Non-functional concerns such as security are essential in business process management and in service based realizations of business processes. Many works and efforts addressed these concerns on the service layer by developing a number of XML-based standards such as WS-Security and other WS-* standards. However, there are non-functional properties that are on the business process layer and need therefore to be specified in business process models. We notice nevertheless that current business process modeling languages lack appropriate means for specifying non-functional properties such as security for example. In this paper, we present a model driven approach for the development of service based business processes which supports both functional and non functional concerns. We also introduce the concept of profiles to BPMN in analogy to UML Profiles. Based on that, we present a BPMN profile to specify security properties in business process models and illustrate its usage through an example.


Business Process Modeling BPMN Security Non-functional properties 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Object Management Group.: Business Process Modeling Notation (BPMN) 2.0,
  2. 2.
    Charfi, A., Schmeling, B., Heizenreder, A., Mezini, M.: Reliable, Secure and Transacted Web Service Composition with AO4BPEL. In: 4th IEEE European Conference on Web Services (ECOWS), pp. 23–34. IEEE Computer Society (2006)Google Scholar
  3. 3.
    Chris, K., Anthony, N.: Web Services Security Policy Language (WS-SecurityPolicy) Version 1.1 (July 2005),
  4. 4.
    OASIS. Web Services Security: SOAP Message Security 1.0 (2004),
  5. 5.
    Wolter, C., Schaad, A.: Modeling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64–79. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Mulle, J., Von Stackelberg, S., Bohm, K.: A Security Language for BPMN Process Models. Karlsruhe Reports in Informatics, KIT, pp. 2190 – 4782 (2011)Google Scholar
  7. 7.
    Rodriguez, A., Piattini, E.F.-M.M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. J. IEICE - Transactions on Information and Systems E90-D(4), 745–752 (2007)CrossRefGoogle Scholar
  8. 8.
    Rodríguez, A., Fernández-Medina, E., Piattini, M.: Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 51–61. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Proc. GI Modellierung. LNI, vol. 127, pp. 197–212. GI (2008)Google Scholar
  10. 10.
    Hafner, M., Berthold Agreiter, R.B.: SECTET: an extensible framework for the realization of secure inter-organizational workflows. Internet Research 16(5), 491–506 (2006)CrossRefGoogle Scholar
  11. 11.
    OMG: MDA Guide Version 1.0.1 (2003),
  12. 12.
    OMG: Unified Modeling Language: Superstructure version 2.0 UML/2.0/ (2005),
  13. 13.
    Charfi, A., Turki, S.H., Chaâbane, A., Bouaziz, R.: A model-driven approach to developing web service compositions based on BPMN4SOA. J. Reasoning-based Intelligent Systems 3(3/4) (2011)Google Scholar
  14. 14.
    SOA Tools Plattform Project,
  15. 15.
    Kallel, S., Charfi, A., Mezini, M., Jmaiel, M., Klose, K.: From Formal Access Control Policies to Runtime Enforcement Aspects. In: Massacci, F., Redwine Jr., S.T., Zannone, N. (eds.) ESSoS 2009. LNCS, vol. 5429, pp. 16–31. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Saleem, M.Q., Jaafar, J., Hassan, M.F.: Model-based Security Engineering of SOA System Using Security Intent DSL. J. New Computer Architectures and Their Applications (IJNCAA), The Society of Digital Information and Wireless Communications 1(3), 565–580 (2011) ISSN: 2220-9085Google Scholar
  17. 17.
    Rodríguez, A., Fernández-Medina, E., Piattini, M.: Security Requirement with a UML 2.0 Profile. In: First International Conference on Availability, Reliability and Security, p. 8. IEEE Computer Society (2006)Google Scholar
  18. 18.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)Google Scholar
  19. 19.
    Menzel, M., Thomas, I., Meinel, C.: Security Requirements Specification in Service-Oriented Business Process Management. In: 7th IEEE International Conference on Availability, Reliability and Security, pp. 41–48. IEEE Xplore, Prague (2009)CrossRefGoogle Scholar
  20. 20.
    Souza, A.R.R., Silva, B.L.B., Lins, F.A.A., Damasceno, J.C., Rosa, N.S., Maciel, P.R.M., Medeiros, R.W.A., Stephenson, B., Motahari-Nezhad, H.R., Li, J., Northfleet, C.: Incorporating Security Requirements into Service Composition: From Modelling to Execution. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 373–388. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Chaâbane, A., Turki, S.H., Charfi, A., Bouaziz, R.: From Platform Independent Service Composition Models in BPMN4SOA to Executable Service Compositions. In: 12th International Conference on Information Integration and Web-based Applications & Services (iiWAS 2010), pp. 653–656 (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Sameh Hbaieb Turki
    • 1
  • Farah Bellaaj
    • 1
  • Anis Charfi
    • 2
  • Rafik Bouaziz
    • 1
  1. 1.MIRACL LaboratoryUniversity of SfaxTunisia
  2. 2.SAP Research CECDarmstadtGermany

Personalised recommendations