SeCloudBPMN: A Lightweight Extension for BPMN Considering Security Threats in the Cloud

Business processes are crucial for organizations and
help businesses to evaluate and optimize their performance and
processes against current and future-state business goals. Outsourcing
business processes to the cloud becomes popular due to a wide
varsity of benefits and cost-saving. However, cloud outsourcing raises
enterprise data security concerns, which must be incorporated in
Business Process Model and Notation (BPMN). This paper, presents
SeCloudBPMN, a lightweight extension for BPMN which extends the
BPMN to explicitly support the security threats in the cloud as an
outsourcing environment. SeCloudBPMN helps business’s security
experts to outsource business processes to the cloud considering
different threats from inside and outside the cloud. In this way,
appropriate security countermeasures could be considered to preserve
data security in business processes outsourcing to the cloud.

Authors:

• Somayeh Sobati Moghadam

Keywords:

• BPMN
• security threats
• cloud computing
• graphical representation.

References:

[1] S. Sobati-Moghadam and A. Fayoumi, “Private collaborative business
benchmarking in the cloud,” in Computing Conference 2018. London,
UK. IEEE Xplore, 2018.
[2] E. Shi, J. Bethencourt, T.-H. Chan, D. Song, and A. Perrig,
“Multi-dimensional range query over encrypted data,” in Security and
Privacy, 2007. SP’07. IEEE Symposium on. IEEE, 2007, pp. 350–364.
[3] E. Damiani, S. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and
P. Samarati, “Key management for multi-user encrypted databases,”
in Proceedings of the 2005 ACM workshop on Storage security and
survivability. ACM, 2005, pp. 74–83.
[4] OMG, Business Process Model and Notation (BPMN), Version 2.0,
Object Management Group Std., Rev. 2.0, January 2011. [Online].
Available: http://www.omg.org/spec/BPMN/2.0
[5] M. Rekik, K. Boukadi, and H. Ben-Abdallah, “Towards outsource-ability
enabled BPMN,” in ICSOFT-EA 2015 - Proceedings of the
10th International Conference on Software Engineering and
Applications, France, 20-22 July,, 2015, pp. 5–14. [Online]. Available:
https://doi.org/10.5220/0005513500050014
[6] Y. Alotaibi, “Business process modelling challenges and solutions:
a literature review,” Journal of Intelligent Manufacturing,
vol. 27, no. 4, pp. 701–723, Aug 2016. [Online]. Available:
https://doi.org/10.1007/s10845-014-0917-4
[7] A. Goldstein and U. Frank, “A language for multi-perspective modelling
of it security: Objectives and analysis of requirements,” in Business
Process Management Workshops, M. La Rosa and P. Soffer, Eds. Berlin,
Heidelberg: Springer Berlin Heidelberg, 2013, pp. 636–648.
[8] T. Neubauer, M. Klemen, and S. Biffl, “Secure business process
management: A roadmap,” in Proceedings of First International
Conference on Availability, Reliability and Security, ARES, 2006.
[9] D.-H. Yang, S. Kim, C. Nam, and J.-W. Min, “Developing a
decision model for business process outsourcing,” Comput. Oper. Res.,
vol. 34, no. 12, pp. 3769–3778, Dec. 2007. [Online]. Available:
http://dx.doi.org/10.1016/j.cor.2006.01.012
[10] S. Sobati-M, J. Darmont, and G. Gavin, “Enforcing privacy in
cloud databases,” in Big Data Analytics and Knowledge Discovery -
19th International Conference, DaWaK 2017, Lyon, France, August
28-31, 2017, Proceedings, ser. Lecture Notes in Computer Science,
L. Bellatreche and S. Chakravarthy, Eds., vol. 10440. Springer, 2017,
pp. 53–73.