Secure business process model specification through a UML 2.0 activity diagram profile

In this paper, we present an extension of UML 2.0 activity diagrams which will allow security requirements to be specified in business processes. Our proposal, denominated as BPSec (Business Process Security), is Model Driven Architecture compliant since it is possible to obtain a set of UML artifacts (Platform Independent Model‐PIM) used in software development from a Secure Business Process model specification (Computation Independent Model‐CIM). We also present the application of our approach to an example based on a typical health care institution, in which our M‐BPSec method is employed as a framework for the use of our UML extension. Business processes have become important resources, both for an enterprise's performance and to enable it to maintain its competitiveness. The languages used for business process representation have, in recent years, been improved and new notations have appeared. However, despite the wide acceptance of the importance of business process security, to date the business analyst perspective in relation to security has hardly been dealt with. Moreover, security requirements cannot be represented in modern business process modeling notations.