Business Process Compliance via Security Validation as a Service

by Luca Compagna, Pierre Guilleminot, and Achim D. Brucker

Cover for compagna.ea:bp-compliance:2013.Modern enterprise systems are often process-based, i. e., they allow for the direct execution of business processes that are specified in a high-level language such as BPMN. Moreover, modern enterprises need to comply to more and more security and compliance regulations. In this paper, we present a service based, called Security Validation as a Service (SVaaS) for validating the compliance of the business processes (BPs) during design-time. Basically, while modeling a BP the business analyst specifies as well the security and compliance requirements the BP should comply to. By pressing a button, these requirements are validated and the results are presented in a graphical format to the business analysis. At the core of SVaaS lies a rigorous and industrially viable approach in which the security validation business logic is handled server-side (SVaaS Server) in the Cloud, while the client-side user interface that business analysts use is handled by a light-weight (SVaaS Connector). As proof-of-concept we created a SVaaS prototype in which the SVaaS Server is deployed on the SAP NetWeaver Cloud and two SVaaS Connectors are built to enable two well-known BPM clients, SAP NetWeaver BPM and Activiti, to consume SVaaS against industrial relevant BPs.

Keywords: Validation, Security, Business Process Management
Categories: , ,
Documents: (full text as PDF file)

QR Code for compagna.ea:bp-compliance:2013.Please cite this article as follows:
Luca Compagna, Pierre Guilleminot, and Achim D. Brucker. Business Process Compliance via Security Validation as a Service. In IEEE Sixth International Conference on Software Testing, Verification and Validation (ICST). , pages 455-462, IEEE Computer Society, 2013.
Keywords: Validation, Security, Business Process Management
(full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1109/ICST.2013.63) (Share article on LinkedIn. Share article on CiteULike. )

BibTeX
@InProceedings{ compagna.ea:bp-compliance:2013,
abstract = {Modern enterprise systems are often process-based, i. e., they allow for the direct execution of business processes that are specified in a high-level language such as BPMN. Moreover, modern enterprises need to comply to more and more security and compliance regulations. In this paper, we present a service based, called Security Validation as a Service (SVaaS) for validating the compliance of the business processes (BPs) during design-time. Basically, while modeling a BP the business analyst specifies as well the security and compliance requirements the BP should comply to. By pressing a button, these requirements are validated and the results are presented in a graphical format to the business analysis. At the core of SVaaS lies a rigorous and industrially viable approach in which the security validation business logic is handled server-side (SVaaS Server) in the Cloud, while the client-side user interface that business analysts use is handled by a light-weight (SVaaS Connector). As proof-of-concept we created a SVaaS prototype in which the SVaaS Server is deployed on the SAP NetWeaver Cloud and two SVaaS Connectors are built to enable two well-known BPM clients, SAP NetWeaver BPM and Activiti, to consume SVaaS against industrial relevant BPs.},
address = {Los Alamitos, CA, USA},
author = {Luca Compagna and Pierre Guilleminot and Achim D. Brucker},
booktitle = {IEEE Sixth International Conference on Software Testing, Verification and Validation (ICST)},
doi = {10.1109/ICST.2013.63},
editor = {Manuel Oriol and John Penix},
isbn = {978-1-4673-5961-0},
keywords = {Validation, Security, Business Process Management},
language = {USenglish},
location = {Luxembourg},
pages = {455--462},
pdf = {https://www.brucker.ch/bibliography/download/2013/compagna.ea-bp-compliance-2013.pdf},
publisher = {IEEE Computer Society},
title = {Business Process Compliance via Security Validation as a Service},
url = {https://www.brucker.ch/bibliography/abstract/compagna.ea-bp-compliance-2013},
year = {2013},
}