the technical implementation level and not at the design level. In a previous work we motivated the need to address security already in business process modeling. In this paper, we show how one could use Aspect-Oriented Programming (AOP) to enforce security requirements in a modular way. Starting from a business process model where security requirements are expressed using a profile mechanism we generate AspectJ [1] code, which enforces those requirements. This generation is based on a set of Model-to-Text transformation rules. As security is a typical example for crosscutting concerns the usage of aspects allows for a modular implementation, in which the implementation of the business process is separated from the implementation of the security properties.


AOP security Web services Separation of concerns MDA 


  1. 1.
    Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An Overview of AspectJ. In: Lindskov Knudsen, J. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 327–353. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Charfi, A., Turki, S.H., Chaâbane, A., Bouaziz, R.: A model-driven approach to developing web service compositions based on BPMN4SOA. J. Reasoning-Based Intelligent Systems 3(3/4) (2011)Google Scholar
  3. 3.
    Object Management Group: Business Process Modeling Notation (BPMN) 2.0,
  4. 4.
    Turki, S.H., Bellaaj, F., Charfi, A., Bouaziz, R.: Modeling Security Requirements in Service Based Business Processes. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS 2012 and EMMSAD 2012. LNBIP, vol. 113, pp. 76–90. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
  6. 6.
    Chaâbane, A., Turki, S.H., Charfi, A., Bouaziz, R.: From Platform Independent Service Composition Models in BPMN4SOA to Executable Service Compositions. In: Proc. of iiWAS, France, pp. 653–656 (2010)Google Scholar
  7. 7.
    OMG.: UML: Superstructure version 2.0 (2005),
  8. 8.
    Nakamura, Y., Tatsubori, M., Imamura, T., Ono, K.: Model-driven security based on Web services security architecture. In: Proc. of SCC, Florida, USA, pp. 7–15 (2005)Google Scholar
  9. 9.
    Gallino, J.P.S., Miguel, M., Briones, J.F., Alejandro, A.: Domain-Specific Multi-Modeling of Security Concerns in Service-Oriented Architectures. In: Proc. of SCC, Washington, USA, pp. 761–762 (2011)Google Scholar
  10. 10.
    Menzel, M., Warschofsky, R., Meinel, C.: A Pattern-driven Generation of Security Policies for Service-oriented Architectures. In: Proc. of ICWS, Florida, USA, pp. 243–250 (2010)Google Scholar
  11. 11.
    Satoh, F., Nakamura, Y., Mukhi, K.N., Tatsubori, M., Ono, K.: Model-Driven Approach for End-to-End SOA Security Configurations. In: Non-Functional Properties in Service Oriented Architecture: Requirements, Models and Methods, ch. 12, pp. 269–298 (2011)Google Scholar
  12. 12.
    Rodriguez, A., Piattini, E.F.-M.M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. J. IEICE - Transactions on Information and Systems E90-D(4), 745–752 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Inaya Yahya
    • 1
  • Sameh Hbaieb Turki
    • 1
  • Anis Charfi
    • 2
  • Slim Kallel
    • 3
  • Rafik Bouaziz
    • 1
  1. 1.MIRACLUniversity of SfaxTunisia
  2. 2.SAP ResearchDarmstadtGermany
  3. 3.ReDCADUniversity of SfaxTunisia

Personalised recommendations