A Domain-Specific Language for Modelling Security Objectives in a Business Process Models of SOA Applications

Abstract

Business process modelling is very crucial for enterprises because it give an idea how the business would be operated in the real world and it is important for every stakeholder. SOA is one of the most popular architecture for building Web Information Systems. In current SOA system development practices, security is not defined at the early phases of software development and left on the developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts, furthermore SOA security is cross-domain and all required information are not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on resulting SOA applications. Business process modelling is normally performed by the Business Process expert who is not a security expert. Furthermore current business process modelling languages like UML or BPMN do not support the specification of security requirements along the business process modelling. We have presented a DSL, to model the security requirements along the business process model. We are facilitating the Business Process expert to model the security in business process diagram. This security annotated business process model will facilitate the security expert in specifying concrete security implementation. As a proof of work the proposed DSL is applied to the modeling of a typical business process of “on-line student information system”.