SSC4Cloud Tooling: An Integrated Environment for the Development of Business Processes with Security Requirements in the Cloud

Abstract

Cloud Computing, Business Process Modeling (BPM) and Service-oriented architectures (SOA) are playing a relevant role in the evolution of Information Technology (IT). A considerable number of system developers are using Cloud technologies to deploy and make available systems over the Internet. Business Process Management standards are being widely used to model business requirements. In addition, SOA-based systems are considered an interesting approach to execute high-level business process specifications. Based on the fact that business processes are executed, usually, using services available in network environments, security requirements should be considered, especially when dealing with sensitive data (e.g., credit card information or personal data). Despite the increasing need for specifying security mechanisms in web service compositions in the Cloud, this topic remains a challenge for many reasons, including the known difficulty of expressing security requirements at a business level and the enforcement of such requirements at an execution level in a cloud environment. This work presents an environment to collaboratively model business processes considering security requirements and to automatically deploy them in the Cloud with security requirements enforcement. The business process is realized through the utilization of web service composition. This environment consists of a set of tools to support the business process modeling and secure service composition execution in the Cloud. Security-related information can be shared among different users in the Cloud and used to enable the activation and configuration of security mechanisms. The proposed approach is showcased in a Virtual Travel Agency scenario to show its feasibility.