From Secure Business Process Models to Secure Artifact-Centric Specifications