JOINT WORKSHOP ON SECURITY IN BUSINESS PROCESSES
In conjunction with the 10th International Conference on Business Process Management (BPM 2012)
Despite the growing demand for compliant business processes, security and privacy incidents caused by erroneous workflow specifications are still omnipresent. In fact, often business process management and security issues stand out as separate silos, and are seldom addressed together towards the development of trustworthy, compliant business processes.
By combining the successful, past experiences of the First International Workshop on Alignment of the Business Process and Security Modelling (ABPSM'11) and WfSAC - BPM Workshop on Workflow Security Audit and Certification, this Joint Workshop on Security in Business Processes (SBP'12) wants to bring together researchers and practitioners interested in security management of business process models in process-aware information systems.
In particular, SBP'12 encourages innovative methods for workflow security audit and control along the entire business process lifecycle: from design time verification to online operational support and post-mortem analysis. Furthermore, it welcomes contributions beyond the strictly technical character, for instance those considering economic, legal and standardization issues.
Topics of interest include:
| 9:15-9:30 | Workshop opening | |
|---|---|---|
| 9:30-11:00 |
SESSION 1: Perspectives of Secure Business Processes
Chair: Raimundas Matulevicius |
|
| 9:30-10:25 | Keynote | A. Opdahl, Identifying and Visualising Dependability Concerns- Applications to Business Process Management |
| 10:25-11:00 | P1 |
A. Goldstein, U. Frank, A Language for Multi-Perspective Modelling of IT Security: Objectives and Analysis of Requirements
Discussants: authors of P5 and P2 |
| 11:00-11:30 | Break | |
| 11:30-13:00 |
SESSION 2: Security and Compliance
Chair: Wil van der Aalst |
|
| 11:30-12:05 | P2 |
D. Knuplesch, M. Reichert, J. Mangler, S. Rinderle-Ma, W. Fdhila, Towards Compliance of Cross-Organizational Processes and their Changes
Discussants: authors of P4 and P3 |
| 12:05-12:40 | P3 | A. D. Brucker, I. Hang, Secure and Compliant Implementation of Business Process-driven Systems Discussants: authors of P1 and P5 |
| 12:40-13:00 | P6 |
B. Depaire, J. Swinnen, M. Jans, K. Vanhoof, A Process Deviation Analysis Framework
Discussants: authors of P7 |
| 13:00-14:00 | Lunch | |
| 14:00-15:30 |
SESSION 3: Security and Internet Services
Chair: Niels Lohmann |
|
| 14:00-14:50 | Keynote | S. Heiberg, New Technologies for Democratic Elections |
| 14:50-15:10 | P7 |
D. Martinho, D. R. Ferreira, Securely Storing and Executing Business Processes in the Cloud
Discussants: authors of P9 |
| 15:10-15:30 | P8 |
M. Fonda, S. Moinard, C. Toinard, Advanced Protection of Workflow Sessions with SEWebSessions
Discussants: authors of P6 |
| 15:30-16:00 | Break | |
| 16:00-17:30 |
SESSION 4: Engineering Secure Business Processes
Chair: Rafael Accorsi |
|
| 16:00-16:35 | P4 |
A. Lehmann, N, Lohmann, Modeling Wizard for Confidential Business Processes
Discussants: authors of P3 and P1 |
| 16:35-17:10 | P5 |
I. Soomro, N. Ahmed, Towards Security Risk-oriented Misuse Cases
Discussants: authors of P2 and P4 |
| 17:10-17:30 | P9 |
M. Leitner, A. Baumgrass, S. Schefer-Wenzl, S. Rinderle- Ma, M. Strembeck, A Case Study on the Suitability of Process Mining to Produce Current-State RBAC Models
Discussants: authors of P8 |
| 17:30-17:45 | Workshop closing | |
The workshop will host two keynotes.
| Speaker | Prof. Andreas Opdahl, University of Bergen (Norway) |
| Title | Identifying and visualising dependability concerns - applications to business process management |
| Abstract | The project RecSeq - Requirements for Security (2009-2012) developed and evaluated techniques that can be used visualise security and other dependability concerns, such as safety, early in the planning of new information systems. A central concern was to allow inclusion of a variety of stakeholders, including non-ICT/non-security experts, in the requirements process. The talk will review the dependability requirements work done in ReqSec and highlight its relevance for the security of business processes. |
| Bio | Andreas L. Opdahl is Professor of Information Systems Development at the University of Bergen, Norway. He received his Ph.D. from the Norwegian University of Science and Technology in 1992. Opdahl is the author, co-author or co-editor of more than a hundred journal articles, book chapters, refereed archival conference papers and books. His research interests center around enterprise and IS modelling, requirements determination and software security. In the past, he has been the Organizer and/or Program Chair of conferences and workshops such as CAiSE, REFSQ, PoEM, FP-UML and RTEE. He is a member of IFIP WG5.8 on Enterprise Interoperability and WG8.1 on Design and Evaluation of Information Systems and of ACM, AIS and IEEE CS. He serves on the editorial/editorial review boards of journals such as J Database Management, Int J Interoperability of Business Information Systems, Int J Information System Modeling and Design and The Open Software Engineering J; as a reviewer for premier international journals, such as CACM, ISR, JAIS and ACM/IEEE transactions; and on the program committees of renowned international conferences and workshops. |
| Speaker | Sven Heiberg, Cybernetica (Estonia) |
| Title | New Technologies for Democratic Elections |
| Abstract | Estonia has implemented a specific form of electronic voting - internet voting - as a method to participate in various types of legally binding elections since 2005. In parliamentary elections held in 2011 the percentage of internet voters among all the voters was as high as 24.3%. In parallel to the rise of popularity, the amount of attempts to question the security or suitability of the internet voting increased. Today internet voting is not a niche-method anymore. Successful attacks against the method might have significant influence on the election results. In this evolved situation we have performed threat modeling and risk analysis of Estonian internet voting method. |
| Bio | Sven Heiberg is software architect from Cybernetica AS, Estonia and also works as a research fellow for the Software Technology and Applications Competence Centre. He has been one of the key developers of Estonian i-voting solution since 2003, he also has participated in projects to design i-voting solution for other governments. He and his colleagues were rewarded by the Estonian Academy of Sciences for their work to enable i-voting in Estonia in 2005. He received his MSc. in Computer Science from University of Tartu in 2002. |
Submitted manuscripts must be written in English and be no longer than 12 pages. They must be formatted using the LNBIP format and submitted as a PDF document to EasyChair website.
Submissions will be reviewed by at least three PC members based on their originality, significance, technical soundness and clarity of exposition. Submitted manuscripts must not substantially overlap manuscripts that have been published or that are simultaneously submitted to a conference with proceedings or a journal.
The workshop papers will be published by Springer as a post-workshop proceedings volume in the series Lecture Notes in Business Information Processing (LNBIP).
PC Chairs
Rafael Accorsi, University of Freiburg, Germany
Raimundas Matulevicius, University of Tartu, Estonia
Organization Chairs
Peter Karpati, Norwegian University of Science and Technology, Norway
Marco Montali, Free University of Bozen-Bolzano, Italy
Steering Chairs
Wil van der Aalst, Eindhoven University of Technology, the Netherlands
Guttorm Sindre, Norwegian University of Science and Technology, Norway