Security related BPMN-extensions for RPA

  • 1 Vilnius Gediminas Technical University, Lithviania


Direct Robotic process automation (RPA) has received a lot of attention because of the increasing demand for solutions to improve the efficiency of business processes in an organization. With RPA, organizations can develop robots that automate a large number of processes. However, despite its relevance, RPA is a relatively young field and many of its concepts remain open to discussion. One of the primary tasks in creating a robot is the identification of threats at the design stage, which reduces the number of possible attacks, identifying vulnerabilities, thereby increasing the security of the robot itself. The increasing use of RPA-based solutions in mission-critical systems has created a need and interest in assessing their threats. The foundation for successful creation, launch and use of a secure RPA-based solution would be application of classical design techniques and evaluating the risks on all SDLC cycle stages. But in order to perform this appropriate tools taking into consideration the specific nuances of the domain area are needed. BPMN notation, used for describing business processes can be seen as a good candidate for designing RPA solutions. However, BPMN is not able to cover the description of all aspects in the robot process, namely, issues related to the specifics of RPA security remain unaccounted for. This study analyses business process notation (BPMN) as a modelling tool for the design of automated processes in RPA, proposes an approach for defining securityrelated extensions of BPMN using its own extension mechanism, that can be used for risk analysis on different SDLC stages.



  1. Y. Cherdantseva, Ph.D. Thesis, Cardiff University, Wales, UK, Secure* BPMN—a Graphical Extension for BPMN 2.0 Based on a Reference Model of Information Assurance & Security, (2014)
  2. Kurylets A., Goranin N., Threat modeling in RPA-Based systems., DOI, 10.15388/DAMSS.13.2022. ISBN, 9786090707944, (2022)
  3. Kurylets, A., Goranin, N., Security Ontology OntoSecRPA for Robotic Process Automation Domain, Appl. Sci. 2023, 13, 5568, (2023)

Article full text

Download PDF