M. Zairi, Business process management: a boundaryless approach to modern competitiveness, Business Process Management Journal, vol.3, issue.1, p.6480, 1997.
DOI : 10.1108/14637159710161585

M. Zur-muehlen and M. Indulska, Modeling languages for business processes and business rules: A representational analysis, Information Systems, vol.35, issue.4, 2010.
DOI : 10.1016/j.is.2009.02.006

M. Weske, Business Process Management: Concepts, Languages, Architectures, 2007.
DOI : 10.1007/978-3-642-28616-2

J. Mendling, Metrics for Process Models: Empirical Foundations of Verication, Error Prediction and Guidelines for Correctness, of Lecture Notes in Business Information Processing (LNBIP), 2008.
DOI : 10.1007/978-3-540-89224-3

A. W. Scheer, ARIS -Business Process Modeling. 3 edn, 2000.
DOI : 10.1007/978-3-642-57108-4

M. E. Johnson and E. Goetz, Embedding Information Security into the Organization, IEEE Security & Privacy Magazine, vol.5, issue.3, 2007.
DOI : 10.1109/MSP.2007.59

M. Strembeck, Scenario-Driven Role Engineering, IEEE Security & Privacy Magazine, vol.8, issue.1, 2010.
DOI : 10.1109/MSP.2010.46

M. Leitner, Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges, 2011 Sixth International Conference on Availability, Reliability and Security, p.686691, 2011.
DOI : 10.1109/ARES.2011.107

M. Leitner, J. Mangler, and S. Rinderle-ma, SPRINT-Responsibilities: design and development of security policies in process-aware information systems, Ubiquitous Computing, and Dependable Applications (JoWUA), p.426, 2011.

C. Wolter, M. Menzel, and C. Meinel, Modelling security goals in business processes, LNI GI, vol.127, 2008.

M. Leitner, M. Miller, and S. Rinderle-ma, An Analysis and Evaluation of Security Aspects in the Business Process Model and Notation, 2013 International Conference on Availability, Reliability and Security, 2013.
DOI : 10.1109/ARES.2013.34

N. Russell, A. H. Hofstede, and D. Edmond, Workow Resource Patterns: Identication , Representation and Tool Support, Proceedings of the 17th Conference on Advanced Information Systems Engineering (CAiSE, 2005.
DOI : 10.1007/11431855_16

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

J. Mendling, J. Recker, and H. A. Reijers, On the Usage of Labels and Icons in Business Process Modeling, International Journal of Information System Modeling and Design, vol.1, issue.2, p.4058, 2010.
DOI : 10.4018/jismd.2010040103

N. Genon, P. Caire, H. Toussaint, P. Heymans, and D. Moody, Towards a More Semantically Transparent i* Visual Syntax, Requirements Engineering: Foundation for Software Quality. Number 7195 in Lecture Notes in Computer Science, p.140146, 2012.
DOI : 10.1007/978-3-642-28714-5_12

URL : https://hal.archives-ouvertes.fr/hal-00718136

D. Moody, The "physics" of notations, Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering, ICSE '10, p.779, 2009.
DOI : 10.1145/1810295.1810442

D. L. Moody, Theoretical and practical issues in evaluating the quality of conceptual models: current state and future directions, Data & Knowledge Engineering, vol.55, issue.3, p.243276, 2005.
DOI : 10.1016/j.datak.2004.12.005

A. F. Blackwell, Cognitive Dimensions of Notations: Design Tools for Cognitive Technology, Cognitive Technology: Instruments of Mind. Number 2117 in Lecture Notes in Computer Science, p.325341, 2001.
DOI : 10.1007/3-540-44617-6_31

T. Green, A. Blandford, L. Church, C. Roast, and S. Clarke, Cognitive dimensions: Achievements, new directions, and open questions, Journal of Visual Languages & Computing, vol.17, issue.4, p.328365, 2006.
DOI : 10.1016/j.jvlc.2006.04.004

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

J. Krogstie, G. Sindre, and H. Jørgensen, Process models representing knowledge for action: a revised quality framework, European Journal of Information Systems, vol.40, issue.5, p.91102, 2006.
DOI : 10.1145/253769.253801

N. Genon, P. Heymans, and D. Amyot, Analysing the cognitive eectiveness of the BPMN 2.0 visual notation, Software Language Engineering. Number 6563 in Lecture Notes in Computer Science, p.377396, 2011.

K. Figl, J. Mendling, M. Strembeck, and J. Recker, On the cognitive eectiveness of routing symbols in process modeling languages, Business Information Systems. Number 47 in Lecture Notes in Business Information Processing, p.230241, 2010.

T. Lodderstedt, D. Basin, and J. Doser, SecureUML: a UML-Based modeling language for model-driven security. In: UML 2002 The Unied Modeling Language, p.426441, 2002.
DOI : 10.1007/3-540-45800-x_33

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

B. Hoisl and M. Strembeck, Modeling support for condentiality and integrity of object ows in activity models, In: Business Information Systems, vol.87, p.278289, 2011.

G. Sindre, Mal-Activity Diagrams for Capturing Attacks on Business Processes, Proc. of the 13th International Working Conference on Requirement Engineering: Foundation for Software Quality, 2007.
DOI : 10.1007/978-3-540-73031-6_27

R. Shirey, Internet Security Glossary. Number 2828 in Request for Comments, IETF, 2000.
DOI : 10.17487/rfc2828

I. T. Council, Information technology -role based access control, 2004.

M. Petre, Why looking isn't always seeing: readership skills and graphical programming, Communications of the ACM, vol.38, issue.6, 1995.
DOI : 10.1145/203241.203251

T. Boren and J. Ramey, Thinking aloud: reconciling theory and practice, IEEE Transactions on Professional Communication, vol.43, issue.3, p.261278, 2000.
DOI : 10.1109/47.867942

M. Strembeck and J. Mendling, Modeling process-related RBAC models with extended UML activity models, Information and Software Technology, vol.53, issue.5, 2011.
DOI : 10.1016/j.infsof.2010.11.015

S. Schefer-wenzl and M. Strembeck, A UML Extension for Modeling Break-Glass Policies, Proc. of the 5th International Workshop on Enterprise Modelling and Information Systems Architectures (EMISA), 2012.

S. Schefer and M. Strembeck, Modeling Support for Delegating Roles, Tasks, and Duties in a Process-Related RBAC Context, Proc. of the International Workshop on Information Systems Security Engineering (WISSE), 2011.
DOI : 10.1145/937527.937530