Today’s systems are socio-technical, they are composed of social (humans and organizations) and technical components that interact with one another to achieve objectives they cannot achieve on their own. Security is a central issue in socio-technical systems and cannot be tackled through technical mechanisms alone. Instead, it requires to enforce security policies over the procedures that specify how components of these systems operate and interact (i.e., business processes), and to correctly implement the business processes in the system-to-be.
The continuous evolution of socio-technical systems, to adapt to external changes, may result in business processes that do not enforce security. Thus, it is important to preserve security through a constant update of business processes and/or security policies, to avoid security issues that may result in loss of reputation or monetary sanctions. Yet, the creation of secure business processes is functional to the development of code that must follow the security properties specified in the processes. To this end, in we propose a SecBPMN2 to assist security engineers in maintaining secure business processes during socio-technical systems evolution and to create a secure implementation of such systems.
The software supports the editing of secure business processes with two graphical editors: one for SecBPMN2-ml, a modeling language for business processes; and another one for SecBPMN2-Q, a modeling language for security policies. Moreover, the software can be used to verify if security policies are enforced in business processes. For what concerns the creation of secure code, SecBPMN2 supports the automatic generation of River Definition Language code from SecBPMN2-ml business processes.
You can download SecBPMN2 directly from the plugin manager of STS-Tool, or download STS-Tool with the plugin already installed from the following list.
The manuals contain detailed instructions on how to use SecBPMN2 plugin. In particular, “SecBPMN2 Modeling Language” describes all concepts and graphical elements of SecBPMN2-ml and SecBPMN2-Q, while “SecBPMN2 plugin User Guide” describes how to create secure business processes and use the analysis software engine. “RDL plugin User Guide” contained a detailed description of how to generate River definition language source code.
In the files below, we provide a complete example of a STS-ml model, connected to SecBPMN2 diagrams and ready to generate RDL code. The first file is the STS-Tool project, the other files are the images of the STS-ml and SecBPMN2 diagrams, and the report automatically generated by STS-Tool.