{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T04:48:15Z","timestamp":1777610895187,"version":"3.51.4"},"reference-count":60,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T00:00:00Z","timestamp":1445817600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Softw Syst Model"],"published-print":{"date-parts":[[2017,7]]},"DOI":"10.1007\/s10270-015-0499-4","type":"journal-article","created":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T05:31:16Z","timestamp":1445837476000},"page":"737-757","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":39,"title":["Designing secure business processes with SecBPMN"],"prefix":"10.1007","volume":"16","author":[{"given":"Mattia","family":"Salnitri","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fabiano","family":"Dalpiaz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paolo","family":"Giorgini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,10,26]]},"reference":[{"key":"499_CR1","doi-asserted-by":"crossref","unstructured":"Atluri, V., Huang, W.: An extended Petri net model for supporting workflows in a multilevel secure environment. In: Samarati, P., Sandhu, R. (eds.) Database Security X: Status and Prospects, pp. 199\u2013216. Chapman and Hall, london (1996)","DOI":"10.1007\/978-0-387-35167-4_15"},{"key":"499_CR2","unstructured":"Awad, A.: BPMN-Q: a language to query business processes. In: EMISA, vol. P-119, pp. 115\u2013128 (2007)"},{"key":"499_CR3","unstructured":"Awad, A.: A Compliance Management Framework for Business Process Models. Ph.D. thesis (2010)"},{"key":"499_CR4","volume-title":"The Goal Question Metric Approach","author":"VR Basili","year":"1994","unstructured":"Basili, V.R., Caldiera, G., Rombach, D.H.: The Goal Question Metric Approach. Wiley, New York (1994)"},{"issue":"6","key":"499_CR5","doi-asserted-by":"crossref","first-page":"477","DOI":"10.1016\/j.is.2008.02.005","volume":"33","author":"C Beeri","year":"2008","unstructured":"Beeri, C., Eyal, A., Kamenkovich, S., Milo, T.: Querying business processes with BP-QL. Inf. Syst. 33(6), 477\u2013507 (2008)","journal-title":"Inf. Syst."},{"key":"499_CR6","doi-asserted-by":"crossref","unstructured":"Blanc, X., Mougenot, A., Mounier, I., Mens, T.: Incremental detection of model inconsistencies based on model operations. In: Proceedings of the CAiSE, pp. 32\u201346 (2009)","DOI":"10.1007\/978-3-642-02144-2_8"},{"key":"499_CR7","doi-asserted-by":"crossref","unstructured":"Brucker, A.D., Hang, I., L\u00fcckemeyer, G., Ruparel, R.: SecureBPMN: modeling and enforcing access control requirements in business processes. In: Proceedings of the SACMAT, pp. 123\u2013126 (2012)","DOI":"10.1145\/2295136.2295160"},{"key":"499_CR8","doi-asserted-by":"crossref","unstructured":"Cherdantseva, Y., Hilton, J.: A reference model of information assurance and security. In: Proceedings of the ARES, pp. 546\u2013555 (2013)","DOI":"10.1109\/ARES.2013.72"},{"key":"499_CR9","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-55481-0","volume-title":"Programming in PROLOG","author":"W Clocksin","year":"2003","unstructured":"Clocksin, W., Mellish, C.: Programming in PROLOG. Springer, Berlin (2003)"},{"issue":"1","key":"499_CR10","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s00766-011-0132-1","volume":"18","author":"F Dalpiaz","year":"2013","unstructured":"Dalpiaz, F., Giorgini, P., Mylopoulos, J.: Adaptive socio-technical systems: a requirements-driven approach. Requir. Eng. 18(1), 1\u201324 (2013)","journal-title":"Requir. Eng."},{"key":"499_CR11","doi-asserted-by":"crossref","unstructured":"Delfmann, P., Dietrich, H., Havel, J., Steinhorst, M.: A language-independent model query tool. In: Proceedings of the DESRIST, pp. 453\u2013457 (2014)","DOI":"10.1007\/978-3-319-06701-8_44"},{"key":"499_CR12","doi-asserted-by":"crossref","unstructured":"Deutch, D., Milo, T.: Querying structural and behavioral properties of business processes. In: Proceedings of the DPL, pp. 169\u2013185 (2007)","DOI":"10.1007\/978-3-540-75987-4_12"},{"key":"499_CR13","doi-asserted-by":"crossref","unstructured":"Dumas, M., Hofstede, A.H.M.: UML activity diagrams as a workflow specification language. In: Proceedings of the UML, pp. 76\u201390 (2001)","DOI":"10.1007\/3-540-45441-1_7"},{"key":"499_CR14","doi-asserted-by":"crossref","unstructured":"Emerson, E.A., Halpern, J.Y.: Decision