Abstract: When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development. A crucial part of SOA-based business process design is the ability to define security properties for the service invocations. Thus, a business process modeling tool must provide appropriate models and capabilities to specify these properties on a semantical level in order to automatically create technical realizations at the implementation layer. In this paper, we outline a model-driven approach for adding security properties to a business process model. The approach consists of a security model...