An Analysis and Evaluation of Security Aspects in the Business Process Model and Notation

Enhancing existing business process modeling languages with security concepts has attracted increased attention in research and several graphical notations and symbols have been proposed. How these extensions can be comprehended by users has not been evaluated yet. However, the comprehensibility of security concepts integrated within business process models is of utmost importance for many purposes such as communication, training, and later automation within a process-aware information system. If users do not understand the security concepts, this might lead to restricted acceptance or even misinterpretation and possible security problems in the sequel. In this paper, we evaluate existing security extensions of Business Process Model and Notation (BPMN) as BPMN constitutes the de facto standard in business modeling languages nowadays. The evaluation is conducted along two lines, i.e., a literature study and a survey. The findings of both evaluations identify shortcomings and open questions of existing approaches. This will yield the basis to convey security-related information within business process models in a comprehensible way and consequently, unleash the full effects of security modeling in business processes.