procedures and expressiveness in the temporal logic of branching time. In: Proc. of STOC, pp. 169\u2013180 (1982)","DOI":"10.1145\/800070.802190"},{"key":"499_CR15","unstructured":"Federal Aviation Administration: SWIM ATM Case Study, last visited March 2014. http:\/\/www.faa.gov\/about\/office_org\/headquarters_offices\/ato\/service_units\/techops\/atc_comms_services\/swim\/ (2014)"},{"key":"499_CR16","unstructured":"Ferraiolo, D., Cugini, J., Richard\u00a0Kuhn, D.: Role-Based Access Control (RBAC): Features and Motivations In: Proceedings of 11th annual computer security application conference, pp. 241\u2013248 (1995)"},{"issue":"1","key":"499_CR17","doi-asserted-by":"crossref","first-page":"61","DOI":"10.5381\/jot.2004.3.1.c6","volume":"3","author":"D Firesmith","year":"2004","unstructured":"Firesmith, D.: Specifying reusable security requirements. J. Object Technol. 3(1), 61\u201375 (2004)","journal-title":"J. Object Technol."},{"key":"499_CR18","doi-asserted-by":"crossref","unstructured":"Ghose, A., Koliadis, G.: Auditing business process compliance. In: Proceedings of the ISOC, pp. 169\u2013180 (2007)","DOI":"10.1007\/978-3-540-74974-5_14"},{"issue":"5","key":"499_CR19","doi-asserted-by":"crossref","first-page":"806","DOI":"10.1108\/14637151011076485","volume":"16","author":"V Gruhn","year":"2010","unstructured":"Gruhn, V., Laue, R.: A heuristic method for detecting problems in business process models. Bus. Process Manag. J. 16(5), 806\u2013821 (2010)","journal-title":"Bus. Process Manag. J."},{"key":"499_CR20","doi-asserted-by":"crossref","unstructured":"Hofstede, A., Ouyang, C., La Rosa, M., Song, L., Wang, J., Polyvyanyy, A.: APQL: a process-model query language. In: Proceedings of the Asia-Pacific Business Process Management, vol. 159, pp. 23\u201338 (2013)","DOI":"10.1007\/978-3-319-02922-1_2"},{"key":"499_CR21","unstructured":"ISACA: An Introduction to the Business Model for Information Security. Technical report (2009). http:\/\/www.isaca.org\/Knowledge-Center\/Research\/Documents\/Introduction-to-the-Business-Model-for-Information-Security_res_Eng_0109.pdf"},{"issue":"2","key":"499_CR22","doi-asserted-by":"crossref","first-page":"618","DOI":"10.1016\/j.dss.2005.05.019","volume":"43","author":"A Josang","year":"2007","unstructured":"Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618\u2013644 (2007)","journal-title":"Decis. Support Syst."},{"key":"499_CR23","doi-asserted-by":"crossref","unstructured":"Jurjens, J.: UMLsec: extending UML for secure systems development. In: Proceedings of the UML, pp. 412\u2013425 (2002)","DOI":"10.1007\/3-540-45800-X_32"},{"key":"499_CR24","unstructured":"Kharbili, M.E., de Medeiros, A.K.A., Stein, S., van der Aalst, W.M.P.: Business process compliance checking: current state and future challenges. In: Loos, P., Nttgens, M., Turowski, K., Werth, D. (eds.) MobIS, LNI, vol. 141, pp. 107\u2013113. GI (2008)"},{"key":"499_CR25","doi-asserted-by":"crossref","unstructured":"Leitner, M., Miller, M., Rinderle-Ma, S.: An analysis and evaluation of security aspects in the business process model and notation. In: Proceedings of the ARES, pp. 262\u2013267 (2013)","DOI":"10.1109\/ARES.2013.34"},{"key":"499_CR26","doi-asserted-by":"crossref","unstructured":"Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems\u2014constitution, challenges, and future directions. Inf. Softw. Technol. 56(3), 273\u2013293 (2014)","DOI":"10.1016\/j.infsof.2013.12.004"},{"key":"499_CR27","doi-asserted-by":"crossref","unstructured":"Leitner, M., Schefer-Wenzl, S., Rinderle-Ma, S., Strembeck, M.: An experimental study on the design and modeling of security concepts in business processes. In: Proceedings of the PoEM, pp. 236\u2013250 (2013)","DOI":"10.1007\/978-3-642-41641-5_17"},{"key":"499_CR28","doi-asserted-by":"crossref","unstructured":"Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: source address validity enforcement protocol. In: Proceedings of the INFOCOM, vol. 3, pp. 1557\u20131566 (2002)","DOI":"10.1109\/INFCOM.2002.1019407"},{"issue":"2","key":"499_CR29","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/1237500.1237501","volume":"10","author":"N Li","year":"2007","unstructured":"Li, N., Tripunitara, M.V., Bizri, Z.: On mutually exclusive roles and separation-of-duty. ACM Trans. Inf. Syst. Secur. 