March 19, 2014
SecBPMN, security policies matter!

SecBPMN is a framework aimed to help security designers in defining business processes with security concepts, security policies and permits to automatically verify if the security policies are satisfied by one or more business processes.
SecBPMN framework is composed by SecBPMN-ml modeling language, SecBPMN-Q query language and a software.

SecBPMN-ml is a modeling language which permits to model business process with security concepts as, for example, availability or authenticity. It is based on BPMN (Business Process Modeling and Notation) language and RMIAS, a comprehensive reference model on information assurance and security.

SecBPMN-Q is a query language which permits to model security policies. It is based on SecBPMN and BPMN-Q languages. The latter is a query languages based on BPMN which permits to create queries in terms of BPMN business processes.

SecBPMN software provides the following functionalities:
  • it provides an interface to create SecBPMN-ml and SecBPMN-Q models;
  • it verifies if a SecBPMN-Q security policy is satisfy by one or more SecBPMN-ml business process.


We are please to announce SecBPMN2, the extension of SecBPMN with BPMN 2.0 and new security annotations. You can read preliminary information on SecBPMN2 in Documentation Page.