15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

A Language for Modelling Secure Business Transactions

Alexander W. Roehm, roehm@wi-inf.uni-essen.de
Gaby Herrmann, herrmann@wi-inf.uni-essen.de
Guenther Pernul, pernul@wi-inf.uni-essen.de

Department of Information Systems, University of Essen,
Universitaetsstrasse 9, D-45141 Essen, Germany

Among other areas electronic commerce includes the fields of electronic markets and workflow management. Workflow management systems are usually used to specify and manage inter- and intra-organisational business processes. Although workflow management techniques are capable to specify and conduct at least parts of market transactions, these techniques are not or very rarely used for this purpose yet. In both fields users demand security and integrity to protect for example their privacy, their property rights or digital payments. To satisfy these security demands a variety of existing security services, mechanisms, protocols, and organisational measures are existent and may be used. At one hand side, to encourage using these techniques it is necessary to have a tool which enables a firm's executive to formulate market transactions security demands at a high abstraction level. On the other hand executing market transactions needs a more formal, machine readable description of the transaction and its security requirements. In this paper we present a methodology to specify secure protocols, which are usable to automatically conduct business processes as well as market transactions.