by Luca Compagna, Pierre Guilleminot, and Achim D. Brucker
Modern enterprise systems are often process-based, i. e., they allow for the direct execution of business processes that are specified in a high-level language such as BPMN. Moreover, modern enterprises need to comply to more and more security and compliance regulations. In this paper, we present a service based, called Security Validation as a Service (SVaaS) for validating the compliance of the business processes (BPs) during design-time. Basically, while modeling a BP the business analyst specifies as well the security and compliance requirements the BP should comply to. By pressing a button, these requirements are validated and the results are presented in a graphical format to the business analysis. At the core of SVaaS lies a rigorous and industrially viable approach in which the security validation business logic is handled server-side (SVaaS Server) in the Cloud, while the client-side user interface that business analysts use is handled by a light-weight (SVaaS Connector). As proof-of-concept we created a SVaaS prototype in which the SVaaS Server is deployed on the SAP NetWeaver Cloud and two SVaaS Connectors are built to enable two well-known BPM clients, SAP NetWeaver BPM and Activiti, to consume SVaaS against industrial relevant BPs.
Keywords: Validation, Security, Business Process Management
Categories: , ,
Documents: (full text as PDF file)
Please cite this article as follows:
Luca Compagna, Pierre Guilleminot, and Achim D. Brucker.
Business Process Compliance via Security Validation as a Service.
In IEEE Sixth International Conference on Software Testing, Verification and Validation (ICST). , pages 455-462, IEEE Computer Society, 2013.
Keywords: Validation, Security, Business Process Management
(full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1109/ICST.2013.63) (
abstract | = | {Modern enterprise systems are often process-based, i. e., they allow for the direct execution of business processes that are specified in a high-level language such as BPMN. Moreover, modern enterprises need to comply to more and more security and compliance regulations. In this paper, we present a service based, called Security Validation as a Service (SVaaS) for validating the compliance of the business processes (BPs) during design-time. Basically, while modeling a BP the business analyst specifies as well the security and compliance requirements the BP should comply to. By pressing a button, these requirements are validated and the results are presented in a graphical format to the business analysis. At the core of SVaaS lies a rigorous and industrially viable approach in which the security validation business logic is handled server-side (SVaaS Server) in the Cloud, while the client-side user interface that business analysts use is handled by a light-weight (SVaaS Connector). As proof-of-concept we created a SVaaS prototype in which the SVaaS Server is deployed on the SAP NetWeaver Cloud and two SVaaS Connectors are built to enable two well-known BPM clients, SAP NetWeaver BPM and Activiti, to consume SVaaS against industrial relevant BPs.}, | |
address | = | {Los Alamitos, CA, USA}, | |
author | = | {Luca Compagna and Pierre Guilleminot and Achim D. Brucker}, | |
booktitle | = | {IEEE Sixth International Conference on Software Testing, Verification and Validation (ICST)}, | |
doi | = | {10.1109/ICST.2013.63}, | |
editor | = | {Manuel Oriol and John Penix}, | |
isbn | = | {978-1-4673-5961-0}, | |
keywords | = | {Validation, Security, Business Process Management}, | |
language | = | {USenglish}, | |
location | = | {Luxembourg}, | |
pages | = | {455--462}, | |
= | {https://www.brucker.ch/bibliography/download/2013/compagna.ea-bp-compliance-2013.pdf}, | ||
publisher | = | {IEEE Computer Society}, | |
title | = | {Business Process Compliance via Security Validation as a Service}, | |
url | = | {https://www.brucker.ch/bibliography/abstract/compagna.ea-bp-compliance-2013}, | |
year | = | {2013}, |