Abstract
The Business Process Modeling Notation (BPMN) has become a broadly accepted standard for process modeling, but is mostly being used to express the normal execution flow of business processes. In some situations there is also a need to express threats and unwanted incidents on that same abstraction level, for example to show how deviations from normal process flow should be handled. Enriching BPMN with threat information enables a process-centric threat modeling approach that complements risk assessment and attack scenarios. Though there has been a substantial amount of work enhancing BPMN 1.x with security related information, the opportunities provided by version 2.0 have not received a lot of attention in the security community. This paper shows several options and the benefit of representing threats in BPMN 2.0 for design-time specification and runtime execution of composite services with dynamic behavior. Our goal is to avoid downtime and preserve the overall security and trustworthiness of the composite service in an ever-changing Internet of Services. We have included examples showing the use of error events, escalation events and text annotations for process, collaboration, choreography and conversion diagrams.