Secure and Compliant Implementation of Business Process-driven Systems

by Achim D. Brucker and Isabelle Hang

Cover for brucker.ea:secure:2012.Today's businesses are inherently process-driven. Consequently, the use of business-process driven systems, usually implemented on top of service-oriented or cloud-based infrastructures, is increasing. At the same time, the demand on the security, privacy, and compliance of such systems is increasing as well. As a result, the costs-with respect to computational effort at runtime as well as financial costs-for operating business-process driven systems increase steadily.

In this paper, we present a method for statically checking the security and conformance of the system implementation, eg, on the source code level, to requirements specified on the business process level. As the compliance is statically guaranteed-already at design-time-this method reduces the number of run-time checks for ensuring the security and compliance and, thus, improves the runtime performances. Moreover, it reduces the costs of system audits, as there is no need for analyzing the generated log files for validating the compliance to the properties that are already statically guaranteed.

Keywords: Business Process Security, Secure Service Tasks, BPMN, Static Program Analysis
Categories: ,
Documents: (full text as PDF file) (slides) (handout)

QR Code for brucker.ea:secure:2012.Please cite this article as follows:
Achim D. Brucker and Isabelle Hang. Secure and Compliant Implementation of Business Process-driven Systems. In Joint Workshop on Security in Business Processes (SBP). Lecture Notes in Business Information Processing (LNBIP), 132, pages 662-674, Springer-Verlag, 2012.
Keywords: Business Process Security, Secure Service Tasks, BPMN, Static Program Analysis
(full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-642-36285-9_66) (Share article on LinkedIn. Share article on CiteULike. )

BibTeX
@InProceedings{ brucker.ea:secure:2012,
abstract = {Today's businesses are inherently process-driven. Consequently, the use of business-process driven systems, usually implemented on top of \emph{service-oriented} or \emph{cloud-based} infrastructures, is increasing. At the same time, the demand on the security, privacy, and compliance of such systems is increasing as well. As a result, the costs---with respect to computational effort at runtime as well as financial costs---for operating business-process driven systems increase steadily.\\\\In this paper, we present a method for statically checking the security and conformance of the system implementation, \eg, on the source code level, to requirements specified on the business process level. As the compliance is statically guaranteed---already at design-time---this method reduces the number of run-time checks for ensuring the security and compliance and, thus, improves the runtime performances. Moreover, it reduces the costs of system audits, as there is no need for analyzing the generated log files for validating the compliance to the properties that are already statically guaranteed.},
address = {Heidelberg},
author = {Achim D. Brucker and Isabelle Hang},
booktitle = {Joint Workshop on Security in Business Processes (SBP)},
doi = {10.1007/978-3-642-36285-9_66},
editor = {Marcello La Rosa and Pnina Soffer},
keywords = {Business Process Security, Secure Service Tasks, BPMN, Static Program Analysis},
language = {USenglish},
pages = {662--674},
pdf = {https://www.brucker.ch/bibliography/download/2012/brucker.ea-secure-2012.pdf},
publisher = {Springer-Verlag},
series = {Lecture Notes in Business Information Processing (LNBIP)},
talk = {talk:brucker.ea:secure:2012},
title = {Secure and Compliant Implementation of Business Process-driven Systems},
url = {https://www.brucker.ch/bibliography/abstract/brucker.ea-secure-2012},
volume = {132},
year = {2012},
}