OPBUS (OPtimization BUsiness process Security) tool is a framework composed of different tools for automated risk management in business processes. OPBUS is ready to use solvers for the automated analyses in business processes.

OPBUS intends to integrate risk management into the Business Process Management (BPM) based on a Model-Driven Architecture (MDA) approach. The integration of BPM and risk management is aligned with the strategic objectives of”Integration of RM/RA with Operation Processes”; and “1.4 Secure, dependable and trusted infrastructures” defined by the European Network and Information Security Agency (ENISA) and European Commission 7th Framework Programme (7FP) in the ICT Trust and Security.


  • Business processes quality improvement.
  • Automatic generation of security-aware business processes solutions.


  • GMF-based plugin graphical editor with BPMN support.
  • Model validation in-line. Changes in validations are reflected on-the-fly in the editor.
  • Graphical annotation for risk evaluation.
  • Properties views to configure transformation and risk metrics.
  • Automatic transformation of models to constraint models. Changes in transformation templates are reflected on-the-fly in the editor.
  • Automatic evaluation of the models using constraint solvers. Easy integration with different CSP solvers in the market such as Comet, Choco or JaCOP.

OPBUS life-cycle

IDE tool:


  • Ecplise plug-in
  • BPMN Models
  • CSP Models


For more information please do not hesitate to contact in Ángel J. Varela, PhD.


[1]  A.J, Varela-Vaca, Rafael M. Gasca, “Towards the Automatic and Optimal Selection of Risk Treatments for Business Processes using a Constraint Programming Approach”, Information and Software Technology, Volume 55, Issue 11, Pages 1948–1973, ISSN 0950-5849, http://dx.doi.org/10.1016/j.infsof.2013.05.007. (JCR 2012: 1.522)

[2]  A.J. Varela-Vaca, Robert Warschofsky, Rafael M. Gasca, Sergio Pozo, C. Meinel ” A Security Pattern-Driven Approach Toward the Automation of Risk Treatment in Business Processeses“. 5th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2012). Ostrava, Czech Republic, 2012, Advances in Intelligent Systems and Computing, 2012, Volume 189, 13-23, DOI: 10.1007/978-3-642-33018-6_2.

[3] A.J. Varela-Vaca, Rafael M. Gasca and Sergio Pozo. “OPBUS: Risk-aware framework for the conformance of security-quality requirements in business processes“. International Conference on Security and Cryptography (SECRYPT 2011) . Seville, Spain. ISBN 978-989-8425-71-3. 2011.

[4] A.J. Varela-Vaca, Rafael M. Gasca, A. Jiminez-Ramirez. “A Model-Driven Engineering approach with Diagnosis of Non-Conformance of Security Objectives in Business Process Models“. 5th IEEE International Conference on Research Challenges in Information Science (RCIS 2011). Guadalopue, France, ISBN 978-1-4244-8671-7. 2011

[5] A. J. Varela- Vaca, Rafael M. Gasca, L. Parody: “OPBUS: Automating Structural Fault Diagnosis for Graphical Models in the Design of Business Processes“. 21th International Workshop in Principles of Diagnosis (DX’10). Portland, Oregon, USA. ISBN: 978-1-936263-02-8. 2010.