10(2), 5 (2007)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"issue":"2","key":"499_CR30","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1147\/sj.462.0335","volume":"46","author":"Y Liu","year":"2007","unstructured":"Liu, Y., M\u00fcller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Syst. J. 46(2), 335\u2013361 (2007)","journal-title":"IBM Syst. J."},{"issue":"3","key":"499_CR31","first-page":"190","volume":"11","author":"M Mason","year":"2010","unstructured":"Mason, M.: Sample size and saturation in PhD studies using qualitative interviews. Forum Qual. Soc. Res. 11(3), 190\u2013197 (2010)","journal-title":"Forum Qual. Soc. Res."},{"key":"499_CR32","unstructured":"McCumber, J.: Information systems security: a comprehensive model. In: Proceedings of the NCSC (1991)"},{"key":"499_CR33","doi-asserted-by":"crossref","unstructured":"Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: Proceedings of the ARES, pp. 41\u201348 (2009)","DOI":"10.1109\/ARES.2009.90"},{"key":"499_CR34","first-page":"1667","volume":"27","author":"G Monakova","year":"2012","unstructured":"Monakova, G., Brucker, A.D., Schaad, A.: Security and safety of assets in business processes. Appl. Comput. 27, 1667\u20131673 (2012)","journal-title":"Appl. Comput."},{"key":"499_CR35","doi-asserted-by":"crossref","first-page":"756","DOI":"10.1109\/TSE.2009.67","volume":"35","author":"D Moody","year":"2009","unstructured":"Moody, D.: The physics of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35, 756\u2013779 (2009)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"499_CR36","unstructured":"OASIS: Web Services Business Process Execution Language. http:\/\/docs.oasis-open.org\/wsbpel\/2.0\/wsbpel-v2.0.html (2007)"},{"key":"499_CR37","unstructured":"OASIS: eXtensible Access Control Markup Language (XACML)Version 3.0. http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.html (2013)"},{"key":"499_CR38","unstructured":"OMG: BPMN 2.0. http:\/\/www.omg.org\/spec\/BPMN\/2.0 (2011)"},{"key":"499_CR39","unstructured":"OMG: Unified Modeling Language (UML), Infrastructure, V2.1.2. Technical report (2007). http:\/\/www.omg.org\/spec\/UML\/2.1.2\/Infrastructure\/PDF"},{"issue":"7","key":"499_CR40","first-page":"12","volume":"8","author":"D Parker","year":"2010","unstructured":"Parker, D.: Our excessively simplistic information security model and how to fix it. ISSA J. 8(7), 12\u201321 (2010)","journal-title":"ISSA J."},{"key":"499_CR41","volume-title":"Fighting Computer Crime\u2014A New Framework for Protecting Information","author":"DB Parker","year":"1998","unstructured":"Parker, D.B.: Fighting Computer Crime\u2014A New Framework for Protecting Information. Wiley, New York (1998)"},{"issue":"3","key":"499_CR42","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2753\/MIS0742-1222240302","volume":"24","author":"K Peffers","year":"2007","unstructured":"Peffers, K., Tuunanen, T., Rothenberger, M., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45\u201377 (2007)","journal-title":"J. Manag. Inf. Syst."},{"key":"499_CR43","doi-asserted-by":"crossref","unstructured":"Rasmussen, J.L., Singh, M.: Designing a security system by means of coloured Petri nets. In: Proceedings of the ICATPN, pp. 400\u2013419 (1996)","DOI":"10.1007\/3-540-61363-3_22"},{"issue":"4","key":"499_CR44","doi-asserted-by":"crossref","first-page":"745","DOI":"10.1093\/ietisy\/e90-d.4.745","volume":"90","author":"A Rodr\u00edguez","year":"2007","unstructured":"Rodr\u00edguez, A., Fern\u00e1ndez-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. 90(4), 745\u2013752 (2007)","journal-title":"IEICE Trans. Inf. Syst."},{"key":"499_CR45","doi-asserted-by":"crossref","unstructured":"Sadiq, S., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Proceedings of the BPM, pp. 149\u2013164 (2007)","DOI":"10.1007\/978-3-540-75183-0_12"},{"issue":"1","key":"499_CR46","first-page":"353","volume":"4","author":"M Saleem","year":"2012","unstructured":"Saleem, M., Jaafar, J., Hassan, M.: A domain-specific language for modelling security objectives in a business process models of SOA applications. Adv. Inf. Sci. Serv. Sci. 4(1), 353\u2013362 (2012)","journal-title":"Adv. Inf. Sci. Serv. Sci."},{"key":"499_CR47","doi-asserted-by":"crossref","unstructured":"Salnitri, M., Dalpiaz, F., Giorgini, P.: Aligning service-oriented architectures with security requirements. In: Proc. of OTM, pp. 232\u2013249 (2012)","DOI":"10.1007\/978-3-642-33606-5_15"},{"key":"499_CR48","doi-asserted-by":"crossref","unstructured":"Salnitri, M., Dalpiaz, F., Giorgini, P.: Modeling and verifying security policies in business processes. In Proceedings of the BPMDS, pp. 200\u2013214 (2014)","DOI":"10.1007\/978-3-662-43745-2_14"},{"key":"499_CR49","doi-asserted-by":"crossref","unstructured":"Salnitri, M., Giorgini, P.: Modeling and verification of ATM security policies with SecBPMN. In: Proceedings of the SHPCS (2014)","DOI":"10.1109\/HPCSim.2014.6903740"},{"key":"499_CR50","doi-asserted-by":"crossref","unstructured":"Samarati, P., Vimercati, S.: Access control: policies, models, and mechanisms. In: FOSAD, vol. 2171, pp. 137\u2013196 (2001)","DOI":"10.1007\/3-540-45608-2_3"},{"key":"499_CR51","unstructured":"Schmidt, R., Bartsch, C., Oberhauser, R.: Ontology-based representation of compliance requirements for service processes. In: Proceedings of the CEUR (2007)"},{"key":"499_CR52","unstructured":"SecBPMN Website: SecBPMN Website, last visited Sept 2014. http:\/\/www.secbpmn.disi.unitn.it (2014)"},{"key":"499_CR53","doi-asserted-by":"crossref","unstructured":"Simon, R., Zurko, M.: Separation of duty in role-based environments. In: Proceedings of the CSFW, pp. 183\u2013194 (1997)","DOI":"10.1109\/CSFW.1997.596811"},{"issue":"7","key":"499_CR54","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1145\/2209249.2209268","volume":"55","author":"I Sommerville","year":"2012","unstructured":"Sommerville, I., Cliff, D., Calinescu, R., Keen, J., Kelly, T., Kwiatkowska, M., Mcdermid, J., Paige, R.: Large-scale complex IT systems. Commun. ACM 55(7), 71\u201377 (2012)","journal-title":"Commun. ACM"},{"key":"499_CR55","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/j.jvlc.2010.11.004","volume":"22","author":"H St\u00f6rrle","year":"2011","unstructured":"St\u00f6rrle, H.: VMQL: a visual language for ad-hoc model querying. J. Vis. Lang. Comput. 22, 3\u201329 (2011)","journal-title":"J. Vis. Lang. Comput."},{"key":"499_CR56","unstructured":"The Apache Software Foundation: Apache Rampart website, last visited Aug 2014. http:\/\/axis.apache.org\/axis2\/java\/rampart\/ (2014)"},{"issue":"10","key":"499_CR57","doi-asserted-by":"crossref","first-page":"639","DOI":"10.1016\/S0950-5849(99)00016-6","volume":"41","author":"WMP Aalst van der","year":"1999","unstructured":"van der Aalst, W.M.P.: Formalization and verification of event-driven process chains. Inf. Softw. Technol. 41(10), 639\u2013650 (1999)","journal-title":"Inf. Softw. Technol."},{"key":"499_CR58","doi-asserted-by":"crossref","unstructured":"Wohlin, C., Runeson, P., H\u00f6st, M., Ohlsson, M.C., Regnell, B., Wessl\u00e8n, A.: Experimentation in Software Engineering: An Introduction. Kluwer Academic, Boston, MA (2000)","DOI":"10.1007\/978-1-4615-4625-2"},{"issue":"4","key":"499_CR59","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1016\/j.sysarc.2008.10.002","volume":"55","author":"C Wolter","year":"2009","unstructured":"Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. J. Syst. Archit. 55(4), 211\u2013223 (2009)","journal-title":"J. Syst. Archit."},{"key":"499_CR60","doi-asserted-by":"crossref","unstructured":"Wolter, C., Schaad, A.: Modeling of task-based authorization constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) Business Process Management. Lecture Notes in Computer Science, vol. 4714, pp. 64\u201379. Springer, Berlin (2007)","DOI":"10.1007\/978-3-540-75183-0_5"}],"container-title":["Software &amp; Systems Modeling"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-015-0499-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10270-015-0499-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-015-0499-4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-015-0499-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T04:12:25Z","timestamp":1748664745000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10270-015-0499-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10,26]]},"references-count":60,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2017,7]]}},"alternative-id":["499"],"URL":"https:\/\/doi.org\/10.1007\/s10270-015-0499-4","relation":{},"ISSN":["1619-1366","1619-1374"],"issn-type":[{"value":"1619-1366","type":"print"},{"value":"1619-1374","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,10,26]]}}}